There are two techniques. One is the one you found. The other use a BVI interface and is more common in configuration examples.

Thanks for the reply. I am now having a problem with PAT! Would you be able to help with this - or should I start a new thread? The NAT/PAT below looks OK to me - but no joy. The router can get out to the internet it just isn't translating inside packets to get outside ie a PC with IP 192.168.2.8 with gateway 192.168.2.1. NB I have not set the wireless up yet.

!

no ip routing

no ip cef

no ip dhcp use vrf connected

ip dhcp excluded-address 192.168.2.1 192.168.2.9

ip dhcp excluded-address 192.168.2.51 192.168.2.254

!

ip dhcp pool sdm-pool1

network 192.168.2.0 255.255.255.0

dns-server xxxxxxxxx

default-router 192.168.2.1

!

!

ip auth-proxy max-nodata-conns 3

ip admission max-nodata-conns 3

!

archive

log config

hidekeys

!

bridge irb

!

interface ATM0

no ip address

no ip route-cache

no atm ilmi-keepalive

dsl operating-mode auto

!

interface ATM0.1 point-to-point

ip address xxxxxxxxx 255.255.255.0

ip nat outside

ip virtual-reassembly

no ip route-cache

atm route-bridged ip

pvc 0/35

encapsulation aal5snap

!

!

interface FastEthernet0

!

interface FastEthernet1

!

interface FastEthernet2

!

interface FastEthernet3

!

interface Dot11Radio0

no ip address

no ip route-cache

shutdown

speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0

station-role root

!

interface Vlan1

no ip address

no ip route-cache

bridge-group 8

!

interface BVI8

ip address 192.168.2.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 xxxxxxxxxx

!

ip http server

no ip http secure-server

ip nat inside source list 1 interface ATM0.1 overload

!

access-list 1 remark INSIDE_IF=Vlan1

access-list 1 remark SDM_ACL Category=2

access-list 1 permit 192.168.2.0 0.0.0.255

!

control-plane

!

bridge 8 protocol ieee

bridge 8 route ip

Seems fine to me. I would set "ip route cache" back on the other hand that cannot be causing the problem.

Take a traceroute from the PC and check that too.

Cheers. I'll see what that comes up with. Can't try until tommorow unfortunately.

Tried a tracert. I can ping and trace from a PC to the outside ATM interface, but I cannot trace to anything else. The dsl gateway times out from a PC - even though the router can ping it no problem.

I am a bit stumped! Any ideas?

Please send "show ip nat translations" when pinging from PC.

Also, xxxx in ip route 0.0.0.0 0.0.0.0, is that the IP address of the default GW, same that you're pinging ?

DAN,

I would know that you are trying to connect to your ISP with "route mode" or "bridge mode"

If you're trying to use the bridge mode then I haven't seen the bridge group mapping on the ATM interface.Let's ask your ISP to make life a bit easy.

HTH

Thot

Thot,

he has "atm route-bridged ip" and can ping from router. Likely an issue with the PC.

Thanks - I think I just lost a whole post so hopefully this isn't a repeat.

Yes, it looks likely to be a problem behind the router. I can ping the gateway (yes that is the xxxx in the route). I can also ping outside the gateway. I can also ping the ATM interface from another router on a different external network.

I'll try the show ip nat translations when pinging. When I looked at it previously everything was still 0. I tried debug ip nat - but didn't get anything.

I'll try tommorow (I'm in the UK and the router is in the US)

Thanks for your help.

Dan

Yes it looks like it isn't translating anything.

The sh ip nat translations list is blank (no entries) and the sh ip nat statistics is all zeros.

I'll try and recreate the nat and see if it does anything.

I rebuilt the NAT on VLAN1. The entire config is below. Still no translations taking place from inside to outside.

Where can I go from here? May have to admit defeat and raise a TAC!

!version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname xxxxxx

!

boot-start-marker

boot-end-marker

!

logging buffered 4096

enable secret 5 $xxxx

enable password xxxxxx

!

no aaa new-model

!

!

no ip routing

no ip cef

no ip dhcp use vrf connected

ip dhcp excluded-address 192.168.2.1 192.168.2.9

ip dhcp excluded-address 192.168.2.51 192.168.2.254

!

ip dhcp pool sdm-pool1

network 192.168.2.0 255.255.255.0

dns-server 71.x.x.12

default-router 192.168.2.1

!

!

ip auth-proxy max-nodata-conns 3

ip admission max-nodata-conns 3

!

!

!

!

!

archive

log config

hidekeys

!

!

!

!

!

interface ATM0

no ip address

no ip route-cache

no atm ilmi-keepalive

dsl operating-mode auto

!

interface ATM0.1 point-to-point

ip address xxxxxx 255.255.255.0

ip nat outside

ip virtual-reassembly

no ip route-cache

atm route-bridged ip

pvc 0/35

encapsulation aal5snap

!

!

interface FastEthernet0

!

interface FastEthernet1

!

interface FastEthernet2

!

interface FastEthernet3

!

interface Dot11Radio0

no ip address

no ip route-cache

shutdown

speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0

station-role root

!

interface Vlan1

ip address 192.168.2.1 255.255.255.0

ip nat inside

ip virtual-reassembly

no ip route-cache

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 xxxxxx

!

ip http server

no ip http secure-server

ip nat inside source list 1 interface ATM0.1 overload

!

access-list 1 remark SDM_ACL Category=2

access-list 1 permit 192.168.2.0 0.0.0.255

!

!

!

control-plane

!

!

line con 0

no modem enable

line aux 0

line vty 0 4

password xxxxxxx

login

!

scheduler max-task-time 5000

end

Thanks p.bevilacqua . That sorted it! Still am confused though!

1) I thought IOS had routing turned on by default?

2) If it was needed why didn't the SDM turn it on?

3) If there is a default gateway I didn't think ip routing was needed?

Anyway, thanks very much for your help. Much appreciated.

Dan