Re: NAT Problem

mhixservice · ‎05-19-2004

Hi

I trying to configure NAT on a 1711 Security router. My outside interface is fastethernet0 address 68.238.170.27, and my inside interface is VLAN1 address 10.10.10.1. I am able to ping a public addres from the router, but I cannot access the internet from a dynamic address assign by the router.

Below is the startup-config on the router. Please be kind enough to help me find a solution to this problem.

Many thanks.

Building configuration...

Current configuration : 2608 bytes

!

! Last configuration change at 16:19:27 America Tue May 18 2004

! NVRAM config last updated at 16:09:37 America Tue May 18 2004

!

version 12.2

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

service password-encryption

service sequence-numbers

!

hostname router1

!

security authentication failure rate 3 log

security passwords min-length 6

logging queue-limit 100

logging buffered 51200 debugging

logging console critical

enable secret 5 $1$XR57$13nL3UQDF6C70eZCiZRZU0

!

username xxxxx privilege 15 password 7 051F0E0A2B4D430C0A50

clock timezone America/New_York -5

clock summer-time America/New_York date Apr 6 2003 2:00 Oct 26 2003 2:00

ip subnet-zero

no ip source-route

!

ip tcp synwait-time 10

ip domain name yourdomain.com

ip name-server xxx.202.0.8

ip name-server xxx.203.0.8

ip dhcp excluded-address 10.10.10.1

!

ip dhcp pool sdm-pool1

network 10.10.10.0 255.255.255.0

default-router 10.10.10.1

!

no ip bootp server

ip cef

ip audit notify log

ip audit po max-events 100

ip ssh time-out 60

ip ssh authentication-retries 2

no ftp-server write-enable

!

interface FastEthernet0

description $ETH-WAN$

ip address xx.xxx.170.27 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat outside

ip route-cache flow

duplex auto

speed auto

no cdp enable

!

interface FastEthernet1

no ip address

no cdp enable

!

interface FastEthernet2

no ip address

no cdp enable

!

interface FastEthernet3

no ip address

no cdp enable

!

interface FastEthernet4

no ip address

no cdp enable

!

interface Async1

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

!

interface Vlan1

description $FW_INSIDE$$ETH-SW-LAUNCH$

ip address 10.10.10.1 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

ip route-cache flow

!

ip classless

ip route 0.0.0.0 0.0.0.0 xx.xxx.170.1

ip http server

ip http authentication local

ip http secure-server

!

logging trap debugging

no cdp run

!

banner login ^CAuthorized access only!

Disconnect IMMEDIATELY if you are not an authorized user!^C

!

line con 0

login local

transport output telnet

line 1

flush-at-activation

stopbits 1

speed 115200

flowcontrol hardware

line aux 0

login local

transport output telnet

line vty 0 4

privilege level 15

login local

transport input telnet ssh

line vty 5 15

privilege level 15

login local

transport input telnet ssh

!

scheduler allocate 4000 1000

scheduler interval 500

!

end

rais · ‎05-19-2004

You need to add NAT command such as:

ip nat inside source list 10 interface fastethernet0 overload

access-list 10 permit 10.10.10.0 0.0.0.255

Hope this helps.

Thanks.

mhixservice · ‎05-20-2004

Thank You!!!!

The addition of these new commands worked perfectly.

Thanks again Rais