09-30-2011 08:30 AM - edited 03-04-2019 01:47 PM
So I've been fighting this issue for many hours now and I feel like I'm missing something stupid. I want to configure the router to act as a DHCP server with NAT. ISP assisgns a public static IP. If I telnet to the router I can ping public IP's and the gateway just fine. However, from the PC I can ping my public ip (on the router) but I can't ping the gateway and the pc shows no internet access (side note: will the Access List I have setup block my return pings?) Anyway, thanks in advance for your help, below is my config.
NateHome#show run Building configuration... Current configuration : 1225 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname NateHome ! boot-start-marker boot-end-marker ! enable secret 5 $1$LKnD#5caD4pVo.zh92vX76oky1 enable password password ! no aaa new-model memory-size iomem 10 ip cef ! ! no ip dhcp use vrf connected ip dhcp excluded-address 10.1.0.3 255.0.0.0 ! ip dhcp pool 0 network 10.1.0.0 255.255.255.0 default-router 10.1.0.1 dns-server 4.2.2.2 ! ! ! ! ! ! ! bridge irb ! ! interface ATM0/0 no ip address no ip route-cache cef no ip route-cache no atm ilmi-keepalive dsl operating-mode auto bridge-group 1 pvc 8/35 encapsulation aal5snap ! ! interface Ethernet0/0 ip address 10.1.0.1 255.255.255.0 ip nat inside full-duplex ! interface BVI1 ip address 225.177.185.25 255.255.255.0 ip nat outside ! no ip forward-protocol nd ip forward-protocol spanning-tree ip route 0.0.0.0 0.0.0.0 225.177.185.1 ! no ip http server no ip http secure-server ip nat inside source list 1 interface BVI1 overload ! access-list 1 permit 10.1.0.0 0.0.0.255 ! control-plane ! bridge 1 protocol ieee bridge 1 route ip ! line con 0 line aux 0 line vty 0 4 password telnet login ! ! end
09-30-2011 11:38 AM
hi!
well, the acl you have will not block any traffic, it only defines which addresses are allowed to be NATed, so that is not the problem. seems to me that your NAT is configured correctly, you can try and issue show ip nat translations on the router while trying to access a public service from your pc...if your nat is working as it should, you should see some translations.
what seems odd to me is your default route! why is it pointing to that address? i would try removing that and putting
ip route 0.0.0.0 0.0.0.0 bvi1
09-30-2011 12:04 PM
I'll give that a try tonight when I get home.
I put the ip route to that address because that's the default gateway for my ISP and that was what the cisco docs said:
ip route 0.0.0.0 0.0.0.0
http://www.cisco.com/en/US/tech/tk175/tk15/technologies_configuration_example09186a008071a59c.shtml
However, I'm missing the "ip classless" command and I'm wondering if that's causing me problems.....
10-01-2011 01:09 AM
do you have any good news?
10-01-2011 03:37 AM
Hi Nathan,
Since you are able to ping from the router it doesnt look like a gateway issue, could you please send me the following outputs:
1. show ip route
2. ping 4.2.2.2 sou bvi1
3. show ip nat trans when pinging
Regards,
Sujit
10-01-2011 08:30 AM
Sorry I didn't post last night, I was fighting with it and trying everything I could think of.... Anyway, since I 'messed' with it a tiny bit here's the outputs as requested and current config. I'm fairly certain it's a nat issue of some sort but I'm lost as to how to fix it....
I also tried the ip route 0.0.0.0 0.0.0.0 bvi1 but when I had that I couldn't even ping the gateway so I changed it back.
show ip route
C 225.177.185.0/24 is directley connected, BVI1
S* 0.0.0.0/0 [1/0] via 225.177.185.1
ping 4.2.2.2 sou bvi1 (100% success) - Pinging from the router works fine
ping 4.2.2.2 (100% success)
ping 4.2.2.2 from the pc - Show ip nat trans just returns a single blank line
Pinging 4.2.2.2 with 32 bytes of data:
Request timed out.
Request timed out.
Reply from 216.211.180.149: Destination host unreachable.
Request timed out.
Ping statistics for 4.2.2.2:
Packets: Sent = 4, Received = 1, Lost = 3 (75% loss),
NateHome#show ip nat statistics
Total active translations: 0 (0 static, 0 dynamic; 0 extended)
Outside interfaces:
BVI1
Inside interfaces:
Ethernet0/0
Hits: 0 Misses: 0
Expired translations: 0
Dynamic mappings:
-- Inside Source
[Id: 1] access-list 1 interface BVI1 refcount 0
*Mar 1 00:00:5
NateHome#show run
Building configuration...
