?
Solved

cisco 1941 NAT issue

Posted on 2011-10-11
8
Medium Priority
?
1,033 Views
Last Modified: 2012-05-12
Hi All,
Please take a look at my configuration on cisco 1941 series integrated service router. I'm using it for NAT pretty much (overkill for sure, I know).

Synopsys: Nat does not seems to work. I have one laptop directly connected to GE0/1 and its NIC is set to 192.168.0.112/24; My other computer directly connect to GE0/0 and its NIC set to 10.0.100.12/24. I cannot ping my computer set to 192.168.0.112  which is supposed to NAT to 10.0.100.2 from GE0/0. No switches or firewalls in line. software firewalls are turned off. I've pasted config below. Please help; I know it has to be something simple.
Do I need a switch between both computers and each interface?
Thanks in advance for your help!

#show run
Building configuration...

Current configuration : 1000 bytes
!
! Last configuration change at 22:57:09 UTC Tue Oct 11 2011
! NVRAM config last updated at 22:57:12 UTC Tue Oct 11 2011
! NVRAM config last updated at 22:57:12 UTC Tue Oct 11 2011
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
no ipv6 cef
ip source-route
ip cef
!
!
!
!
!
multilink bundle-name authenticated
!
crypto pki token default removal timeout 0
!
!
license udi pid CISCO1941/K9 sn FTX153883TY
!
!
username admin privilege 15 password 0 000000000
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
 no ip address
 shutdown
!
interface GigabitEthernet0/0
 ip address 10.0.1100.20 255.255.255.0
 ip nat outside
 no ip virtual-reassembly in
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 ip address 192.168.0.111 255.255.255.0
 ip nat inside
 no ip virtual-reassembly in
 duplex auto
 speed auto
!
ip forward-protocol nd
!
ip http server
no ip http secure-server
!
ip nat inside source static 192.168.0.112 10.0.100.2
ip nat inside source static 192.168.0.113 10.0.100.3
ip nat inside source static 192.168.0.114 10.0.100.4
ip nat inside source static 192.168.0.115 10.0.100.5
ip nat inside source static 192.168.0.116 10.0.100.6
ip nat inside source static 192.168.0.119 10.0.100.7
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1
ip route 0.0.0.0 0.0.0.0 10.0.100.1
!
!
!
!
control-plane
!
!
!
line con 0
 password 000000000
 login
line aux 0
line 2
 no activation-character
 no exec
 transport preferred none
 transport input all
 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line vty 0 4
 password word 000000000
 login
 transport input all
!
scheduler allocate 20000 1000
end
0
Comment
Question by:MikeG299
  • 6
  • 2
8 Comments
 

Author Comment

by:MikeG299
ID: 36953085
I setup the same configuration on a cisco 1841 router and NAT is working just fine. Was able to setup a computer on inside INT and another computer on outside INT. I could ping NAT translated computer on inside INT. Not sure what i'm doing wrong with 1941 router as it is still new to me. Any help would be great
Here is 1841 configuration:

testrouter>en
testrouter#show run
Building configuration...

Current configuration : 1130 bytes
!
! Last configuration change at 00:04:14 UTC Wed Oct 12 2011
!
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname testrouter
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip source-route
!
!
!
!
ip cef
multilink bundle-name authenticated
!
!
license udi pid CISCO1841 sn FTX143880ZU
!
!
!
!
!
!
interface FastEthernet0/0
 ip address 10.0.100.20 255.255.255.0
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address 192.168.0.111 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
!
ip forward-protocol nd
!
!
no ip http server
ip nat inside source static 192.168.0.112 10.0.100.2
ip nat inside source static 192.168.0.113 10.0.100.3
ip nat inside source static 192.168.0.114 10.0.100.4
ip nat inside source static 192.168.0.114 10.0.100.4
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1
ip route 0.0.0.0 0.0.0.0 10.0.100.1
!
!
!
control-plane
!
!
line con 0
 password 000000000
 login
line aux 0
line vty 0 4
 password 000000000
 login
!
scheduler allocate 20000 1000
end
0
 
LVL 2

Accepted Solution

by:
simplejack earned 1000 total points
ID: 36954812
Don't use interface in ip route statement - it's a really bad thing to do which can cause a lot of problems.

no ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0
no ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1
no ip nat inside source static 192.168.0.112 10.0.100.2
no ip nat inside source static 192.168.0.113 10.0.100.3
no ip nat inside source static 192.168.0.114 10.0.100.4
no ip nat inside source static 192.168.0.115 10.0.100.5
no ip nat inside source static 192.168.0.116 10.0.100.6
no ip nat inside source static 192.168.0.119 10.0.100.7
access-list 10 permit 192.168.0.0 0.0.0.255
ip nat pool NATPOOL 10.0.100.12 10.0.100.12 netmask 255.255.255.0
ip nat inside source list 10 pool WANPOOL overload

Open in new window


if you need to publish a port (connect to port @ nat outside interface to access some server behind nat) just do
ip nat inside source static tcp 192.168.0.2 25 10.0.100.12 25 extendable

Open in new window

0
 

Author Comment

by:MikeG299
ID: 36956953
Thanks SimpleJack,
I changed configuration based on what you've directed above. I still cannot ping 10.0.100.2 from outside interface. This is why I thought I would need this line: ip nat inside source static 192.168.0.112 10.0.100.2.

Thoughts. Again, thanks for the help!
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 
LVL 2

Expert Comment

by:simplejack
ID: 36960390
Just to make it clear. Are you trying to do

ping 10.0.100.2 source gi0/0 

Open in new window


from you router with no luck and 10.0.100.0/24 is directly connected?  Quite strange. Please show me result of

show ip route

Open in new window


command.
0
 

Author Comment

by:MikeG299
ID: 36963738
When I type show ip route, response is gateway of last resort is not set.
0
 

Author Comment

by:MikeG299
ID: 36963757
it works when I put static ip route entries in. At that point, I'm able to ping 10.0.100.2 which translates to internal 192.168.0.112.
thoughts?
0
 

Author Comment

by:MikeG299
ID: 36963768
also, I'm attempting to ping from a computer connected to gi0/0 setup as 10.0.100.10, not from the router. When static NAT entry is in place: ip nat inside source static 192.168.0.112 10.0.100.2, I can ping from computer connected to gi0/0 just fine.
0
 

Author Closing Comment

by:MikeG299
ID: 36972309
Solved the problem finally. After hours of troubleshooting we finally figured out that the service providers router had an ARP table with old mac addresses, thus not allowing traffice. Once power cycled, NAT translation could resume. Thanks for all the help!

Thanks again, your answer was correct all along.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
In this article, we’ll look at how to deploy ProxySQL.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question