02-08-2005 09:58 PM - edited 03-02-2019 09:34 PM
Hi,
I am using a cisco 1721 to access a 1MB lease line. My configuration is using NAT, for the first few days all workstation are able to access internet. But one day suddenly all workstation cannot access and can't even ping to the internet.
When I ping a public IP at the router console and it is working fine. So I reconfigure the router using without NAT, with all public IP and it is working fine. The problem happens only when using NAT.
Can you pls advice on this issue.
Thanks
02-08-2005 10:40 PM
Hi Konn
Were you able to ping the router's inside IP at that time ? I think this will be the default gateway for all ur PCs .. right ? what was the CPU utilisation of the router at that time , when u logged on console ? this might have gone high and stopped all nat translations to happen ... since your PCs are directly connected to the router, it is prone to a lot of virus and attacks.. its better u redesign ur network with a firewall...
try to do a "clear ip nat translations *" from the router console when this problem occurs and see if it works... but am sure this is some problem with the router's performance due to some attacks...
hope this helps.. all the best.. rate replies if found useful...
Raj
02-11-2005 08:35 AM
I have try clear ip nat translations * but still the same problem. When I configure the router to use without NAT, then it works fine.
After that when I switch all PCs to use another broadband router then it is working fine, so it should not be virus attack.
02-11-2005 11:49 AM
Konn,
Please post your config with the NAT.....I'll take a look then.
02-11-2005 07:34 PM
The following is the config, it was working for a few days but always exprience up and down.
!
service timestamps debug uptime
service timestamps log uptime
service password-encryption
no service tcp-small-servers
no service udp-small-servers
!
hostname test
!
enable password xxx
!
no ip name-server
!
ip subnet-zero
no ip domain-lookup
ip routing
!
interface FastEthernet 0
no shutdown
description connected to EthernetLAN
ip address 192.168.1.1 255.255.255.0
ip nat inside
keepalive 10
!
interface Serial 0
no shutdown
description connected to Internet
ip address 1.2.x.x.x.255.252
ip nat outside
encapsulation hdlc
!
! Access Control List 1
!
no access-list 1
access-list 1 permit 192.168.1.0 0.0.0.255
!
! Dynamic NAT
!
ip nat translation timeout 86400
ip nat translation tcp-timeout 86400
ip nat translation udp-timeout 300
ip nat translation dns-timeout 60
ip nat translation finrst-timeout 60
ip nat pool Pearl-Energy-natpool-1 200.20.20.230 200.20.20.240 netmask 255.255.255.224
ip nat inside source list 1 pool Pearl-Energy-natpool-1 overload
!
! DHCP Server
!
service dhcp
ip dhcp excluded-address 192.168.1.2 192.168.1.50
ip dhcp excluded-address 192.168.1.101 192.168.1.254
ip dhcp pool 1
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 165.x.x.x.21.100.88
!
router rip
version 2
network 192.168.1.0
passive-interface Serial 0
no auto-summary
!
!
ip classless
!
! IP Static Routes
ip route 0.0.0.0 0.0.0.0 Serial 0
no ip http server
snmp-server community public RO
no snmp-server location
no snmp-server contact
!
line console 0
exec-timeout 0 0
password 123
login
!
line vty 0 4
password xxx
login
!
end
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide