04-18-2015 10:30 AM - edited 03-05-2019 01:16 AM
Hi
Struggling with why the internal lan is not able to see the want using the config below, i know its going to be simple but just cant see it.
Any help would be appreciated.
thanks
steven
boot-start-marker
boot-end-marker
!
!
no logging buffered
!
no aaa new-model
bsd-client server url https://cloudsso.cisco.com/as/token.oauth2
!
!
!
!
!
!
!
!
!
ip dhcp excluded-address 172.16.100.1 172.16.100.99
ip dhcp excluded-address 172.16.100.201 172.16.100.254
!
ip dhcp pool ccp-pool1
network 172.16.100.0 255.255.255.0
dns-server 172.16.100.1
default-router 172.16.100.1
!
!
!
ip name-server 8.8.8.8
ip name-server 8.8.4.4
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
cts logging verbose
!
!
license udi pid CISCO1921/K9 sn FCZ190670EG
!
!
username steven privilege 15 secret 5 $1$/SVo$wRKprToIpSH/ZZy/8kzHo.
!
redundancy
!
!
!
!
!
controller VDSL 0/0/0
!
!
!
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description $ETH-LAN$
ip address 172.16.100.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
description $ETH-WAN$
ip address 59.39.181.28 255.255.255.248
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface ATM0/0/0
no ip address
shutdown
no atm ilmi-keepalive
!
interface Ethernet0/0/0
no ip address
shutdown
!
ip forward-protocol nd
!
ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 1 interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 59.39.181.25
!
!
access-list 1 permit 172.16.100.0 0.0.0.255
!
control-plane
!
!
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
privilege level 15
login local
transport input telnet ssh
transport output telnet ssh
line vty 5 15
privilege level 15
login local
transport input telnet
transport output telnet ssh
!
scheduler allocate 20000 1000
!
end
04-20-2015 09:01 AM
This seems to be a typo where you're telling the router change the source IP to your LAN interface IP. Guessing you want it to be your WAN IP.
This:
ip nat inside source list 1 interface GigabitEthernet0/0 overload
Should be:
ip nat inside source list 1 interface GigabitEthernet0/1 overload
04-20-2015 09:31 AM
Sorry my bad i changed the LAN and the WAN before posting the completed file.
Its set correctly but still not working...
04-20-2015 11:30 AM
Hi Steve,
As Thiland said place that new NAT, make sure to delete this line:
no ip nat inside source list 1 interface GigabitEthernet0/0 overload
Then clear the NAT translations:
clear ip nat translations
Make sure that you are able to access internet through the Oitside interface:
ping 4.2.2.2 source gig 0/1
If that works try now to access from inside hosts anything on the outside, and make sure they are being translated:
show ip nat translations
-----------------------------------------------------------------------------------------------------------------------
Procced to rate and mark as correct the helpful Post!
David Castro,
Regards,
04-21-2015 03:38 AM
Still the same its now annoying me....
ping 8.8.8.8 or 4.2.2.2 works fine just cant get out form the LAN
04-21-2015 05:23 AM
Hi Steve,
I have a couple of questions:
ip route 0.0.0.0 0.0.0.0 59.39.181.25 -> Is this the next hop IP address?
Are you able to source a ping from the LAN or from a internal physical host coming from the internal interface? is it successful? if it is you may check the DNS resolution, it is not you should do a trace route to see where the packet might be getting dropped.
Attach it here so we can define what the issue may be.
David castro,
Regards,
04-21-2015 05:48 AM
Hi David,
Yes it is the next hop address
I cannot ping outside the network from inside, but can ping the cisco interface.
Pinging my extrenal mail server from the router works.
Trace route stops at the router. source IP is 172.16.100.100 255.255.255.0
Sorry cant paste the mahcines in china.
thanks
04-21-2015 06:02 AM
OK this is now bizzare, after the ping test to check the interface all is now working.
Never have i seen this before!
04-21-2015 08:25 AM
Hi Steve,
I understand sometimes a router may take a while to bring up the translations for the NAT, so the issue may be on the router side or the next hop processing those packets.
Please proceed to rate all the helpful posts!
David Castro,
Regards,
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: