[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 833
  • Last Modified:

NAT configuration not working on Cisco 2651 Router. Its not translating.

I am trying to set up a Cisco 2651 to do a simple NAT. I have 3 interfaces. Interface 1 (Public), Interface 2 (Internal) and Interface 3 (Internal). I'd like to NAT a two public addresses provided by my ISP to internal devices sitting on Interface 2 and Interface 3 respectively.  I have configured the router as best as I can. I have attaced network capture devices on both internal ports and see not traffic coming being NAT'ed to the Internal devices. I also turned on debugging for NAT and there is not activity. However, 'show ip NAT statistics' tells me I have 2 active translations, which are my static NAT's.

From a computer on my public interface I am able to ping the NAT'ed public ip address and get a response..however, its not the device on the inside its the router. I can tell by the ttl value and I don't see the request in the packet capture on the device.
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Blah
!

!
ip subnet-zero
no ip routing
!
!
no ip domain-lookup
!
!
!
!
interface FastEthernet0/0
 description Internal1
 ip address 172.18.0.1 255.255.0.0
 ip nat inside
 no ip route-cache
 no ip mroute-cache
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description Internal2
 ip address 172.20.0.1 255.255.0.0
 ip nat inside
 no ip route-cache
 no ip mroute-cache
 speed auto
 full-duplex
!
interface Ethernet1/0
 description ExternalPublic
 ip address 64.3Y.XXX.126 255.255.255.0
 ip nat outside
 no ip route-cache
 no ip mroute-cache
 full-duplex
!
ip default-gateway 64.3Y.XXX.1
ip nat inside source static 172.20.0.2 64.3Y.XXX.121
ip nat inside source static 172.18.0.2 64.3Y.XXX.122
ip classless
ip route 172.18.0.0 255.255.0.0 FastEthernet0/0
ip route 172.20.0.0 255.255.0.0 FastEthernet0/1
no ip http server
ip pim bidir-enable
!
access-list 10 deny   172.20.0.0 0.0.0.255
access-list 10 permit any
access-list 11 deny   172.18.0.0 0.0.0.255
access-list 11 permit any

!
line con 0
 logging synchronous
line aux 0
line vty 0 4
 login local
 transport input none
!
end

Open in new window

0
CompL-3
Asked:
CompL-3
2 Solutions
 
rochey2009Commented:
the config looks ok.

Is there a service that your running on the devices that you can connect to from the outside so that you can test to see if it is working?
0
 
Rick_at_ptscintiCommented:
You need to add an access group to your outside interface:

interface Ethernet1/0
 description ExternalPublic
ip access-group 12 in

Then define what type of traffic you want to allow to pass.

access-list 12 permit tcp any host  172.20.0.2 eq www
0
 
memo_tntCommented:
hi

since the local network is directly connected to the local interfaces
there is need for another route for that networks

so remove the following two routes

ip route 172.18.0.0 255.255.0.0 FastEthernet0/0
ip route 172.20.0.0 255.255.0.0 FastEthernet0/1

and add a default route instead

ip route 0.0.0.0 0.0.0.0 Ethernet1/0



0
 
Greg_ArnoldCommented:
You need a default route, but doing ip route 0.0.0.0 0.0.0.0 E1/0 isn't going to work.

Try adding ip route 0.0.0.0 0.0.0.0 64.3Y.XXX.1

You don't need any access lists at all to get it to work.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now