11-29-2012 04:31 PM - edited 03-04-2019 06:16 PM
Does anyone see any issues with this base configuration. For some reason NAT seems to be only partially working. My LAN user can use a browser to search web sites. However when they click on a website link the browser will not pull down the pages. NAT must be working to a certain level or they would not even be able to bring up google and search site at all. Thanks for any sugestion.
!
hostname WFNR1
!
boot-start-marker
boot-end-marker
!
no aaa new-model
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
!
!
ip cef
no ip dhcp use vrf connected
!
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool LOCAL
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
dns-server 199.19.167.2 199.19.167.3
!
!
no ip ips deny-action ips-interface
!
!
!
interface Loopback0
no ip address
!
interface GigaBitEthernet0/0
description LOCAL INTERFACE
ip address 10.10.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface GigabitEthernet0/1
description WAN INTERFACE
ip address 199.19.166.162 255.255.255.252
ip nat outside
ip route-cache flow
no cdp enable
duplex auto
speed auto
!
interface Async1
no ip address
!
ip classless
ip route 0.0.0.0 0.0.0.0 199.19.166.161
!
!
no ip http server
no ip http secure-server
ip nat inside source list NAT interface GigaBitEthernet0/1 overload
!
ip access-list extended NAT
permit ip 10.10.10.0 0.0.0.255 any
!
!
!
!
!
control-plane
!
11-29-2012 04:50 PM
This NAT configuration is enough for browsing to work
Check if there is some MTU issues or DNS resolution issues
You may need to sniff the packets to see what is going on
Raju
11-29-2012 05:19 PM
I should have mentioned that I have tried making adjustments with the mtu using a variety of sizes start at 1400 then incrementing 1410. 1420 1430 etc. Still no success. As far as DNS issues are you suggesting this could be an issue with the ISP. I have confirmed multiple time that these are the correct DNS values. Clients can ping the public address no problem and as stated they can perform google searches to find web sites however when the links are clicked they simple time out and not load. Can you suggest packet sniffer.
Finally though? As far as you can see is the config I am using look CORRECT?
many many many thanks
11-29-2012 05:31 PM
Hi Patrick
You have the right configs for NAT.
As mentioned eariler. if you sniff the packets for 1 or 2 minutes, it will help to narrow down the issue.
Raju
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide