Re: nat on 3620 router.

nki · ‎02-03-2005

My router is direct coonect to the internet.

I get ipaddress from isp.

From Router , I can ping , and resolve name to ip address , everything is ok.

From lan ( dhcp clients ), I can`t resolve name to ip address , and I can`t ping to the Internet.but Iam able to ping to outside interface of my router only.

here my config:

london#sh run

Building configuration...

Current configuration : 1481 bytes

!

version 12.2

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname "london"

!

enable secret 5

enable password

no ip subnet-zero

!

no ip domain-lookup nsap

!

ip dhcp pool lan

network 192.168.3.0 255.255.255.0

dns-server 195.x.x.172 195.x.x.14 195.x.x.18

default-router 62.x.x.216

!

ip dhcp-server 192.168.3.1

!

call rsvp-sync

!

interface Ethernet0/0

no ip address

ip nat inside

shutdown

half-duplex

!

interface Ethernet0/1

ip address 192.168.3.1 255.255.255.0

ip nat inside

full-duplex

!

interface FastEthernet1/0

ip address dhcp

ip nat outside

duplex auto

speed 100

!

interface FastEthernet1/1

ip address 192.168.1.2 255.255.255.0

duplex auto

speed auto

!

ip nat inside source static 192.168.3.1 62.x.x.216 ( this is outside interface og my router )

ip classless

ip route 0.0.0.0 0.0.0.0 62.x.x.1 ( ip adress of isp router )

ip http server

!

no logging trap

!

dial-peer cor custom

!

line con 0

exec-timeout 0 0

password

logging synchronous

line aux 0

password

line vty 0 4

timeout login response 0

password 7

login

!

end

london#ping cisco.com

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 198.x.x.25, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 196/199/204 m

Thanks in advance

sig

Georg Pauwen · ‎02-03-2005

Hello,

in your current configuration, your Ethernet0/1 IP address gets staticaly translated, but nothing else. In order for your clients off Ethernet0/1 to be able to access the Internet, add the following to your configuration:

--> access-list 1 permit 192.160.3.0

--> ip nat inside source list 1 interface FastEthernet0/1 overload

and remove the line:

ip nat inside source static 192.168.3.1 62.x.x.216

If you want your clients off interface FastEthernet1/1 to also access the internet, add the 'ip nat inside' statement to that interface as well, and also add:

access-list 1 permit 192.168.1.0

HTH,

GP

nki · ‎02-03-2005

Hi

I added :

access-list 1 permit 192.160.3.0

ip nat inside source list 1 interface

FastEthernet0/1 overload

I still ping only to Router inside interface , but I am not able to ping to The internet.

I can `t resolve name with ip address on client pc.

any idea !!!

Sig

smif101 · ‎02-03-2005

I think the problem you have here is that the clients are getting the wrong default gateway which you have as 62.x.x.216. It should be receiving the ip address of your ethernet interface which is 192.168.3.1. Change that and see how well you do.

nki · ‎02-03-2005

!

ip dhcp pool lan

network 192.168.3.0 255.255.255.0

dns-server 195.x.x.172 195.x.x.14 195.x.x.18

default-router 192.168.3.1

!

ip dhcp-server 192.168.3.1

ip route 0.0.0.0 0.0.0.0 62.x.x.1 ( isp router interface )

on clinet pc:

ipconfig: 192.168.3.2

255.255.255.0

192.168.3.1

c:\ ping www.cisco.com

uknow vert www.cisco.com

It`s seem that I have some problemes with dns

I can only ping to my router ( 62.x.x.216 ). I could not ping to isp router : 62.x.x.1.

and I could`nt resolve name to ip address on client pc.

I have tried :

access-list 101 permit udp any any eq 53.

router rip

network 192.168.3.0

network 62.x.x.0

any suggestion !!!!

smif101 · ‎02-09-2005

What is the config of your router now after all the changes so we can start from scratch?

vnirmal112 · ‎02-10-2005

Hi,

From a Client PC,Please check if ur able to ping DNS Servers.If not try to traceroute the same and identify where it drops.

Nirmal.