Re: allworkstation cannot access internet

konn · ‎02-08-2005

Hi,

I am using a cisco 1721 to access a 1MB lease line. My configuration is using NAT, for the first few days all workstation are able to access internet. But one day suddenly all workstation cannot access and can't even ping to the internet.

When I ping a public IP at the router console and it is working fine. So I reconfigure the router using without NAT, with all public IP and it is working fine. The problem happens only when using NAT.

Can you pls advice on this issue.

Thanks

sachinraja · ‎02-08-2005

Hi Konn

Were you able to ping the router's inside IP at that time ? I think this will be the default gateway for all ur PCs .. right ? what was the CPU utilisation of the router at that time , when u logged on console ? this might have gone high and stopped all nat translations to happen ... since your PCs are directly connected to the router, it is prone to a lot of virus and attacks.. its better u redesign ur network with a firewall...

try to do a "clear ip nat translations *" from the router console when this problem occurs and see if it works... but am sure this is some problem with the router's performance due to some attacks...

hope this helps.. all the best.. rate replies if found useful...

Raj

konn · ‎02-11-2005

I have try clear ip nat translations * but still the same problem. When I configure the router to use without NAT, then it works fine.

After that when I switch all PCs to use another broadband router then it is working fine, so it should not be virus attack.

anowell · ‎02-11-2005

Konn,

Please post your config with the NAT.....I'll take a look then.

konn · ‎02-11-2005

The following is the config, it was working for a few days but always exprience up and down.

!

service timestamps debug uptime

service timestamps log uptime

service password-encryption

no service tcp-small-servers

no service udp-small-servers

!

hostname test

!

enable password xxx

!

no ip name-server

!

ip subnet-zero

no ip domain-lookup

ip routing

!

interface FastEthernet 0

no shutdown

description connected to EthernetLAN

ip address 192.168.1.1 255.255.255.0

ip nat inside

keepalive 10

!

interface Serial 0

no shutdown

description connected to Internet

ip address 1.2.x.x.x.255.252

ip nat outside

encapsulation hdlc

!

! Access Control List 1

!

no access-list 1

access-list 1 permit 192.168.1.0 0.0.0.255

!

! Dynamic NAT

!

ip nat translation timeout 86400

ip nat translation tcp-timeout 86400

ip nat translation udp-timeout 300

ip nat translation dns-timeout 60

ip nat translation finrst-timeout 60

ip nat pool Pearl-Energy-natpool-1 200.20.20.230 200.20.20.240 netmask 255.255.255.224

ip nat inside source list 1 pool Pearl-Energy-natpool-1 overload

!

! DHCP Server

!

service dhcp

ip dhcp excluded-address 192.168.1.2 192.168.1.50

ip dhcp excluded-address 192.168.1.101 192.168.1.254

ip dhcp pool 1

network 192.168.1.0 255.255.255.0

default-router 192.168.1.1

dns-server 165.x.x.x.21.100.88

!

router rip

version 2

network 192.168.1.0

passive-interface Serial 0

no auto-summary

!

ip classless

!

! IP Static Routes

ip route 0.0.0.0 0.0.0.0 Serial 0

no ip http server

snmp-server community public RO

no snmp-server location

no snmp-server contact

!

line console 0

exec-timeout 0 0

password 123

login

!

line vty 0 4

password xxx

login

!

end