Calling all cisco experts. 2514 NAT setup

F

Flagg

Limp Gawd
Joined
Mar 12, 2001
Messages
266
I recently was able to borrow a 2514 from a friend of mine, and am using it to practice for CCNA. I upgraded the software to 12.1.6 IP/FW. I am trying to get it to function as a NAT box (start simple) but am having a royal pain. I can ping my internal LAN (eth1) but externally i cannot ping anything (eth0) I have posted my config in the hopes that someone will catch what I am doing wrong. I am using cisco's configmaker

!
service timestamps debug uptime
service timestamps log uptime
service password-encryption
no service tcp-small-servers
no service udp-small-servers
!
hostname myroute
!
enable password *******
!
no ip name-server
!
ip subnet-zero
no ip domain-lookup
ip routing
!
interface Ethernet 0
no shutdown
description connected to Internet
ip address xxx.yyy.zzz.151 255.255.255.0
ip nat outside
keepalive 10
!
interface Ethernet 1
no shutdown
description connected to EthernetLAN
ip address 192.168.1.25 255.255.255.0
ip nat inside
keepalive 10
!
interface Serial 0
no description
no ip address
ip nat inside
shutdown
!
interface Serial 1
no description
no ip address
ip nat inside
shutdown
!
! Access Control List 1
!
no access-list 1
access-list 1 permit 192.168.1.0 0.0.0.255
!
! Dynamic NAT
!
ip nat translation timeout 86400
ip nat translation tcp-timeout 86400
ip nat translation udp-timeout 300
ip nat translation dns-timeout 60
ip nat translation finrst-timeout 60
ip nat inside source list 1 interface Ethernet 0 overload
!
router rip
version 2
network 192.168.1.0
passive-interface Ethernet 0
no auto-summary
!
!
ip classless
!
! IP Static Routes
ip route 0.0.0.0 0.0.0.0 Ethernet 0
no ip http server
snmp-server community public RO
no snmp-server location
no snmp-server contact
!
line console 0
exec-timeout 0 0
password ******
login
!
line vty 0 4
password ******
login
!
end
 
Looks like maybe you need an IP NAT POOL command and an IP NAT INSIDE SOURCE LIST command in there somewhere.

Take a look here for an example:
Code: 
www. cisco .com/en/US/products/hw/routers/ps221/products_configuration_guide_chapter09186a008007cd02.html
Note that this is for a 1700 series router, but I bet the commands are the same.

Argh - the link is too long and wraps - cut and paste the text above, deleting the blanks I added.
 
I have tried it both way. W/ IP Pool and with the way shown above. I can't seem to get either way to wrk
 
Here is my running config. Everything works perfectly. Hope this helps.

Adam

Code: 
Current configuration : 1810 bytes
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname beta
!
boot-start-marker
boot-end-marker
!
enable secret
!
no aaa new-model
ip subnet-zero
!
!
ip audit notify log
ip audit po max-events 100
ip ssh break-string
no ftp-server write-enable
!
!
!
no crypto isakmp enable
!
!
!
!
interface Ethernet0
 ip address 192.168.1.1 255.255.255.0
 ip nat inside
 ip route-cache flow
 hold-queue 100 out
!
interface Ethernet1
 ip address xxx.xxx.xxx.78 255.255.255.252
 ip nat outside
 duplex auto
!
ip nat translation timeout 900
ip nat translation tcp-timeout 900
ip nat inside source list 1 interface Ethernet1 overload
ip nat inside source static tcp 192.168.1.2 20 xxx.xxx.xxx.78 20 extendable
ip nat inside source static tcp 192.168.1.2 21 xxx.xxx.xxx.78 21 extendable
ip nat inside source static tcp 192.168.1.2 80 xxx.xxx.xxx.78 80 extendable
ip nat inside source static tcp 192.168.1.2 81 xxx.xxx.xxx.78 81 extendable
ip nat inside source static tcp 192.168.1.2 82 xxx.xxx.xxx.78 82 extendable
ip nat inside source static tcp 192.168.1.2 3389 xxx.xxx.xxx.78 3389 extendable
ip nat inside source static tcp 192.168.1.2 8080 xxx.xxx.xxx.78 8080 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 12.150.72.77
ip http server
no ip http secure-server
ip flow-export destination 192.168.1.2 8081
!
!
access-list 1 permit 192.168.1.0 0.0.0.255
snmp-server community public RO
snmp-server enable traps tty
!
control-plane
!
!
line con 0
 no modem enable
 transport preferred all
 transport output all
line aux 0
 transport preferred all
 transport output all
line vty 0 4
 password xxxxxx
 login
 transport preferred all
 transport input all
 transport output all
!
scheduler max-task-time 5000
!
end
 
interface Ethernet1
ip address xxx.xxx.xxx.78 255.255.255.252
ip nat outside
duplex auto


I am assuming this is your ISP, (or maybe corp. lan?) how do you know that your subnetted? Or is this the subnet mask they gave you to use?
 
ip address xxx.xxx.xxx.78 is the IP address my ISP gave me and 255.255.255.252 is the subnet given to me by my ISP.

Hope this helps, Adam
 
if you're studying for ur ccna (640-801), NAT isn't even covered. i think it's covered in the ccnp though.
 
That is correct. I am only just playing around with nat, just started ccnp1 :)
 
It should work but sometimes you need to specify the default route as the actual next hop IP address instead of the interface.

I know, I know, but the TAC has had me change this very thing more than once and it magically seems to start functioning. You have nothing to lose that a reboot won't cure.

I just reread it. You can't ping your gateway externally even from the router? I believe you should be able to do that regardless. Try removing the nat statements and see if you can ping the external gateway then.
 
I am a retard. I got so wrapped up in learning/configuring the cisco that it didn't occur to me, to check the IP that was assigned to me. I replaced the new IP with my old in my PC, and whadda ya know, no internet access. :mad: I have a customer service email to my ISP to fix that. With regards to routing, should it be kept as RIP or changed to static?
 
You must log in or register to reply here.
Back
Top