cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
763
Views
0
Helpful
8
Replies

Cisco 1920 Lan to Wan

Stevec01382
Level 1
Level 1

Hi 

 

Struggling with why the internal lan is not able to see the want using the config below, i know its going to be simple but just cant see it.

 

Any help would be appreciated.

 

thanks

 

steven

 


boot-start-marker
boot-end-marker
!
!
no logging buffered
!
no aaa new-model
bsd-client server url https://cloudsso.cisco.com/as/token.oauth2
!
!
!
!
!
!
!
!
!
ip dhcp excluded-address 172.16.100.1 172.16.100.99
ip dhcp excluded-address 172.16.100.201 172.16.100.254
!
ip dhcp pool ccp-pool1
 network 172.16.100.0 255.255.255.0
 dns-server 172.16.100.1 
 default-router 172.16.100.1 
!
!
!
ip name-server 8.8.8.8
ip name-server 8.8.4.4
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
cts logging verbose
!
!
license udi pid CISCO1921/K9 sn FCZ190670EG
!
!
username steven privilege 15 secret 5 $1$/SVo$wRKprToIpSH/ZZy/8kzHo.
!
redundancy
!
!
!
!
!
controller VDSL 0/0/0
!

!
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
 no ip address
 shutdown
!
interface GigabitEthernet0/0
 description $ETH-LAN$
 ip address 172.16.100.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 description $ETH-WAN$
 ip address 59.39.181.28 255.255.255.248
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto
!
interface ATM0/0/0
 no ip address
 shutdown
 no atm ilmi-keepalive
!
interface Ethernet0/0/0
 no ip address
 shutdown
!
ip forward-protocol nd
!
ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 1 interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 59.39.181.25
!
!

access-list 1 permit 172.16.100.0 0.0.0.255
!
control-plane
!
!
!
line con 0
line aux 0
line 2
 no activation-character
 no exec
 transport preferred none
 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line vty 0 4
 privilege level 15
 login local
 transport input telnet ssh
 transport output telnet ssh
line vty 5 15
 privilege level 15
 login local
 transport input telnet
 transport output telnet ssh
!
scheduler allocate 20000 1000
!
end

8 Replies 8

thiland
Level 3
Level 3

This seems to be a typo where you're telling the router change the source IP to your LAN interface IP.  Guessing you want it to be your WAN IP.

This:

ip nat inside source list 1 interface GigabitEthernet0/0 overload

 

Should be:

ip nat inside source list 1 interface GigabitEthernet0/1 overload

Sorry my bad i changed the LAN and the WAN before posting the completed file.

Its set correctly but still not working...

Hi Steve,

 

As Thiland said place that new NAT, make sure to delete this line:

 

no ip nat inside source list 1 interface GigabitEthernet0/0 overload

 

Then clear the NAT translations:

 

clear ip nat translations

 

Make sure that you are able to access internet through the Oitside interface:

ping 4.2.2.2 source gig 0/1

 

If that works try now to access from inside hosts anything on the outside, and make sure they are being translated:

 show ip nat translations

-----------------------------------------------------------------------------------------------------------------------

Procced to rate and mark as correct the helpful Post!

 

David Castro,

 

Regards,

Still the same its now annoying me....

 

ping 8.8.8.8 or 4.2.2.2 works fine just cant get out form the LAN

Hi Steve,

 

I have a couple of questions:

 

ip route 0.0.0.0 0.0.0.0 59.39.181.25 -> Is this the next hop IP address?

 

Are you able to source a ping from the LAN or from a internal physical host coming from the internal interface? is it successful? if it is you may check the DNS resolution, it is not you should do a trace route to see where the packet might be getting dropped.

 

Attach it here so we can define what the issue may be.

 

David castro,


Regards,

Hi David,

 

Yes it is the next hop address

 

I cannot ping outside the network from inside, but can ping the cisco interface.

 

Pinging my extrenal mail server from the router works.

 

Trace route stops at the router. source IP is 172.16.100.100 255.255.255.0

 

Sorry cant paste the mahcines in china.

 

thanks

 

 

 

OK this is now bizzare, after the ping test to check the interface all is now working.

 

Never have i seen this before!
 

Hi Steve,

 

I understand sometimes a router may take a while to bring up the translations for the NAT, so the issue may be on the router side or the next hop processing those packets.

 

Please proceed to rate all the helpful posts!

 

David Castro,

 

Regards,

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: