Cisco 836 and problems with NAT

roberto_rg · ‎07-22-2004

Hi,

I bought two Cisco 836 with ADSL over RDSI for my office, I configured they with the Web enviroment and we can use all internet resources (http,pop3,etc) but only from LAN to WAN.

If I try to make NAT from WAN to any server that it's on my LAN I can make it only with one router because if I try to make this NAT in the two ones randomly one of the two units stop making NAT from WAN to LAN but it continue working from LAN to WAN.

I don't know why it happen but when it succeed I can't make a ping from the server to the router, after it succeed yes, the servers are Linux Red Hat 9, and I try to nat ports 80,443,110 and 25.

I need the two lines makeing nat because I make a load balancing with round robin of DNS.

Thanks for all

roberto_rg · ‎07-28-2004

Any idea?

Thanks.

Georg Pauwen · ‎07-28-2004

Hello,

are you trying to use both 836 routers as exit points for all clients on your LAN ? It seems to me that this could cause the problems you describe, if you try to reach one of your inside machines from the outside, and that machine sends out the traffic through the other link, connectivity would be lost.

Can you post the configurations of both routers ?

Regards,

GP

roberto_rg · ‎07-28-2004

The configurations of the two Cisco 836 are, the only change is the public IP, the ETH0 IP and the hostname.

Using 2154 out of 131072 bytes

!

version 12.3

no service pad

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname admin1

!

no logging buffered

enable secret xxxxx

!

username CRWS_Shashi privilege 15 password 7 (removed)

username admin1 password 7 (removed)

username CRWS_Gayatri privilege 15 password 7 (removed)

username sdm password 7 (removed)

no aaa new-model

ip subnet-zero

ip name-server 195.235.113.3

ip name-server 195.235.96.90

ip dhcp excluded-address 192.168.3.5

ip dhcp excluded-address 192.168.3.8

!

ip audit notify log

ip audit po max-events 100

no ftp-server write-enable

!

interface Ethernet0

description CRWS Generated text. Please do not delete this:192.168.3.6-255.255.255.0

ip address 192.168.3.6 255.255.255.0

ip nat inside

no ip mroute-cache

!

interface BRI0

no ip address

shutdown

!

interface ATM0

no ip address

atm vc-per-vp 64

no atm ilmi-keepalive

dsl operating-mode etsi

!

interface ATM0.1 point-to-point

ip address (removed for security) 255.255.255.0

ip nat outside

pvc 8/32

encapsulation aal5snap

!

interface FastEthernet1

no ip address

duplex auto

speed auto

!

interface FastEthernet2

no ip address

duplex auto

speed auto

!

interface FastEthernet3

no ip address

duplex auto

speed auto

!

interface FastEthernet4

no ip address

duplex auto

speed auto

!

ip nat inside source list 102 interface ATM0.1 overload

ip nat inside source static tcp 192.168.3.5 25 interface ATM0.1 25

ip nat inside source static tcp 192.168.3.5 110 interface ATM0.1 110

ip nat inside source static tcp 192.168.3.8 80 interface ATM0.1 80

ip nat inside source static tcp 192.168.3.8 443 interface ATM0.1 443

ip classless

ip route 0.0.0.0 0.0.0.0 ATM0.1

ip route 192.168.3.0 255.255.255.0 Ethernet0

ip http server

ip http secure-server

!

access-list 102 permit ip 192.168.3.0 0.0.0.255 any

!

line con 0

exec-timeout 120 0

no modem enable

stopbits 1

line aux 0

line vty 0 4

access-class 23 in

exec-timeout 120 0

login local

length 0

!

scheduler max-task-time 5000

!

end