Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
473
Views
4
Helpful
5
Replies

Need Help with NAT/PAT configuration...

stownsend
Level 2
Level 2

‎01-10-2003 08:57 AM - edited ‎03-02-2019 04:05 AM

I have a 2514 that I would like to have E0 on a Public Network and then E1 connected to a private network.

All of the Private IP addresses I wanted to use PAT though E0, so that All of the internal Addresses on E1 look like they are originating from E0.

I have the following in the config:

interface Ethernet0

description Connection to DSL Network

ip address 192.168.1.1 255.255.255.224

ip nat outside

no ip route-cache

no ip mroute-cache

!

interface Ethernet1

ip address 10.3.0.1 255.255.0.0

ip nat inside

no ip route-cache

no ip mroute-cache

!

interface Serial0

description Serial T1 Connection to Hawthorne

ip address 10.254.0.22 255.255.255.252

ip nat inside

no ip route-cache

no ip mroute-cache

What Else do I need to add to make it work correctly.

I'd also like it so the default route is E0, and if that cant make it, for it to use S0.

Thanks,

Scott<-

Labels:
0 Helpful
5 Replies 5

kholford
Level 1
Level 1

‎01-10-2003 11:52 AM

If you are sending out a pool of addresses don't you need something like this if you were using static ip addresses?

ip nat pool DSLa 192.168.2.2 192.168.2.2 netmask 255.255.255.0

ip nat pool DSLb 192.168.2.3 192.168.2.3 netmask 255.255.255.0

ip nat pool DSLc 192.168.2.4 192.168.2.4 netmask 255.255.255.0

ip nat inside source list 101 pool DSLa

ip nat inside source list 102 pool DSLb

ip nat inside source list 103 pool DSLc

access-list 101 permit ip 192.168.1.2 any

access-list 102 permit ip 192.168.1.3 any

access-list 103 permit ip 192.168.1.4 any

0 Helpful

stownsend
Level 2
Level 2
In response to kholford

‎01-10-2003 11:57 AM

I guess I'm not understanding where the 192.168.2.x Address are coming from?

The Ethernet 0 Interface on the router actually has a Public Address. 64.x.y.190. So what do I use for the Pool? Are the Pool address relative to the inside or outside?

Thanks,

Scott<-

0 Helpful

ajagadee
Cisco Employee
Cisco Employee
In response to stownsend

‎01-12-2003 02:02 AM

Hi Scott,

This is what you will need on the router to PAT your internal ip address on E1 to the E0 ip address.

access-list 7 permit 10.3.0.0 0.0.255.255

ip nat inside source list 7 interface ethernet0 overload

You can also refer the same in the below URL:

http://www.cisco.com/en/US/products/hw/routers/ps221/products_configuration_guide_chapter09186a008007cd02.html#63455

Regards,

Arul

stownsend
Level 2
Level 2
In response to ajagadee

‎01-12-2003 10:48 AM

Thank you Arul,

Worked Perfectly!!!!

My Next question is. How secure is that in terms of people from the internet getting to an ip address on the inside.

We are using this DSL connection at one of our remote Tech Support offices for a Fast Connection to the internet (4mb/s Downloads). the Rest of the offices are behind a PIX back at HQ. All of the offices are connected, so I'm worried that I now had two possible points of entry into the network.

Thank you again for your assistance.

Scott<-

0 Helpful

stownsend
Level 2
Level 2
In response to ajagadee

‎01-13-2003 09:25 AM

So maybe I spoke too soon.

I implimented the commands, did some traceroutes and all was good.

Well We got a call some time after that and they said they were down. I had them reboot the Router and they were back online. Though the Conenction to it seemed really slow. I finially got to the enable prompt and did a sho proc and it was pegged at 100% CPU utilization. (See Below)

I shut down E0 (the outside PATed interface) and the router spring back to life.

How do I find out what is causing the Spike? How do I see if its the NAT/PAT or if its some flood of net traffic?

Thanks,

Scott<-

Here is the running config:

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname "dancer.ts-sf"

!

clock timezone PST -8

clock summer-time PST recurring

ip subnet-zero

no ip source-route

ip domain-name enm.com

ip name-server 10.1.0.8

ip name-server 10.1.0.11

!

no ip bootp server

!

!

!

!

interface Ethernet0

description Connection to DSL Network

ip address w.x.y.z 255.255.255.224

ip nat outside

no ip route-cache

no ip mroute-cache

!

interface Ethernet1

ip address 10.3.0.1 255.255.0.0

ip nat inside

no ip route-cache

no ip mroute-cache

!

interface Serial0

description Serial T1 Connection to Hawthorne

ip address 10.254.0.22 255.255.255.252

ip nat inside

no ip route-cache

no ip mroute-cache

!

interface Serial1

no ip address

no ip route-cache

no ip mroute-cache

shutdown

!

router eigrp 2

network 10.0.0.0

default-metric 1000 100 255 1 1500

no auto-summary

no eigrp log-neighbor-changes

!

ip nat inside source list 7 interface Ethernet0 overload

ip classless

ip route 0.0.0.0 0.0.0.0 64.162.211.161 4

ip route 0.0.0.0 0.0.0.0 10.254.0.21 100

ip route a.b.c.0 255.255.255.0 10.254.0.21

ip route d.e.f.0 255.255.255.0 10.254.0.21

no ip http server

!

access-list 7 permit 10.3.0.0 0.0.255.255

no cdp run

snmp-server community public RO

snmp-server enable traps tty

CPU utilization for five seconds: 100%/2%; one minute: 99%; five minutes: 98%

PID QTy PC Runtime (ms) Invoked uSecs Stacks TTY Process

1 Cwe 32F1DF2 360 546 659 3620/4000 0 Chunk Manager

2 Csp 330F60E 612 403 1518 756/1000 0 Load Meter

3 M* 0 1108 109 10165 2020/4000 2 Virtual Exec

4 Lrd 32F8664 6112 355 17216 3732/4000 0 Check heaps

5 Cwe 330117C 72 30 2400 3644/4000 0 Pool Manager

6 Mst 3262664 0 2 0 3724/4000 0 Timers

7 Mwe 316E60C 4 2 2000 3720/4000 0 Serial Backgroun

8 Lrd 335589E 580 199 2914 3352/4000 0 ARP Input

9 Mwe 34FBCAC 0 3 0 3728/4000 0 DDR Timers

10 Mwe 3517C5C 4 2 2000 5728/6000 0 Dialer event

11 Lwe 36C62D6 24 2 12000 3668/4000 0 Entity MIB API

12 Mwe 317427E 0 1 0 3756/4000 0 SERIAL A'detect

13 Cwe 3304FF6 4 1 4000 3756/4000 0 Critical Bkgnd

14 Mrd 32CD7BA 2464 966 2550 4272/6000 0 Net Background

15 Lwe 3258672 12 5 2400 5596/6000 0 Logger

16 Mwe 32758EC 872 1529 570 3700/4000 0 TTY Background

17 Msp 32CCF7A 1116 1569 711 4736/5000 0 Per-Second Jobs

