cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4003
Views
10
Helpful
6
Replies

Cannot translate private to public IP address using NAT configuration for internet access

edryanalburo1
Level 1
Level 1

branch.jpg

Equipments:

1. I have 5 workstations with 2 servers but the backup server (black) is shut down intentionally.

2. I have 1 cisco gigabit unmanaged 8 port switch and 1 cisco 1941 vpn router.

Scenario:

The cisco 1941 vpn router is configured for IPVPN connection to other branches.

Challenge:

1. Configure NAT to enable the 5 workstations to be connected to the internet thru the router to the ISP.

2. Configure NAT to enable the server to be accessed from outside using the public IP address provided by the ISP.

Workstation Settings: (sample workstation)

IP Address: 10.71.5.3

Subnet mask: 255.255.255.0

Default GW: 10.71.5.1

Cisco 1941 VPN Router settings:

GE0/0 : 10.71.5.1

GE0/1 : 24.6.18.222

Serial : 192.168.15.2

IP Route: 192.168.15.1 (configured thru CLI)

ISP settings from modem router with wifi:

Public IP: 24.6.18.221 (WAN IP Address)

Default GW: 24.6.18.1

Device IP Address : 10.71.5.100 255.255.255.0 (dhcp on wifi)

NAT configuration: (I have configured the following)

int ge0/0

ip nat inside

int ge0/1

ip nat outside

ip access-list INTERNET_ACCESS

permit 10.71.5.0 0.0.0.255

ip nat inside source list INTERNET_ACCESS interface ge0/1 overload

ip nat inside source static 10.71.5.2 interface ge0/1

Actual Configuration: (the above commands were removed because it wasn't working)

Building configuration...

Current configuration : 1887 bytes

!

! Last configuration change at 03:46:50 UTC Sat May 5 2012

! NVRAM config last updated at 03:50:52 UTC Sat May 5 2012

! NVRAM config last updated at 03:50:52 UTC Sat May 5 2012

version 15.1

service config

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname Test

!

boot-start-marker

boot-end-marker

!

!

enable password ********************

!

no aaa new-model

!

no ipv6 cef

ip source-route

ip cef

!

!

!

!

!

multilink bundle-name authenticated

!

crypto pki token default removal timeout 0

!

!

license udi pid CISCO1941/K9

!

!

!

!

!

!

!

!

interface Embedded-Service-Engine0/0

no ip address

shutdown

!

interface GigabitEthernet0/0

description LINE TO SWITCH

ip address 10.71.5.1 255.255.255.0

duplex full

speed 1000

!

interface GigabitEthernet0/1

description LINE TO INTERNET

ip address 24.6.18.222 255.255.255.254

no ip address

duplex full

speed auto

!

interface Serial0/0/0

no ip address

encapsulation frame-relay IETF

frame-relay lmi-type ansi

!

interface Serial0/0/0.1 point-to-point

ip address 192.168.15.2 255.255.255.252

frame-relay interface-dlci 45

!

interface Serial0/0/1

no ip address

shutdown

clock rate 2000000

!

ip forward-protocol nd

!

no ip http server

no ip http secure-server

!

ip route 0.0.0.0 0.0.0.0 192.168.15.1

!

!

!

!

control-plane

!

!

line con 0

password ***************

login

line aux 0

password ***************

login

line 2

no activation-character

no exec

transport preferred none

transport input all

transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

stopbits 1

line vty 0 4

exec-timeout 0 0

password ********************

logging synchronous

login

transport input all

!

scheduler allocate 20000 1000

end

Verification:

1. I can ping other pc on 10.71.5.0/24 network.

2. When I typed in the ISP's public ip address on the browser, i got into the modem user interface for configuration.

Problem:

1. I still can't connect to the internet. When i do tracert, it stops on the 192.168.15.1 hop and didnt continue. This shouldn't be the case since i want to connect using the GE0/1 outside port for the internet.

Guyz, please help. Thank you.

(NOTE: IP addresses are not the actual addresses.)

6 Replies 6

edryanalburo1
Level 1
Level 1

When I was configuraing NAT (which doesn't work), the NVI0 interface appears with ip address assigned same with the router. is this necessary? how can i remove this interface?

2. When I typed in the ISP's public ip address on the browser, i got into the modem user interface for configuration.

^ this should be pointed into the web server based on my nat configuration..

Please help guys. Im trying my best. Hope someone can guide me on this. Thanks in advance.