Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1008
Views
0
Helpful
4
Replies

Cisco 1900 Series NAT issue - No DNS resolving, no web browsing

Go to solution
jobfactory
Level 1
Level 1

‎09-24-2019 12:45 AM

Dear all,

 

I'm struggling with getting my Cisco ISR 1921 to do proper NAT.

 

Setup:

Laptop > Cisco ISR 1921 int Gi0/0 > Dialer1 > EHWIC-3G-HSPA+7 (Cellular0/0/0)

 

I’m using NVI to do NAT.

 

I can ping 8.8.8.8 both from router and from laptop.

I can traceroute both from laptop and router:

 

e.g. tracert -d 131.152.228.33 (from laptop)

 

  1    <1 ms    <1 ms    <1 ms  192.168.123.1
  2    55 ms    57 ms    47 ms  192.168.42.255
  3    36 ms    36 ms    36 ms  192.168.42.201
…
 13    48 ms    47 ms    46 ms  130.59.39.73
 14    72 ms    47 ms    46 ms  192.43.192.197
 15    47 ms    46 ms    47 ms  131.152.231.241
 16     *        *        *     Zeitüberschreitung der Anforderung.
 17    54 ms    76 ms    58 ms  131.152.228.33

 

NVI translation seems to work:

 

sh ip nat nvi translations:

Pro Source global      Source local       Destin  local      Destin  global
udp 10.14.148.29:137   192.168.123.51:137 192.168.123.255:137 192.168.123.255:137
udp 10.14.148.29:138   192.168.123.51:138 192.168.123.255:138 192.168.123.255:138
udp 10.14.148.29:1081  192.168.123.51:5060 172.16.40.11:5060 172.16.40.11:5060
udp 10.14.148.29:49208 192.168.123.51:49208 195.186.216.33:53 195.186.216.33:53
udp 10.14.148.29:49266 192.168.123.51:49266 8.8.4.4:53       8.8.4.4:53
udp 10.14.148.29:49266 192.168.123.51:49266 8.8.8.8:53       8.8.8.8:53
udp 10.14.148.29:49266 192.168.123.51:49266 195.186.152.33:53 195.186.152.33:53
...


However, I can’t browse, and I can’t resolve DNS.

 

Please find below router config:

 

!
version 15.7
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service internal
hostname RT004_MOB
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
ip dhcp excluded-address 192.168.123.1 192.168.123.50
!
ip dhcp pool LAN
 import all
 network 192.168.123.0 255.255.255.0
 dns-server 8.8.4.4 8.8.8.8 195.186.152.33 195.186.216.33 
 default-router 192.168.123.1 
!
!
!
ip inspect WAAS flush-timeout 10
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
chat-script hspa-R7 "" "AT!SCACT=1,1" TIMEOUT 60 "OK"
!
!
license udi pid CISCO1921/K9 sn FCZ170792R6
!
!
archive
 path usbflash0:/backup/$h
 write-memory
 time-period 40320
username admin privilege 15
!
redundancy
 notification-timer 120000
!
!
controller Cellular 0/0
!
!
interface Embedded-Service-Engine0/0
 no ip address
 shutdown
!
interface GigabitEthernet0/0
 ip address 192.168.123.1 255.255.255.0
 ip nat enable
 ip virtual-reassembly in
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Cellular0/0/0
 description WWAN 3G Link
 ip address negotiated
 encapsulation slip
 dialer in-band
 dialer pool-member 1
 async mode interactive
 routing dynamic
!
interface Cellular0/0/1
 no ip address
 encapsulation slip
!
interface Dialer1
 ip address negotiated
 ip nat enable
 encapsulation slip
 dialer pool 1
 dialer idle-timeout 0
 dialer string hspa-R7
 dialer persistent delay initial 60
 dialer-group 1
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat source list 1 interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
!
dialer-list 1 protocol ip permit
dialer-list 1 protocol ipv6 permit
ipv6 ioam timestamp
!
!
access-list 1 permit any
!
control-plane
!
!
line con 0
line aux 0
line 2
 no activation-character
 no exec
 transport preferred none
 transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line 0/0/0
 exec-timeout 0 0
 script dialer hspa-R7
 modem InOut
 no exec
line 0/0/1
 no exec
line vty 0 4
 access-class 23 in
 privilege level 15
 login
 transport input telnet ssh
!
scheduler allocate 20000 1000
!
End

 

Any help appreciated.

 

Thanks,

Florian

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Georg Pauwen
VIP
VIP

‎09-24-2019 01:19 AM

Hello,

 

delete the previous access list:

 

no access-list 1

 

and change you access list 1 to:

 

access-list 1 permit 192.168.123.0 0.0.0.255

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Georg Pauwen
VIP
VIP

‎09-24-2019 01:19 AM

Hello,

 

delete the previous access list:

 

no access-list 1

 

and change you access list 1 to:

 

access-list 1 permit 192.168.123.0 0.0.0.255

0 Helpful

Go to solution
jobfactory
Level 1
Level 1
In response to Georg Pauwen

‎09-24-2019 01:39 AM - edited ‎09-24-2019 01:40 AM

Hi Georg,

Thank you very much, this resolved the issue!

Kind regards,

Florian

0 Helpful

Go to solution
paul driver
VIP
VIP

‎09-24-2019 01:29 AM - edited ‎09-24-2019 01:29 AM

Hello

Your nat looks fine for a sanity check can you try applying the following.

 

int celluar 0/0
ip tcp adjust-mss 1452

int dialer 1
ip mtu 1492

no access-list 1
access-list 1 permit 192.168.123.0 0.0.0.255

 

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Go to solution
jobfactory
Level 1
Level 1
In response to paul driver

‎09-24-2019 01:43 AM

Hi Paul,

I tested Georg's solution that is working fine.

Do you still suggest to adjust according to your recommendation?

Thanks,

Florian

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card