18 Hwe 32CD0BE 136 311 437 3672/4000 0 Net Input

19 Csp 32D583E 696 404 1722 3740/4000 0 Compute load avg

20 Msp 32CCF9A 2524 38 66421 3784/4000 0 Per-minute Jobs

21 Mwe 323F912 8 2 4000 3680/4000 0 AAA Dictionary R

22 Mrd 3381DAC 1585428 19978 79358 4812/6000 0 IP Input

24 Lwe 3791F22 0 1 0 3448/4000 0 X.25 Encaps Mana

25 Hwe 3B73890 4 2 2000 5724/6000 0 ATM OAM Input

26 Hwe 3B72BAC 4 2 2000 5324/6000 0 ATM OAM TIMER

27 Mwe 349A340 0 1 0 3836/4000 0 PPP IP Add Route

28 Mwe 33F6D7C 1392 121 11504 4348/5000 0 IP Background

29 Hwe 33FAA7A 24 44 545 4708/5000 0 IP RIB Update

30 Mwe 31F250C 300 37 8108 3720/4000 0 Adj Manager

31 Mst 336768A 72 75 960 5240/6000 0 TCP Timer

32 Lwe 336B3F8 16 4 4000 5140/6000 0 TCP Protocols

33 Lwe 33C2440 0 1 0 3740/4000 0 Probe Input

34 Mwe 33C33FA 0 1 0 3756/4000 0 RARP Input

35 Mwe 33D5C1C 0 1 0 3812/4000 0 HTTP Timer

36 Hwe 33E2A58 0 1 0 3816/4000 0 Socket Timers

37 Mwe 335D172 72 25 2880 3456/4000 0 DHCPD Receive

38 Lsi 343D748 8 35 228 3752/4000 0 IP Cache Ager

39 Mwe 3675894 4 1 4000 7736/8000 0 COPS

40 Hwe 37A08F4 0 1 0 3736/4000 0 PAD InCall

41 Mwe 3766FF8 0 2 0 5732/6000 0 X.25 Background

42 Mwe 38A7CDC 0 1 0 3816/4000 0 Inspect Timer

44 Mwe 3BF9188 4 2 2000 3708/4000 0 Crypto Support

45 Mwe 3C02622 8 5 1600 7304/8000 0 Crypto ACL

46 Mwe 3BF2666 0 1 0 5744/6000 0 Encrypt Proc

47 Mwe 3BF37E8 8 5 1600 6504/7000 0 Key Proc

48 Mwe 3C5F202 4 3 1333 6420/7000 0 Crypto CA

49 Mwe 3C1ED6A 120 145 827 5528/6000 0 Crypto IKMP

50 Mwe 3C16258 9668 370 26129 1428/4000 0 IPSEC key engine

51 Mwe 3C16B20 0 1 0 3772/4000 0 IPSEC manual key

52 Msi 38F23CC 84 205 409 3740/4000 0 RMON Recycle Pro

53 Mwe 38F928A 4 2 2000 3744/4000 0 RMON Deferred Se

54 Mwe 38D7ACC 4 1 4000 3572/4000 0 RMON Packets

55 Mrd 3816404 52500 21982 2388 3576/4000 0 IP NAT Ager

56 Mwe 3681500 2184 1122 1946 3208/4000 0 IP-EIGRP Hello

58 Mwe 36BE228 0 1 0 3792/4000 0 SNMP Timers

59 Lwe 33B9CEC 4 2 2000 5616/6000 0 IP SNMP

60 Mwe 36C4490 0 1 0 5732/6000 0 PDU DISPATCHER

This is with E0 shutdown:

