Solved

Cisco 892 wont NATsh

Posted on 2011-03-17
6
1,124 Views
Last Modified: 2012-05-11
My 892 is not natting...My HQ Backup is connected to my Core Switch with a 199.129.156.1address

Is there something else that I am missing?


CISCO 892 ROUTER
HQ_BACKUP_CONNECTION_ROUTER#show run
Building configuration...

Current configuration : 6487 bytes
!
! Last configuration change at 15:30:45 EST Thu Mar 17 2011 by coxma
!
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname HQ_BACKUP_CONNECTION_ROUTER
!
boot-start-marker
boot-end-marker
!
aaa new-model
!
!
aaa authentication password-prompt "Enter local password:"
aaa authentication username-prompt "Enter local username:"
aaa authentication login default local group tacacs+
aaa authentication enable default enable group tacacs+
aaa authorization console
aaa authorization exec default local group tacacs+
aaa authorization network default local group tacacs+
!
!
!
!
!
aaa session-id common
!
!
!
clock timezone EST -5
clock summer-time EST recurring
!
crypto pki trustpoint TP-self-signed-92435657
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-92435657
 revocation-check none
 rsakeypair TP-self-signed-92435657
!
!

ip source-route
!
!
!
!
ip cef
ip domain 
ip name-server 199.129.247.145
ip name-server 199.129.207.34
no ipv6 cef
!
!
multilink bundle-name authenticated
license udi pid CISCO892-K9 sn FHK145170ME
!
!
archive
 log config
  hidekeys
!
!
!
!
!
!
!
!
!
interface Loopback0
 no ip address
 !
!
interface BRI0
 no ip address
 encapsulation hdlc
 shutdown
 isdn termination multidrop
 !
!
interface FastEthernet0
 shutdown
 !
!
interface FastEthernet1
 !
!
interface FastEthernet2
 !
!
interface FastEthernet3
 !
!
interface FastEthernet4
 !
!
interface FastEthernet5
 !
!
interface FastEthernet6
 !
!
interface FastEthernet7
 !
!
interface FastEthernet8
 description CONNECTION_TO_NEW_EDGE
 ip address 10.10.1.2 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
 !
!
interface GigabitEthernet0
 description CONNECTION_TO_HQ_Core
 ip address 199.129.156.2 255.255.255.0
 ip virtual-reassembly
 ip nat outside 
duplex full
 speed 100
 !
!
interface Vlan1
 no ip address
 !
!
interface Vlan5
 ip address 199.129.205.170 255.255.255.0
 !
!
ip forward-protocol nd
ip http server
ip http access-class 5
ip http authentication aaa
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip flow-export version 5
ip flow-export destination 199.129.206.88 2055
!
ip nat log translations syslog
ip nat pool BacUp 199.129.156.3 199.129.156.254 netmask 255.255.255.0
ip nat source list 7 pool BacUp
ip route 0.0.0.0 0.0.0.0 199.129.156.1
ip route 10.10.0.0 255.255.0.0 10.10.1.1
ip route 199.129.0.0 255.255.0.0 199.129.156.1
!
access-list 5 permit 199.129.0.0 0.0.255.255
access-list 5 permit 10.0.0.0 0.255.255.255
access-list 5 deny   any
access-list 6 permit 199.129.0.0 0.0.255.255
access-list 6 permit 10.0.0.0 0.255.255.255
access-list 6 deny   any
access-list 7 permit 10.10.0.0 0.0.255.255
!
!
!
!
snmp-server community C0mm$$l@nw@n RO 6
snmp-server community Kw2004R!pe@c RW 6
snmp-server community public-y9M5&e#U-h RO 6
snmp-server community private-5Ebrewr@XA RW 6
snmp-server enable traps tty
snmp-server host 199.129.206.14 C0mm$$l@nw@n
snmp-server host 199.129.206.88 C0mm$$l@nw@n
snmp-server host 199.129.206.96 Kw2004R!pe@c
snmp-server host 199.129.208.103 Kw2004R!pe@c
!
tacacs-server host 199.129.247.180
tacacs-server host 199.129.208.10
tacacs-server directed-request
tacacs-server key 7 12170453565B59142B6F60
!
control-plane
 !
!
!
line con 0
line aux 0
 speed 38400
line vty 0 4
 access-class 5 in
 privilege level 15
 login authentication local
 transport input ssh
line vty 5 15
 access-class 5 in
 privilege level 15
 login authentication local
 transport input ssh
!
scheduler max-task-time 5000
scheduler allocate 20000 1000
ntp access-group peer 7
ntp server 199.129.247.145
ntp server 199.129.207.34
end
=================================================
Router 2 Cisco 1841


OMS363560#show run
Building configuration...

Current configuration : 2526 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname _OMS363560
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
logging buffered 10000
!
no aaa new-model
dot11 syslog
ip source-route
!
!
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!

archive
 log config
  hidekeys
!
!
!
!
!
!
class-map match-any C5_QUEUE
 match  dscp cs5
 match  dscp ef
 match  dscp cs6
 match  dscp cs7
 match ip precedence 5
class-map match-any C4_QUEUE
 match  dscp cs4
 match  dscp af41
 match  dscp af42
 match  dscp af43
 match ip precedence 4
class-map match-any C1_QUEUE
 match  dscp cs1
 match  dscp af11
 match  dscp af12
 match  dscp af13
 match ip precedence 1
class-map match-any C3_QUEUE
 match  dscp cs3
 match  dscp af31
 match  dscp af32
 match  dscp af33
 match ip precedence 3
class-map match-any C2_QUEUE
 match  dscp cs2
 match  dscp af21
 match  dscp af22
 match  dscp af23
 match ip precedence 2
!
!
policy-map QUEUE
 description Product 4
 class C2_QUEUE
    bandwidth percent 5
 class C3_QUEUE
    bandwidth percent 15
 class C4_QUEUE
    bandwidth percent 40
 class C5_QUEUE
    priority percent 15
 class class-default
    fair-queue
!
!
!
!
interface FastEthernet0/0
 ip address 10.10.1.1 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address 172.30.228.14 255.255.255.252
 speed 100
 full-duplex
 service-policy output QUEUE
!
router ospf 4589
 router-id 10.10.1.1
 log-adjacency-changes
 passive-interface default
 no passive-interface FastEthernet0/0
 network 10.10.1.0 0.0.0.255 area 0
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 172.30.228.13
ip route 10.10.230.0 255.255.255.0 172.30.228.13
ip route 10.10.250.0 255.255.255.0 172.30.228.13
ip route 172.30.255.0 255.255.255.0 172.30.228.13
ip route 199.129.0.0 255.255.0.0 10.10.1.2
no ip http server
no ip http secure-server
!
!
!
logging trap notifications
!
!
!
!
!
snmp-server view noSysOr internet included
snmp-server view noSysOr ip excluded
snmp-server view noSysOr system.9 excluded
snmp-server community th3l04n3r view noSysOr RO
snmp-server community 79joliet view noSysOr RO
snmp-server location New Edge Networks
snmp-server contact noc@newedgenetworks.com
snmp-server enable traps tty
!
control-plane
!
!
!
line con 0
 login local
line aux 0
line vty 0 4
 login local
!
scheduler allocate 20000 1000
end

Open in new window

0
Comment
Question by:mlc1971
  • 4
  • 2
6 Comments
 
LVL 35

Accepted Solution

by:
Ernie Beek earned 500 total points
Comment Utility
I'm missing something like:
ip nat inside source list 1 interface GigabitEthernet0 overload
access-list 1 permit 10.10.1.0 255.255.255.0
0
 

Author Comment

by:mlc1971
Comment Utility
Ok I see where I left off a key word

i changed  from
ip nat source list 7 pool BacUp
 
changed to
ip nat inside source list 7 pool BacUp
........

but I still can't ping from router 2 to my core switch 199.129.156.1  ??
0
 
LVL 35

Expert Comment

by:Ernie Beek
Comment Utility
Crosspost ;)
0
Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

 

Author Comment

by:mlc1971
Comment Utility
Preview  
  [x] Attachment Details  
   
   

Ok...I am able to NAT (thanks ernie) but my pings are intermittent from Router 2, any ideas??


Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 199.129.156.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
OMS363560#ping 199.129.156.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 199.129.156.1, timeout is 2 seconds:
..!!!
Success rate is 60 percent (3/5), round-trip min/avg/max = 1/1/1 ms
USDA_OMS363560#ping 199.129.156.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 199.129.156.1, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/1 ms
USDA_OMS363560#ping 199.129.156.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 199.129.156.1, timeout is 2 seconds:
....!
Success rate is 20 percent (1/5), round-trip min/avg/max = 1/1/1 ms
USDA_OMS363560#ping 199.129.156.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 199.129.156.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
USDA_OMS363560#ping 199.129.156.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 199.129.156.1, timeout is 2 seconds:
...!!
Success rate is 40 percent (2/5), round-trip min/avg/max = 1/1/1 ms
USDA_OMS363560#ping 199.129.156.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 199.129.156.1, timeout is 2 seconds
0
 
LVL 35

Expert Comment

by:Ernie Beek
Comment Utility
Mm,

I was trying to have a look at the configs again but it looks like this web page is messed up. Do you have the same issue?
I'll try back again later.
0
 
LVL 35

Expert Comment

by:Ernie Beek
Comment Utility
So, It's fixed? Also the timeouts ?
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

In a WLAN, anything you broadcast over the air can be intercepted.  By default a wireless network is wide open to all until security is configured. Even when security is configured information can still be intercepted! It is very important that you …
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now