I recently bought a 3845 off ebay to replace my 3745
on my 3745 I used 3x NME-16ES-1G-p for intervlan routing and had the full ac+inline power setup so I was able to power my AP via POE without a injector (and one NM-1GE for connection to a D3 cable modem)
anyway using the same version of IOS I can't seem to get NAT to work, even thoguht the config is nearly the same
on the 3845 I don't have a need for the NM-1GE which was Gi 2/0 so on the 3845 gi0/0 is the wan interface
heres the ver and config
---------------------------------------
Cisco IOS Software, 3800 Software (C3845-ADVENTERPRISEK9-M), Version 12.4(25d),
RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Wed 18-Aug-10 09:04 by prod_rel_team
ROM: System Bootstrap, Version 12.4(13r)T11, RELEASE SOFTWARE (fc1)
RLH-Router uptime is 35 minutes
System returned to ROM by reload at 09:40:57 central Sun Dec 8 2013
System restarted at 09:49:09 central Sun Dec 8 2013
System image file is "flash:c3845-adventerprisek9-mz.124-25d.bin"
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
export@cisco.com.
Cisco 3845 (revision 1.0) with 991232K/57344K bytes of memory.
Processor board ID FTX1444A0XP
5 Gigabit Ethernet interfaces
3 terminal lines
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity enabled.
479K bytes of NVRAM.
125440K bytes of ATA System CompactFlash (Read/Write)
-------------------------------------------------------------------------------------------------------------------------------------------------------------------
!
! No configuration change since last restart
!
version 12.4
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname RLH_router
!
boot-start-marker
boot system flash:c3745-adventerprisek9-mz.124-25d.bin
boot-end-marker
!
no logging buffered
!
no aaa new-model
clock timezone central -6
clock summer-time -0500 recurring
ip cef
!
!
!
!
ip domain name RLH-domain.net
ip name-server 10.0.3.5
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
ipv6 unicast-routing
ipv6 cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
username rlh privilege 15 password 5 blabla
archive
log config
hidekeys
!
!
ip ftp username (leaving this out for now)
ip ftp password (leaving this out for now)
!
class-map match-all game (leaving this out for now)
match access-group 101 (leaving this out for now)
class-map match-any Xbox360 (leaving this out for now)
match ip dscp ef (leaving this out for now)
!
!
policy-map game (leaving this out for now)
class game (leaving this out for now)
set ip dscp ef (leaving this out for now)
policy-map Xbox360 (leaving this out for now)
class Xbox360 (leaving this out for now)
bandwidth 1024 (leaving this out for now)
!
!
!
!
!
!
interface Tunnel0
description Hurricane Electric IPv6 Tunnel Broker
bandwidth 30000
no ip address
ipv6 address 2001:ZZZZ:1F0E:2::2/64
ipv6 enable
ipv6 traffic-filter Internet in
ipv6 ospf 1 area 0
keepalive 10 3
tunnel source 75.x.y.33
tunnel destination 216.218.224.42
tunnel mode ipv6ip
tunnel checksum
!
interface FastEthernet0/0 (won't exist on 3845)
no ip address
shutdown
speed auto
full-duplex
!
interface FastEthernet0/1 (won't exist on 3845)
no ip address
shutdown
duplex auto
speed 100
!
interface GigabitEthernet1/0
description Link to NME-16ES-1G-p
ip address 10.255.255.1 255.255.255.252
ip nat inside
ip virtual-reassembly
ipv6 address 2001:470:B801:FFFF::/127
ipv6 ospf 1 area 0
!
interface GigabitEthernet2/0 (moving this config to GI 0/0 and the NM-1GE won't be needed and I plan to put an etherswitch here)
description Link to Comcast
bandwidth 76000
ip address 75.x.y.35 255.255.255.248 secondary
ip address 75.x.y.36 255.255.255.248 secondary
ip address 75.x.y.37 255.255.255.248 secondary
ip address 75.x.y.33 255.255.255.248
ip access-group 110 in (holding off till all's working)
ip nat outside
ip virtual-reassembly
negotiation auto
!
