03-15-2019 08:41 AM
With "no ip cef" NAT does work properly.
cisco.k259#sho run
Building configuration...
Current configuration : 8031 bytes
!
! Last configuration change at 20:02:03 GMT Fri Mar 15 2019 by atest
! NVRAM config last updated at 20:00:34 GMT Fri Mar 15 2019 by atest
!
version 15.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service internal
!
hostname cisco.k259
!
boot-start-marker
boot-end-marker
!
!
logging discriminator FAN-FAIL severity drops 3 facility drops FAN mnemonics drops FAN_FAILED
logging buffered discriminator FAN-FAIL
no logging console
logging monitor discriminator FAN-FAIL
enable secret 5 $1$WSti$mDMsh6sXY2iguEI/Mchiy1
enable password xxxxxxxx_
!
no aaa new-model
memory-size iomem 10
clock timezone GMT 5 0
!
crypto pki trustpoint TP-self-signed-3690135629
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3690135629
revocation-check none
rsakeypair TP-self-signed-3690135629
!
!
crypto pki certificate chain TP-self-signed-3690135629
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
quit
!
!
!
!
ip dhcp excluded-address 192.168.0.1 192.168.0.7
!
ip dhcp pool k259
import all
network 192.168.0.0 255.255.255.0
default-router 192.168.0.1
domain-name k259
dns-server 192.168.0.12 8.8.8.8
lease 0 2
!
!
!
ip domain name k259
ip name-server 192.168.0.12
ip name-server 8.8.8.8
ip inspect WAAS flush-timeout 10
no ip cef
no ipv6 cef
!
!
vpdn enable
!
vpdn-group PPTP_CLIENT
description Rostelecom ISP
request-dialin
protocol pptp
pool-member 1
initiate-to ip 10.0.0.1
!
cts logging verbose
license udi pid CISCO881W-GN-E-K9 sn FCZ164190LZ
!
!
username atest privilege 15 secret 4 6in4Lru2ZZ8N8cUij4q7JvPlkL..hsURCkjm.d4NOR2
!
!
!
!
no cdp run
!
!
!
!
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface FastEthernet4
ip address 10.0.47.132 255.255.255.0
ip flow ingress
ip flow egress
duplex auto
speed auto
!
interface wlan-ap0
description Service module interface to manage the embedded AP
ip address 10.10.11.1 255.255.255.0
arp timeout 0
!
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
no ip address
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
ip address 192.168.0.5 255.255.255.0 secondary
ip address 192.168.0.3 255.255.255.0
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
!
interface Dialer0
description $ETH-WAN$
mtu 1450
ip address negotiated
ip flow ingress
ip flow egress
ip nat outside
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1410
shutdown
dialer pool 1
dialer idle-timeout 0
dialer string 123
dialer persistent
dialer vpdn
ppp authentication ms-chap-v2 callin
ppp chap hostname 90.157.26.245
ppp chap password 0 xxxxxxxxx
no cdp enable
!
ip forward-protocol nd
ip http server
ip http access-class 23
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip http path flash:
!
no ip ftp passive
ip dns server
ip nat translation max-entries all-host 400
ip nat inside source static tcp 192.168.0.12 3389 interface Dialer0 3389
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source list 101 interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0 3
ip route 10.0.0.1 255.255.255.255 10.0.47.1
ip route 10.10.11.0 255.255.255.0 wlan-ap0
!
dialer-list 1 protocol ip permit
!
snmp-server community k259 RO
access-list 1 remark internet
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 23 remark CCP_ACL Category=17
access-list 23 permit 10.10.10.0 0.0.0.7
access-list 23 permit 192.168.0.0 0.0.0.15
access-list 101 remark internet2
access-list 101 remark CCP_ACL Category=2
access-list 101 remark test 2
access-list 101 permit ip 192.168.0.0 0.0.0.255 any
!
vstack
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------
^C
banner login ^C
-----------------------------------------------------------------------
Cisco Configuration Professional (Cisco CP) is installed on this device.
^C
!
line con 0
login local
no modem enable
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
line vty 0 4
access-class 23 in
privilege level 15
password xxxxxxxx
login local
transport input telnet ssh
!
ntp master
ntp update-calendar
ntp server ntp2.stratum2.ru
!
end
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide