Solved: 4321 Nat problem

Triode · ‎03-09-2019

Hello everyone.

I've recently got a 4321 router and tried to test it out in the lab with a simple NAT config. Although both the router and the hosts inside the NAT are able to ping the internet (eg. 1.1.1.1 or 8.8.8.8) other network services such as DNS name resolution or HTTP navigation either by domain name or direct IP won't work.

Is there any command I'm missing?

Current configuration : 1654 bytes
!
! Last configuration change at 07:52:40 UTC Sat Mar 9 2019
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
no platform punt-keepalive disable-kernel-core
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
!
no aaa new-model
!
!
!
!
!
!
!
!
!
!
!

ip dhcp excluded-address 192.168.99.1 192.168.99.10
!
ip dhcp pool DHCPPOOL
network 192.168.99.0 255.255.255.0
default-router 192.168.99.1
dns-server 1.1.1.1
domain-name NAT
!
!
!
!
!
!
!
!
!
!
subscriber templating
multilink bundle-name authenticated
!
!
!
!
!
spanning-tree extend system-id
!
!
redundancy
mode none
!
!
vlan internal allocation policy ascending
!
!
!
!
!
!
interface GigabitEthernet0/0/0
ip address 192.168.0.5 255.255.255.0
ip nat outside
negotiation auto
!
interface GigabitEthernet0/0/1
ip address 192.168.99.1 255.255.255.0
ip nat inside
negotiation auto
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
no ip address
negotiation auto
!
interface Vlan1
no ip address
shutdown
!
ip nat pool NATPOOL 192.168.0.5 192.168.0.5 netmask 255.255.255.0
ip nat inside source list 1 pool NATPOOL overload
ip forward-protocol nd
no ip http server
no ip http secure-server
ip tftp source-interface GigabitEthernet0/0/0
ip route 0.0.0.0 0.0.0.0 192.168.0.1
!
!
access-list 1 permit 192.168.99.0 0.0.0.255
!
!
!
control-plane
!
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
ntp server pool.ntp.org
!
end

paul driver · ‎03-09-2019

Hello
Looks like your already receiving a private addressing meaning upstream from your rtr is a device performing network translation already, which isn't a problem but you need to specify correct dns servers or you can set the rtr to use the upstream dhcp settings if that's applicable

example1:
ip dhcp pool DHCPPOOL
network 192.168.99.0 255.255.255.0
default-router 192.168.99.1
dns-server 1.1.1.1
domain-name NAT
dns-server 208.67.220.220 208.67.222.222 <-- these are cisco public umbrella dns servers ( highly recommended to use)

example2
ip nat pool NATPOOL 192.168.0.5 192.168.0.5 netmask 255.255.255.0
ip nat inside source list 1 pool NATPOOL overload
ip route 0.0.0.0 0.0.0.0 192.168.0.

interface GigabitEthernet0/0/0
ip address dhcp

ip dhcp pool DHCPPOOL
network 192.168.99.0 255.255.255.0
default-router 192.168.99.1
~~dns-server 1.1.1.1~~
~~domain-name NAT~~
import-all
ip route 0.0.0.0 0.0.0.0 gig0/0 dhcp

ip nat source list 1 interface gig0/0

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

Georg Pauwen · ‎03-09-2019

Hello,

you seem to be using private space addressing for your external (NAT outside) interface, what else is in between the 4331 and the Internet, a modem ?

Try and change your DHCP pool to:

ip dhcp pool DHCPPOOL
network 192.168.99.0 255.255.255.0
default-router 192.168.99.1
dns-server 8.8.8.8 8.8.4.4
--> no domain-name NAT

Deepak Kumar · ‎03-09-2019

Hi,

Your DHCP configuration seems not correct as:

ip dhcp pool DHCPPOOL
network 192.168.99.0 255.255.255.0
default-router 192.168.99.1
dns-server 1.1.1.1 8.8.8.8
no domain-name NAT

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

paul driver · ‎03-09-2019

Hello
Looks like your already receiving a private addressing meaning upstream from your rtr is a device performing network translation already, which isn't a problem but you need to specify correct dns servers or you can set the rtr to use the upstream dhcp settings if that's applicable

example1:
ip dhcp pool DHCPPOOL
network 192.168.99.0 255.255.255.0
default-router 192.168.99.1
dns-server 1.1.1.1
domain-name NAT
dns-server 208.67.220.220 208.67.222.222 <-- these are cisco public umbrella dns servers ( highly recommended to use)

example2
ip nat pool NATPOOL 192.168.0.5 192.168.0.5 netmask 255.255.255.0
ip nat inside source list 1 pool NATPOOL overload
ip route 0.0.0.0 0.0.0.0 192.168.0.

interface GigabitEthernet0/0/0
ip address dhcp

ip dhcp pool DHCPPOOL
network 192.168.99.0 255.255.255.0
default-router 192.168.99.1
~~dns-server 1.1.1.1~~
~~domain-name NAT~~
import-all
ip route 0.0.0.0 0.0.0.0 gig0/0 dhcp

ip nat source list 1 interface gig0/0

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Triode · ‎03-09-2019

Thanks, the example 2 worked perfecly.

Although I still find weird the fact that the first config didn't work when the settings the router retrieved from the DHCP server are pretty much the same I was assigning manually.

Best regards.