interface GigabitEthernet3/0
description Link to NME-16ES-1G-p (number 3)
ip address 10.255.255.9 255.255.255.252
ip nat inside
ip virtual-reassembly
ipv6 address 2001:470:B801:FFFF::4/127
ipv6 ospf 1 area 0
!
interface GigabitEthernet4/0
description Link to NME-16ES-1G-p (number 4)
ip address 10.255.255.13 255.255.255.252
ip nat inside
ip virtual-reassembly
ipv6 address 2001:470:B801:FFFF::6/127
ipv6 ospf 1 area 0
!
router eigrp 1
redistribute static
network 10.255.255.0 0.0.0.3
network 10.255.255.4 0.0.0.3
network 10.255.255.8 0.0.0.3
network 10.255.255.12 0.0.0.3
auto-summary
!
no ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 75.x.y.38
!
!
no ip http server
ip http port 1025
ip http authentication local
no ip http secure-server
ip nat translation timeout 2
ip nat pool RLH1 75.x.y.35 75.x.y.35 netmask 255.255.255.248
ip nat pool RLH2 75.x.y.36 75.x.y.36 netmask 255.255.255.248
ip nat pool RLH3 75.x.y.37 75.x.y.37 netmask 255.255.255.248
ip nat inside source list 1 pool RLH1 overload
ip nat inside source list 2 pool RLH2 overload
ip nat inside source list 3 pool RLH3 overload
(leaving out static NAT translations till things are working, deleting this part so I don't have to filter it, leaving one here as an example of how I have them0
ip nat inside source static udp 10.0.3.10 27178 75.x.y.36 27178 extendable
!
access-list 1 permit 10.0.2.0 0.0.0.255
access-list 1 deny any
access-list 2 permit 10.0.3.0 0.0.0.255
access-list 2 deny any
access-list 3 permit 10.0.4.0 0.0.0.255
access-list 3 deny any
access-list 4 permit 10.255.255.0 0.0.0.3
access-list 4 deny any
access-list 50 permit 10.0.0.0 0.0.0.255
access-list 50 deny any
access-list 101 permit ip host 10.0.3.11 any
access-list 101 deny ip any any
(Holding ACL 110 till things work so deleting it from this post)
snmp-server community (edited) RW
ipv6 route ::/0 Tunnel0
ipv6 router ospf 1
(IPv6 is working so I'm editing this part out)
!
!
!
!
ipv6 access-list Internet
!
ipv6 access-list VTY (IPv6 is working so I'm editing this part out)
sequence 40 permit tcp 2001:470:B801::/48 any
permit udp 2001:470:B801::/48 any
deny ipv6 any any
!
control-plane
!
!
!
!
!
!
!
!
!
banner motd Keep Out
!
line con 0
speed 19200 (not putting this line in yet)
line 33
exec-timeout 0 0
no activation-character
no exec
transport preferred none
transport input all
transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
line 97
no activation-character
no exec
transport preferred none
transport input all
transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
line 129
no activation-character
no exec
transport preferred none
transport input all
transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
line aux 0
line vty 0 4
exec-timeout 0 0
ipv6 access-class VTY in
login local
telnet refuse-negotiations
line vty 5 15
exec-timeout 0 0
ipv6 access-class VTY in
login local
telnet refuse-negotiations
!
ntp clock-period 17179186
ntp master 2
ntp server 128.138.140.44
ntp server 207.200.81.113
ntp server 132.163.4.101
ntp server 132.163.4.102
ntp server 132.163.4.103
ntp server 201.155.229.129
ntp server 131.107.1.10
ntp server 69.25.96.13
ntp server 207.126.98.204
ntp server 129.6.15.29
ntp server 129.6.15.28
ntp server 216.200.93.8
ntp server 64.236.96.53
ntp server 208.184.49.9
ntp server 68.216.79.113
!
end
----------------------------------------------------------------------------------
Please help.