Current configuration : 1279 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname NateHome
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$LKnD$3gaD/4pVo.zh92vX76oky1
!
memory-size iomem 10
no aaa new-model
ip subnet-zero
ip cef
!
!
!
ip dhcp pool 0
network 192.168.5.0 255.255.255.0
dns-server 216.211.191.9
default-router 192.168.5.1
!
!
!
!
!
!
!
!
!
!
!
!
!
!
bridge irb
!
!
!
interface ATM0/0
no ip address
no ip route-cache cef
no ip route-cache
no atm ilmi-keepalive
dsl operating-mode auto
bridge-group 1
pvc 8/35
encapsulation aal5snap
!
!
interface Ethernet0/0
ip address 192.168.5.1 255.255.255.0
no ip redirects
ip nat inside
ip route-cache flow
no ip route-cache cef
no ip mroute-cache
half-duplex
no cdp enable
!
interface BVI1
ip address 225.177.185.25 255.255.255.0
ip nat outside
!
ip nat inside source list 1 interface BVI1 overload
no ip http server
ip classless
no ip forward-protocol nd
ip forward-protocol spanning-tree
ip route 0.0.0.0 0.0.0.0 225.177.185.1
!
!
access-list 1 permit 192.168.5.0 0.0.0.255
no cdp run
!
bridge 1 protocol ieee
bridge 1 route ip
!
!
!
!
line con 0
line aux 0
line vty 0 4
password telpass
login
!
!
end
NateHome#
10-01-2011 12:03 PM
Quick update (making some headway I think but still not working). I removed the bvi1overload and put in:
ip nat pool overld 192.168.5.1 192.168.5.254 prefix-length 24
ip nat inside source list 1 pool overld overload
now when I do a ping and sh ip nat trans:
NateHome#sh ip nat trans
Pro Inside global Inside local Outside local Outside global
udp 192.168.5.1:53469 192.168.5.2:53469 67.88.10.198:5070 67.88.10.198:5070
udp 192.168.5.1:53469 192.168.5.2:53469 67.108.236.70:5070 67.108.236.70:5070
udp 192.168.5.1:53469 192.168.5.2:53469 216.234.79.8:5070 216.234.79.8:5070
udp 192.168.5.1:58516 192.168.5.2:58516 216.211.191.9:53 216.211.191.9:53
icmp 192.168.5.1:1 192.168.5.2:1 4.2.2.2:1 4.2.2.2:1
udp 192.168.5.1:59507 192.168.5.2:59507 208.123.192.57:161 208.123.192.57:161
10-01-2011 12:22 PM
Well I can't explain it but after making that last post I figured I'd go back and remove my access-lists and change back to:
ip nat inside source list 1 interfave bvi1 overload BUT I left the pool config there and it worked
and it started working!!! I practically danced around like a small child. So, thanks for helping with ideas and showing me where to look. For the purpose of documentation here is my current functional config - Public Static IP, N
Building configuration...
Current configuration : 1268 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname NateHome
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$LKnD$3gaD/4pVo.zh92vX
enable password enpass
!
memory-size iomem 10
no aaa new-model
ip subnet-zero
ip cef
!
!
!
ip dhcp pool 0
network 192.168.5.0 255.255.255.0
dns-server 216.211.191.9
default-router 192.168.5.1
!
!
!
!
!
!
!
!
!
!
!
!
!
!
bridge irb
!
!
!
interface ATM0/0
no ip address
no ip route-cache cef
no ip route-cache
no atm ilmi-keepalive
dsl operating-mode auto
bridge-group 1
pvc 8/35
encapsulation aal5snap
!
!
interface Ethernet0/0
ip address 192.168.5.1 255.255.255.0
no ip redirects
ip nat inside
ip route-cache flow
no ip route-cache cef
no ip mroute-cache
half-duplex
no cdp enable
!
interface BVI1
ip address 225.177.180.116 255.255.255.0
ip nat outside
!
ip nat pool NAT1 192.168.5.1 192.168.5.254 prefix-length 24
!
ip nat inside source list 1 interface BVI1 overload
no ip http server
ip classless
no ip forward-protocol nd
ip forward-protocol spanning-tree
ip route 0.0.0.0 0.0.0.0 225.177.180.1
!
!
access-list 1 permit 192.168.5.0 0.0.0.255
!
bridge 1 protocol ieee
bridge 1 route ip
!
!
!
!
line con 0
line aux 0
line vty 0 4
password telpass
login
!
!
end
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide