02-27-2014 02:21 PM - edited 03-04-2019 10:28 PM
Hello Everyone,
Was wondering if someone could help me out, I have a Cisco C1700 doing nat/pat. since there is only one physical interface on it I have two subinterfaces setup, one thats the inside and one that is the outside and i have a 2950 that i have the main lan switch hooked up to and the cable modem hooked up to. it works pretty well but for some reason i can't access resources such as web pages and remote desktops on non-pingable client servers and networks. if i can ping the ip address i can access the resources for example, on two different domains (and ips of course) i have an exchange 2010 server setup. one of the domains is pingable, the other is not, on the one that is pingable i can access owa without a problem from within my network, but on the one that isn't, i can't access owa, when i know it is accessible becuase i can access it from another network. if i can provide anymore information let me know. below are the configs, thank you in advance for any help that ya'll can offer
ROUTER -
Building configuration...
Current configuration : 1622 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname rt1
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$7lQ/$5YK9785QnrUoczhF7EgQt1
!
no aaa new-model
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef
!
!
no ip dhcp use vrf connected
!
ip dhcp pool trtpool
network 192.168.176.0 255.255.255.0
domain-name xxxxxxx
dns-server X.X.X.X
default-router 192.168.176.254
!
!
ip name-server X.X.X.X
ip name-server X.X.X.X
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
username xxxxx secret 5 xxxxxxxxxxxxxxxxxxxxx
!
!
!
!
!
!
interface FastEthernet0
no ip address
speed auto
!
interface FastEthernet0.1
encapsulation dot1Q 2
ip address 192.168.176.254 255.255.255.0
ip nat inside
ip virtual-reassembly
no snmp trap link-status
!
interface FastEthernet0.2
encapsulation dot1Q 1 native
ip address X.X.X.X 255.255.255.252
ip nat outside
ip virtual-reassembly
no snmp trap link-status
!
interface Serial0
no ip address
shutdown
!
interface Serial1
no ip address
shutdown
!
ip classless
ip route 0.0.0.0 0.0.0.0 X.X.X.X
!
!
no ip http server
no ip http secure-server
ip nat pool trt X.X.X.X X.X.X.X prefix-length 30
ip nat inside source list 7 pool trt overload
ip nat inside source static tcp 192.168.176.241 3389 X.X.X.X 3389 extendable
!
access-list 7 permit any
!
!
control-plane
!
!
!
!
!
!
!
!
!
line con 0
login local
line aux 0
line vty 0 4
login local
line vty 5 15
login local
!
end
SWITCH -
Building configuration...
Current configuration : 1432 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname sw3
!
enable secret 5 $1$0jRd$8H/1x37e29qCOLGhr7d6V1
!
username xxxxxxxxx secret 5 xxxxxxxxxxxxxxxxxxxxxx
ip subnet-zero
!
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
!
!
interface FastEthernet0/1
switchport access vlan 2
!
interface FastEthernet0/2
switchport access vlan 2
!
interface FastEthernet0/3
switchport mode trunk
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
switchport mode trunk
spanning-tree vlan 1 cost 19
!
interface Vlan1
no ip address
no ip route-cache
shutdown
!
interface Vlan2
ip address 192.168.176.10 255.255.255.0
no ip route-cache
!
ip http server
!
line con 0
login local
line vty 0 4
login local
line vty 5 15
login local
!
!
end
02-27-2014 05:12 PM
Keegan,
I'd tighten up the acl that's used for identifying what's being natted. Try this:
no access-list 7
access-list 7 permit 192.168.176.0 0.0.0.255
Unless you're trying to nat out as a certain address, you don't need to use a pool. You could try:
ip nat inside source list 7 interfa f0/0.2 overload
HTH,
John
*** Please rate all useful posts ***
03-03-2014 09:01 AM
Yea, I left it like that to eliminate the ACL as a variable.
So you're saying that because I'm using a pool is the reason that its not working?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide