Solved

Cisco MWR1941 PAT (NAT overload)

Posted on 2009-07-14
6
1,036 Views
Last Modified: 2012-05-07
I am trying to get PAT (NAT overloading) to work on a recent purchase I have made...the Cisco MWR1941 router. I have gotten this to work before using an 871w with the same ISP and the same LAN credentials but for some reason the IOS/configuration is being finicky this time around. I have included the configuration information that is needed to figure out my problem.

This router has two interfaces: FastEthernet0/0 and FastEthernet0/1

Here is what currently happens:
* From the router console I can ping any Internet address, resolve hosts, etc. I can also ping each interface address and every computer that I have on my LAN (connected through a switch).
*From any PC on the LAN I can ping the gateway (FA0/0 interface) and also can ping the Router's WAN interface (FA0/1).

Here's what doesn't happen:
* Getting beyond the WAN interface from the LAN

The fact that I am able to ping the WAN ip but not my router's next hop (eg. its gateway) boggles me. Things are mostly working but not quite. Are there any suggestions on what I should be looking at?
!

redundancy

  mode y-cable

!

ip subnet-zero

!

!

!

ip dhcp pool lake

   import all

   network 10.10.10.0 255.255.255.0

   dns-server 167.206.245.11 167.206.245.129 

   default-router 10.10.10.254 

   lease 0 1

!

!

!

!

interface FastEthernet0/0

 ip address 10.10.10.254 255.255.255.0

 ip nat inside

 duplex auto

 speed auto

!

interface FastEthernet0/1

 ip address dhcp

 ip nat outside

 duplex auto

 speed auto

 no cdp enable

!

ip nat log translations syslog

ip nat translation timeout 120

ip nat translation tcp-timeout 120

ip nat translation udp-timeout 120

ip nat inside source list 101 interface FastEthernet0/1 overload

no ip http server

ip classless

ip route 0.0.0.0 0.0.0.0 FastEthernet0/1

!

!

!

access-list 101 permit ip any any

!

Open in new window

0
Comment
Question by:ajr9166
  • 2
  • 2
6 Comments
 
LVL 7

Expert Comment

by:blue-screen
Comment Utility
- What version IOS code?

- What does "show ip nat translations" show?

Looks perfect.  Maybe there is some bug with DHCP assigned outisde addresses and NAT.  That is the only thing approaching unusual.

Also, using an extended access lists is unusual.  It *should* work, but try with a simple access list, e.g.

access-list 5 permit ip any

and then use source-list 5.

If that works I think you found a bug.
0
 
LVL 12

Expert Comment

by:Faruk Onder Yerli
Comment Utility
plese delete below string. DHCP will assign default route for you.
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1

Also please change Access-list as below.
access-list 101 permit ip 10.10.10.0 0.0.0.255 any

NAT will start to work.


0
 
LVL 1

Author Comment

by:ajr9166
Comment Utility
Here is some information I have gathered after playing this morning.

IOS Version from show version:
---
IOS (tm) 1900 Software (MWR1900-I-M), Version 12.2(15)MC2a, RELEASE SOFTWARE (fc1)
---
New issue with no static route (manually configured) and new access-list configuration. I cannot ping the WAN interface on the router from my internal LAN:
---
Pinging 68.196.208.1 with 32 bytes of data:

Reply from 10.10.10.254: Destination net unreachable.
Reply from 10.10.10.254: Destination net unreachable.
Reply from 10.10.10.254: Destination net unreachable.
Reply from 10.10.10.254: Destination net unreachable.

Ping statistics for 68.196.208.1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
---

I have removed the ip route 0.0.0.0 0.0.0.0... line. I have also tried both access-list suggestions mentioned above (101 and 5). However, under 101 I do not get any results under "sh ip nat translations" so I have stuck with the 5 rule, modified as "access-list 5 permit 10.10.10.0 any. This does give results under "sh ip nat translations."

I don't specifically remember, but I am pretty sure I cannot ping any Internet IP from the Router and I certainly cannot ping any LAN IP except for the LAN gateway (LAN interface on the router). I have a feeling this is due to me removing the "ip route ..." line even though a "sh ip rout" DOES show the default gateway being configured properly via DHCP.
0
 
LVL 12

Assisted Solution

by:Faruk Onder Yerli
Faruk Onder Yerli earned 125 total points
Comment Utility
did you close and open fast ethernet 1 interface. it will take itself  after delete static and restart interface.

you must see 0.0.0.0 network when your write "sh ip route" command.
0
 
LVL 7

Accepted Solution

by:
blue-screen earned 125 total points
Comment Utility
Apparently,  you should REMOVE all static routes and then reset the interface (shut/no shut or initiate a DHCP renewal), and then DHCP will install the learned DHCP default route with an admin distance of 254 (all other overlapping  static routes will override it).

As a last resort: you can learn that default router IP address from the provider for the default gateway, even in a DHCP scenario.  Find out that IP address and set

ip route 0.0.0.0 0.0.0.0 x.x.x.x

You can also find it out by attaching a PC to the cable modem and seeing the assigned default gateway.
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Join & Write a Comment

In a WLAN, anything you broadcast over the air can be intercepted.  By default a wireless network is wide open to all until security is configured. Even when security is configured information can still be intercepted! It is very important that you …
I have seen some questions on problems with SSH/telnet access to Cisco routers that may occur despite the fact that from a PC connected to your LAN, Internet connectivity is in place and users can access Internet sites without any issues.  There are…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now