Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
12852
Views
0
Helpful
5
Replies

Configuring NAT on a Cisco 1921 Router

milkboy33
Level 1
Level 1

‎02-01-2012 10:57 AM - edited ‎03-03-2019 06:29 AM

Hi All,

   We are having problems configuring NAT on our Cisco 1921 Router. Below is the running config. The problem we're having is for example our FTP server 192.168.1.16, cannot be accessed from its outside IP address, which is NATed on the router. The server is verified to be up and running and when we do a show debug ip nat, we see the router is translating outside users attempting to access the ftp server to it's correct internal IP address. Please help.

Current configuration : 3860 bytes
!

version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
no ipv6 cef
!
!
!
ip dhcp excluded-address 192.168.1.1 192.168.1.99
ip dhcp excluded-address 192.68.1.150 192.168.1.254
!
ip dhcp pool DHCP-POOL
network 192.168.1.0 255.255.255.0
dns-server 66.80.131.5 66.80.130.23 64.7.11.2
lease 7
!
!
no ip domain lookup
ip cef
multilink bundle-name authenticated
!
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-1406017923
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1406017923
revocation-check none
rsakeypair TP-self-signed-1406017923
!
!
crypto pki certificate chain TP-self-signed-1406017923
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 0505003

quit
license udi pid CISCO1921/K9 sn XXXXXXXXXXXXX
!

username grant privilege 15 secret 5 $1$LgZ4$UXZanBF9.F45dXzBT1Fqy.
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet0/0/0
ip address x.x.x.82 255.255.255.240
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
ip forward-protocol nd
!
ip http server
ip http authentication local
ip http secure-server
!
ip nat inside source list 1 interface GigabitEthernet0/0/0 overload

ip nat inside source static tcp 192.168.1.16 20 x.x.x.83 20 extendable

ip nat inside source static tcp 192.168.1.16 21 x.x.x.83 21 extendable
ip nat inside source static tcp 192.168.1.18 3389 x.x.x.84 3389 extendable
ip nat inside source static tcp 192.168.1.21 3389 x.x.x.85 3389 extendable
ip nat inside source static tcp 192.168.1.24 3389 x.x.x.86 3389 extendable
ip nat inside source static tcp 192.168.1.45 3389 x.x.x.87 3389 extendable
ip route 0.0.0.0 0.0.0.0 x.x.x.81
!
access-list 1 permit 192.168.1.0 0.0.0.255
!
!
!
control-plane
!
!
!
line con 0
login local
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
login local
transport input all
!
scheduler allocate 20000 1000
!
end

Router#

1 person had this problem
Labels:
0 Helpful
5 Replies 5

cadet alain
VIP Alumni
VIP Alumni

‎02-04-2012 07:29 AM

Hi,

your router config is good so maybe you should investigate towards the FTP server config.

Regards.

Alain

Don't forget to rate helpful posts.
0 Helpful

christophe.rossie
Level 1
Level 1

‎03-01-2012 06:27 PM

It looks like you don't have a default router declared in your dhcp. Don't know if you resolved this or not?

0 Helpful

rizwanr74
Level 7
Level 7

‎03-01-2012 07:12 PM

Please make sure, that server in question has default-gateway and mask assigned on it is correct.

FYI... Last, your DHCP server config on the router is missing default gateway address as well but it should not affect the translation on the router.

default-router 192.168.1.1


thanks

Rizwan Rafeek

0 Helpful

mahboabalighalib
Level 1
Level 1
In response to rizwanr74

‎11-15-2013 08:53 AM

I have same config without DHCP and when applay the Nating .there is no ping to public IP from outside.

Ip nat inside source static 192.168..50.6 82.114.70.65

192.168.50.6 ip address for LAN

82.114.70.65 public ip address.

When delete it ;there is ping to public ip address  but LAN network cannot access to internet.

0 Helpful

lmediavilla
Level 1
Level 1

‎11-18-2013 05:49 AM

why are you using extendable command? there is also a new way to do nat, with ip nat enable, you don't specify the inside or the outside interface the interface will now if it matches the nat acl.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card