07-01-2018 10:19 PM - edited 03-05-2019 10:41 AM
I am trying to get traffic from fa0/1 to fa0/0 for my wan. I have a comcast modem attached to fa0/0 and then I have a cisco 3750 attached to fa0/1 with a couple PC's attached to it. Currently the switch can ping 10.10.10.1 (1841 router) and 10.0.0.135(comcast modem fa0/0 interface) however it can't ping 10.0.0.1(comcast modem)
1841r1#show running-config
Building configuration...
Current configuration : 1553 bytes
!
! Last configuration change at 04:58:43 UTC Mon Jul 2 2018
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname 1841r1
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $1$hB1U$LV3y9.vgMLl.**bleep**nSOWMV/
!
no aaa new-model
!
dot11 syslog
ip source-route
!
!
!
!
ip dhcp pool default-pool
network 10.10.10.0 255.255.255.0
dns-server 8.8.8.8
default-router 10.10.10.1
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
crypto pki token default removal timeout 0
!
!
!
!
license udi pid CISCO1841 sn FTX1036W2HR
!
redundancy
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
description comcast modem
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface FastEthernet0/1
description lan
ip address 10.10.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
shutdown
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip route 0.0.0.0 0.0.0.0 10.0.0.1
!
access-list 1 permit 10.10.10.0 0.0.0.255
access-list 101 permit ip 10.10.10.0 0.0.0.255 host 10.0.0.1
access-list 101 deny ip 10.10.10.0 0.0.0.255 10.0.0.0 0.0.0.255
access-list 101 permit ip 10.10.10.0 0.0.0.255 any
!
!
!
!
!
!
control-plane
!
!
!
line con 0
exec-timeout 30 0
password admin
logging synchronous
login
line aux 0
line vty 0 4
exec-timeout 30 0
password admin
logging synchronous
login
transport input all
!
scheduler allocate 20000 1000
end
07-01-2018 10:38 PM
Hello,
add the two lines marked in bold to your configuration:
1841r1#show running-config
Building configuration...
Current configuration : 1553 bytes
!
! Last configuration change at 04:58:43 UTC Mon Jul 2 2018
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname 1841r1
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$hB1U$LV3y9.vgMLl.**bleep**nSOWMV/
!
no aaa new-model
!
dot11 syslog
ip source-route
!
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool default-pool
network 10.10.10.0 255.255.255.0
dns-server 8.8.8.8
default-router 10.10.10.1
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
crypto pki token default removal timeout 0
!
license udi pid CISCO1841 sn FTX1036W2HR
!
redundancy
!
interface FastEthernet0/0
description comcast modem
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface FastEthernet0/1
description lan
ip address 10.10.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
shutdown
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip nat inside source list 1 interface FastEthernet0/0 overload
!
ip route 0.0.0.0 0.0.0.0 10.0.0.1
!
access-list 1 permit 10.10.10.0 0.0.0.255
access-list 101 permit ip 10.10.10.0 0.0.0.255 host 10.0.0.1
access-list 101 deny ip 10.10.10.0 0.0.0.255 10.0.0.0 0.0.0.255
access-list 101 permit ip 10.10.10.0 0.0.0.255 any
!
control-plane
!
line con 0
exec-timeout 30 0
password admin
logging synchronous
login
line aux 0
line vty 0 4
exec-timeout 30 0
password admin
logging synchronous
login
transport input all
!
scheduler allocate 20000 1000
end
07-01-2018 10:49 PM
That fixed it, thank you!
May I ask what ip nat inside source list 1 interface FastEthernet0/0 overload
does?
07-01-2018 10:52 PM
Hello,
basically, it tells the router which inside IP addresses (the ones specified in access list 1) are going to be translated (NATted) by the outside interface. Without that line, neither inside nor outside interface know what to NAT...
Does that make sense ? You will see a similar line in every single NAT configuration...
07-01-2018 10:54 PM
07-01-2018 10:55 PM
Good luck !
07-09-2018 04:06 PM
Georg,
With this setup how would I tell 10.10.10.5 to port forward port 3443 out the public interface?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide