Buy or Renew
Buy or Renew
NOTICE: The community will be in READ-ONLY Sept. 6 – 9 to add Umbrella release notes and announcements. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
542
Views
0
Helpful
5
Replies

Cisco 2600 Nat question

wolf7590
Level 1
Level 1

‎05-10-2004 11:09 AM - edited ‎03-02-2019 03:35 PM

Hi,

I am using a Cisco 2600 for a point to point T1 to a remote site as well as Internet access for both sites.

I have one CSU/DSU WIC card for the point to point T1.

The LAN is connected to FastEthernet0/0.

The Internet is accessed through FastEthernet0/1.

The router between the 2600 and the T1 is not running any type of firewall or blocking anything.

The router is a 2621XM running c2600-i-mz.123-3a.bin.

I am having trouble getting NAT to work for Internet access from both the main and remote sites.

A traceroute from a system on the LAN shows the FastEthernet0/1 ip address but stops there.

Here is the config info.

version 12.3

!

no cdp enable

!

interface FastEthernet0/0

description Main site LAN

ip address 192.168.1.253 255.255.255.0

ip access-group 101 in

ip nat inside

no ip mroute-cache

speed auto

full-duplex

!

interface Serial0/0

descrition Point to Point T1 to remote site

ip address 172.22.130.2 255.255.255.0

no ip mroute-cache

compress stac

no fair-queue

!

interface FastEthernet0/1

description Access to Internet.

ip address 66.213.222.194 255.255.255.248

ip access-group 105 in

ip nat outside

no ip mroute-cache

duplex auto

speed auto

!

ip default-gateway 66.213.222.193

ip nat inside source route-map nonat interface FastEthernet0/1 overload

ip route 0.0.0.0 0.0.0.0 66.213.222.193

ip route 192.168.2.0 255.255.255.0 172.22.130.1

!

!

access-list 101 permit ip any any

access-list 105 deny tcp any eq 135 any

access-list 105 permit tcp any host 66.213.222.194 eq telnet

access-list 105 permit udp any host 66.213.222.194 eq isakmp

access-list 105 permit ahp any host 66.213.222.194

access-list 105 permit esp any host 66.213.222.194

access-list 105 permit gre any host 66.213.222.194

access-list 105 permit ip host 63.228.0.81 any

access-list 105 permit ip 192.168.2.0 0.0.0.255 any

access-list 105 permit ip 192.168.240.0 0.0.0.3 any

access-list 105 permit tcp any host 66.213.222.194 eq smtp

access-list 105 permit tcp any host 66.213.222.194 eq www

access-list 105 permit tcp any host 66.213.222.194 eq pop3

access-list 105 permit tcp any host 66.213.222.194 eq 1723

access-list 105 permit tcp any host 66.213.222.194 eq 443

access-list 105 permit tcp any host 66.213.222.194 eq 5900

access-list 105 permit tcp any host 66.213.222.194 eq 11110

access-list 105 permit icmp any host 66.213.222.194 administratively-prohibited

access-list 105 permit icmp any host 66.213.222.194 echo

access-list 105 permit icmp any host 66.213.222.194 echo-reply

access-list 105 permit icmp any host 66.213.222.194 packet-too-big

access-list 105 permit icmp any host 66.213.222.194 time-exceeded

access-list 105 permit icmp any host 66.213.222.194 unreachable

access-list 105 deny ip any any

access-list 110 permit ip 192.168.2.0 0.0.0.255 any

access-list 110 permit ip 192.168.1.0 0.0.0.255 any

access-list 115 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255

access-list 115 permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255

no cdp run

route-map nonat permit 10

match ip address 110

!

Thanks much in advance for any assistance!

Kevin Wurzer

email:kwurzer@rheummds.com

Labels:
0 Helpful
5 Replies 5

hmcdavid
Level 1
Level 1

‎05-10-2004 01:24 PM

your ISP must give you certificated ip address, a pool of it. and to configure ip nat pool

0 Helpful

wolf7590
Level 1
Level 1
In response to hmcdavid

‎05-10-2004 01:43 PM

HI,

I have some routeable ip addresses.

Actually I saw a response to a later post, disabling my access-list for the outside interface fixed it.

Thanks

0 Helpful

rais
Level 7
Level 7
In response to hmcdavid

‎05-10-2004 01:48 PM

I have used this type of configuration (though with access-list instead of route-map in NAT command) and it works fine.

Do you have a default route set in your T1 router?

Thanks.

0 Helpful

tekha
Level 3
Level 3
In response to rais

‎05-11-2004 07:42 AM

First of all you need to put "ip nat inside" on your serial0/0 interface.

What's with the route-map "nonat"? You don't need that.

Remove "ip nat inside source route-map nonat interface FastEthernet0/1 overload", and replace it with ip nat inside source list 110 interface FastEthernet0/1 overload.

Then temporarily remove ip access-group 105 and 101 from the interfaces.

Does it work now?

Verify by writing "sh ip nat trans".

0 Helpful

sujit.n
Level 1
Level 1

‎05-13-2004 09:05 PM

Hi Kevin

Pls remove the "ip default-gateway 66.213.222.193" command and add ip route 0.0.0.0 0.0.0.0 66.213.222.193 instead.

The ip default-gateway command is for layer 2 devices. On a l3 device this command does not work.

Cheers sujit

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card