Cisco MWR1941 PAT (NAT overload)

I am trying to get PAT (NAT overloading) to work on a recent purchase I have made...the Cisco MWR1941 router. I have gotten this to work before using an 871w with the same ISP and the same LAN credentials but for some reason the IOS/configuration is being finicky this time around. I have included the configuration information that is needed to figure out my problem.

This router has two interfaces: FastEthernet0/0 and FastEthernet0/1

Here is what currently happens:
* From the router console I can ping any Internet address, resolve hosts, etc. I can also ping each interface address and every computer that I have on my LAN (connected through a switch).
*From any PC on the LAN I can ping the gateway (FA0/0 interface) and also can ping the Router's WAN interface (FA0/1).

Here's what doesn't happen:
* Getting beyond the WAN interface from the LAN

The fact that I am able to ping the WAN ip but not my router's next hop (eg. its gateway) boggles me. Things are mostly working but not quite. Are there any suggestions on what I should be looking at?
!
redundancy
  mode y-cable
!
ip subnet-zero
!
!
!
ip dhcp pool lake
   import all
   network 10.10.10.0 255.255.255.0
   dns-server 167.206.245.11 167.206.245.129 
   default-router 10.10.10.254 
   lease 0 1
!
!
!
!
interface FastEthernet0/0
 ip address 10.10.10.254 255.255.255.0
 ip nat inside
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address dhcp
 ip nat outside
 duplex auto
 speed auto
 no cdp enable
!
ip nat log translations syslog
ip nat translation timeout 120
ip nat translation tcp-timeout 120
ip nat translation udp-timeout 120
ip nat inside source list 101 interface FastEthernet0/1 overload
no ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1
!
!
!
access-list 101 permit ip any any
!

Open in new window

LVL 1
ajr9166Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

blue-screenCommented:
- What version IOS code?

- What does "show ip nat translations" show?

Looks perfect.  Maybe there is some bug with DHCP assigned outisde addresses and NAT.  That is the only thing approaching unusual.

Also, using an extended access lists is unusual.  It *should* work, but try with a simple access list, e.g.

access-list 5 permit ip any

and then use source-list 5.

If that works I think you found a bug.
0
Faruk Onder YerliOwnerCommented:
plese delete below string. DHCP will assign default route for you.
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1

Also please change Access-list as below.
access-list 101 permit ip 10.10.10.0 0.0.0.255 any

NAT will start to work.


0
ajr9166Author Commented:
Here is some information I have gathered after playing this morning.

IOS Version from show version:
---
IOS (tm) 1900 Software (MWR1900-I-M), Version 12.2(15)MC2a, RELEASE SOFTWARE (fc1)
---
New issue with no static route (manually configured) and new access-list configuration. I cannot ping the WAN interface on the router from my internal LAN:
---
Pinging 68.196.208.1 with 32 bytes of data:

Reply from 10.10.10.254: Destination net unreachable.
Reply from 10.10.10.254: Destination net unreachable.
Reply from 10.10.10.254: Destination net unreachable.
Reply from 10.10.10.254: Destination net unreachable.

Ping statistics for 68.196.208.1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
---

I have removed the ip route 0.0.0.0 0.0.0.0... line. I have also tried both access-list suggestions mentioned above (101 and 5). However, under 101 I do not get any results under "sh ip nat translations" so I have stuck with the 5 rule, modified as "access-list 5 permit 10.10.10.0 any. This does give results under "sh ip nat translations."

I don't specifically remember, but I am pretty sure I cannot ping any Internet IP from the Router and I certainly cannot ping any LAN IP except for the LAN gateway (LAN interface on the router). I have a feeling this is due to me removing the "ip route ..." line even though a "sh ip rout" DOES show the default gateway being configured properly via DHCP.
0
Faruk Onder YerliOwnerCommented:
did you close and open fast ethernet 1 interface. it will take itself  after delete static and restart interface.

you must see 0.0.0.0 network when your write "sh ip route" command.
0
blue-screenCommented:
Apparently,  you should REMOVE all static routes and then reset the interface (shut/no shut or initiate a DHCP renewal), and then DHCP will install the learned DHCP default route with an admin distance of 254 (all other overlapping  static routes will override it).

As a last resort: you can learn that default router IP address from the provider for the default gateway, even in a DHCP scenario.  Find out that IP address and set

ip route 0.0.0.0 0.0.0.0 x.x.x.x

You can also find it out by attaching a PC to the cable modem and seeing the assigned default gateway.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.