CPU utilization for five seconds: 15%/4%; one minute: 14%; five minutes: 17%

PID QTy PC Runtime (ms) Invoked uSecs Stacks TTY Process

1 Cwe 32F1DF2 360 547 658 3620/4000 0 Chunk Manager

2 Csp 330F60E 788 811 971 756/1000 0 Load Meter

3 M* 0 2272 155 14658 2020/4000 2 Virtual Exec

4 Lst 32F9B56 13264 791 16768 3728/4000 0 Check heaps

5 Cwe 330117C 72 30 2400 3644/4000 0 Pool Manager

6 Mst 3262664 0 2 0 3724/4000 0 Timers

7 Mwe 316E60C 4 2 2000 3720/4000 0 Serial Backgroun

8 Lwe 335589E 952 318 2993 3352/4000 0 ARP Input

9 Mwe 34FBCAC 0 3 0 3728/4000 0 DDR Timers

10 Mwe 3517C5C 4 2 2000 5728/6000 0 Dialer event

11 Lwe 36C62D6 24 2 12000 3668/4000 0 Entity MIB API

12 Mwe 317427E 0 1 0 3756/4000 0 SERIAL A'detect

13 Cwe 3304FF6 4 1 4000 3756/4000 0 Critical Bkgnd

14 Mwe 32CD7BA 2928 1566 1869 4272/6000 0 Net Background

15 Lwe 3258672 16 9 1777 5596/6000 0 Logger

16 Mwe 32758EC 1188 3540 335 3572/4000 0 TTY Background

17 Msp 32CCF7A 1652 3579 461 4736/5000 0 Per-Second Jobs

18 Hwe 32CD0BE 228 516 441 3672/4000 0 Net Input

19 Csp 32D583E 976 812 1201 3740/4000 0 Compute load avg

20 Msp 32CCF9A 4964 73 68000 3780/4000 0 Per-minute Jobs

21 Mwe 323F912 8 2 4000 3680/4000 0 AAA Dictionary R

22 Mrd 3381DAC 1917148 111467 17199 4812/6000 0 IP Input

24 Lwe 3791F22 0 1 0 3448/4000 0 X.25 Encaps Mana

25 Hwe 3B73890 4 2 2000 5724/6000 0 ATM OAM Input

26 Hwe 3B72BAC 4 2 2000 5324/6000 0 ATM OAM TIMER

27 Mwe 349A340 0 1 0 3836/4000 0 PPP IP Add Route

28 Mwe 33F6D7C 2864 198 14464 4028/5000 0 IP Background

29 Hwe 33FAA7A 36 114 315 4708/5000 0 IP RIB Update

30 Mwe 31F250C 576 71 8112 3720/4000 0 Adj Manager

31 Mst 336768A 172 220 781 5240/6000 0 TCP Timer

32 Lwe 336B3F8 20 6 3333 5140/6000 0 TCP Protocols

33 Lwe 33C2440 0 1 0 3740/4000 0 Probe Input

34 Mwe 33C33FA 0 1 0 3756/4000 0 RARP Input

35 Mwe 33D5C1C 0 1 0 3812/4000 0 HTTP Timer

36 Hwe 33E2A58 0 1 0 3816/4000 0 Socket Timers

37 Mwe 335D172 136 47 2893 3456/4000 0 DHCPD Receive

38 Lsi 343D748 8 69 115 3752/4000 0 IP Cache Ager

39 Mwe 3675894 4 1 4000 7736/8000 0 COPS

40 Hwe 37A08F4 0 1 0 3736/4000 0 PAD InCall

41 Mwe 3766FF8 0 2 0 5732/6000 0 X.25 Background

42 Mwe 38A7CDC 0 1 0 3816/4000 0 Inspect Timer

44 Mwe 3BF9188 4 2 2000 3708/4000 0 Crypto Support

45 Mwe 3C02622 8 5 1600 7304/8000 0 Crypto ACL

46 Mwe 3BF2666 0 1 0 5744/6000 0 Encrypt Proc

47 Mwe 3BF37E8 8 5 1600 6504/7000 0 Key Proc

48 Mwe 3C5F202 4 3 1333 6420/7000 0 Crypto CA

49 Mwe 3C1ED6A 160 281 569 5528/6000 0 Crypto IKMP

50 Mwe 3C16258 9724 687 14154 1428/4000 0 IPSEC key engine

51 Mwe 3C16B20 0 1 0 3772/4000 0 IPSEC manual key

52 Msi 38F23CC 116 408 284 3740/4000 0 RMON Recycle Pro

53 Mwe 38F928A 4 2 2000 3744/4000 0 RMON Deferred Se

54 Mwe 38D7ACC 4 1 4000 3572/4000 0 RMON Packets

55 Mwe 3816404 53940 23218 2323 3576/4000 0 IP NAT Ager

56 Mrd 3681500 3408 2431 1401 3208/4000 0 IP-EIGRP Hello

58 Mwe 36BE228 0 1 0 3792/4000 0 SNMP Timers

59 Lwe 33B9CEC 4 2 2000 5616/6000 0 IP SNMP

60 Mwe 36C4490 0 1 0 5732/6000 0 PDU DISPATCHER

PID QTy PC Runtime (ms) Invoked uSecs Stacks TTY Process

61 Mwe 36C40F4 0 1 0 5720/6000 0 SNMP ENGINE

62 Lwe 348E85C 0 1 0 5756/6000 0 SNMP ConfCopyPro

63 Mwe 36BE5AA 0 1 0 5724/6000 0 SNMP Traps

64 Mwe 33EB99E 28 35 800 3772/4000 0 DHCPD Timer

65 Msi 33F4C9C 380 1107 343 3180/4000 0 DHCPD Database

66 Mwe 35C2284 1280 921 1389 3864/5000 0 IP-EIGRP Router

0 Helpful
Customers Also Viewed These Support Documents