Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
302
Views
0
Helpful
1
Replies

Unable to Reach PE with NAT Enabled

Mark_AU
Level 1
Level 1

‎08-17-2018 08:40 PM - edited ‎03-22-2019 10:02 AM

Hi everyone,

 

I'm setting up a Cisco 897VAG-LTE with a vDSL connection that does not use PPP for authentication (just VLAN100), with a 4G failover.

 

The vDSL service works, when I do not have "ip nat outside" applied to the interface. I'm able to ping the PE device, but as soon as I apply "ip nat outside" I am unable to ping the PE device.

 

Any ideas?

 

Current configuration : 5049 bytes
!
! Last configuration change at 03:32:24 UTC Sat Aug 18 2018 by admin
!
version 15.6
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec show-timezone
service password-encryption
no service password-recovery
!
hostname RTR01
!
boot-start-marker
boot-end-marker
!
!
logging buffered 65536 notifications
logging persistent size 134217728 filesize 5242880
no logging console
no logging monitor
enable secret 5 ABCD12345
!
aaa new-model
!
!
aaa authentication login default local
!
!
!
!
!
aaa session-id common
!
!
!
!
!
!
!
no ip source-route
ip options drop
!
!
!
!
!
!
!
!
!
!


!
ip dhcp bootp ignore
ip dhcp excluded-address 10.232.0.29
!
ip dhcp pool ABCD12345
network 10.232.0.28 255.255.255.252
default-router 10.232.0.29
dns-server 8.8.8.8
lease 7
!
!
!
no ip bootp server
no ip domain lookup
ip domain name ABCD12345.ABCD12345
ip cef
no ipv6 cef
!
!
!
!
!
multilink bundle-name authenticated
!
!
chat-script lte "" "AT!CALL" TIMEOUT 20 "OK"
!
!
!
!
!
license udi pid C897VAG-LTE-GA-K9 sn ABCD12345
!
!
archive
log config
logging enable
logging size 200
notify syslog contenttype plaintext
hidekeys
path flash:archive-config
maximum 14
write-memory
time-period 1440
username ABCD12345 privilege 15 secret 5 ABCD12345
secure boot-image
secure boot-config
!
redundancy
!
!
!
!
!
controller VDSL 0
operating mode vdsl2
!
controller Cellular 0
lte modem link-recovery rssi onset-threshold -110
lte modem link-recovery monitor-timer 20
lte modem link-recovery wait-timer 10
lte modem link-recovery debounce-count 6
!
!
!
!
!
!
!
!
!
!
!
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
!
interface Cellular0
description SIM CARD
ip address negotiated
ip nat outside
ip virtual-reassembly in
encapsulation slip
dialer in-band
dialer string lte
dialer-group 1
!
interface Cellular1
no ip address
encapsulation slip
!
interface Ethernet0
no ip address
!
interface Ethernet0.100
description vDSL
encapsulation dot1Q 100
ip address 172.22.1.38 255.255.255.252
!
interface GigabitEthernet0
description LINK TO LAN
switchport access vlan 10
no ip address
!
interface GigabitEthernet1
no ip address
!
interface GigabitEthernet2
no ip address
!
interface GigabitEthernet3
no ip address
!
interface GigabitEthernet4
no ip address
!
interface GigabitEthernet5
no ip address
!
interface GigabitEthernet6
no ip address
!
interface GigabitEthernet7
description TO LAN
switchport access vlan 490
no ip address
!
interface GigabitEthernet8
no ip address
shutdown
duplex auto
speed auto
!
interface Vlan1
no ip address
!
interface Vlan10
ip address 10.232.0.29 255.255.255.252
ip nat inside
ip virtual-reassembly in
!
interface Vlan490
description MANAGEMENT ACCESS
ip address 10.239.240.133 255.255.255.0
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source list PRIVATE interface Cellular0 overload
ip nat inside source route-map NAT_ISP1 interface Ethernet0.100 overload
ip nat inside source route-map NAT_ISP2 interface Cellular0 overload
ip route 0.0.0.0 0.0.0.0 Cellular0 250
ip route 192.168.1.205 255.255.255.255 10.239.240.1
ip ssh time-out 60
ip ssh server algorithm encryption aes128-ctr aes192-ctr aes256-ctr
ip ssh client algorithm encryption aes128-ctr aes192-ctr aes256-ctr
!
ip access-list extended PRIVATE
permit ip any any
ip access-list extended management
permit ip 192.168.1.0 0.0.0.255 any
permit ip 10.235.10.0 0.0.0.255 any
!
ip sla 1
icmp-echo 172.22.1.37 source-ip 172.22.1.38
ip sla schedule 1 life forever start-time now
ip sla 2
icmp-echo 8.8.8.8 source-interface Cellular0
ip sla schedule 2 life forever start-time now
logging trap notifications
logging source-interface GigabitEthernet0
dialer-list 1 protocol ip permit
ipv6 ioam timestamp
!
route-map NAT_ISP2 permit 10
match ip address 100
match interface Cellular0
!
route-map NAT_ISP1 permit 10
match ip address 100
match interface Ethernet0.100
!
access-list 100 permit ip 10.232.0.28 0.0.0.3 any
!
!
control-plane host
management-interface Vlan490 allow ssh snmp
!
!
control-plane
!
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
!
!
no vstack
configuration mode exclusive
!
line con 0
no modem enable
line aux 0
exec-timeout 0 1
no exec
transport output none
line 2
no activation-character
no exec
transport preferred none
stopbits 1
line 3
script dialer lte
no exec
rxspeed 100000000
txspeed 50000000
line 8
no exec
rxspeed 100000000
txspeed 50000000
line vty 0 4
session-timeout 15
access-class management in
exec-timeout 15 0
transport input ssh
!
scheduler allocate 20000 1000
ntp peer 172.16.1.6
!
end

 

Labels:
0 Helpful
1 Reply 1

Mark_AU
Level 1
Level 1

‎08-17-2018 08:50 PM

This is now working after removing this line.

 

ip nat inside source list PRIVATE interface Cellular0 overload

0 Helpful
Customers Also Viewed These Support Documents