Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5524
Views
0
Helpful
11
Replies

Cisco 1941 Router- IP nat

Go to solution
spaseman.spiff
Level 1
Level 1

‎02-02-2012 07:45 AM - edited ‎03-04-2019 03:06 PM

I'm noticing in several other engineers' network configurations, that the ' ip nat ' for g0/0 is always set to ' outside '. The ' ip nat ' for my g0/0 int, is currently set to ' inside ' because its a LAN connection, and the ' ip nat ' for my g0/1 int is set to ' outside ', because its a wireless connection.

Do I have my ' ip nat ' configurations backwards, or set incorrectly in my router?? If so, could someone please explain why?

Thanks

- Joey

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
swordcrowned
Level 1
Level 1
In response to swordcrowned

‎02-03-2012 08:13 AM

Joey,

NAT looks like it is configured correctly.  Are you having any issues?

Edit:  Why are you using the route-map to configure NAT?  I may be wrong, but I think you should configure a separate access list.

Bryan

P.S.

For future reference, you should X out ur password "7" keystrings, as they take only a simple google search (or in my case, a simple Ipad App) decode.

View solution in original post

0 Helpful

Go to solution
swordcrowned
Level 1
Level 1
In response to spaseman.spiff

‎02-03-2012 11:05 AM

Joey,

No problem.  I hope this helped you outl  Just for saftey sake(and frankly, my lack of understanding) I would just create a separate access-list and attach that to the "ip nat source ###" command.  As for the password "7".  When you posted your config, all of the password commands listed under the line commands for "con" and "vty" are easily decrypted.  Just a future reference for you if you need to post a config online like you did here.  As an example:

line con 0

exec-timeout 0 0

password 7

logging synchronous

login local

line aux 0

Replace:

password 7

with:

password 7 xxxxxxxxxxxxxxxxxxxx

Just a heads up for the future.  And I would change your password that you have already configured.

Also, if its not too much of a bother, please mark this question as answered.  Thank you.

Bryan

View solution in original post

0 Helpful
11 Replies 11

Go to solution
swordcrowned
Level 1
Level 1

‎02-02-2012 08:16 AM

Joey,

NAT is for translating private addresses into the public addresses.  The "inside" will be for the interfaces connected to the local interfaces with the private addresses.  The "outside" will be for the interface connected to a public address.  Check out the link below for more information on NAT.

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094831.shtml

0 Helpful

Go to solution
spaseman.spiff
Level 1
Level 1
In response to swordcrowned

‎02-02-2012 08:26 AM

Bryan -

Thanks for the response. The link was helpful.

So, in my case, I was correct with my configuration(s), seeing as g0/0 is my LAN ( the local 'inside' network ), so ip nat being set to inside was correct, and g0/1 being my wireless ( to the ' outside ' world ), the ip nat being set to outside is correct.

Thanks.

- Joey

0 Helpful

Go to solution
johnlloyd_13
Level 9
Level 9
In response to spaseman.spiff

‎02-02-2012 03:19 PM

Hi Joey,

I've had this config on your other post. This an example of a dynamic NAT or PAT, that is you translate multiple private IPs to a single public ip.

int g0/1

ip address 192.168.1.254 255.255.255.0

ip nat in

int g0/0

ip nat out

access-list 1 permit 192.168.1.0 0.0.0.255

ip nat inside source list 1 interface g0/0 overload

Sent from Cisco Technical Support iPhone App

0 Helpful

Go to solution
spaseman.spiff
Level 1
Level 1
In response to johnlloyd_13

‎02-03-2012 06:29 AM

John -

So then, I did have my config wrong? Should the ip nat for g0/0 (LAN) be set to outside, and the ip nat for g0/1(wireless) be set to inside?

- Joey

0 Helpful

Go to solution
swordcrowned
Level 1
Level 1
In response to spaseman.spiff

‎02-03-2012 06:36 AM

Joey,

Theoretically you setup is correct.  However it is hard for us to tell you yes or no without seeing your configuration and be able to picture your setup.  What is the ip address on the g0/0?  If you could post ur running config it would be greatful.

Bryan

0 Helpful

Go to solution
swordcrowned
Level 1
Level 1
In response to swordcrowned

‎02-03-2012 08:13 AM

Joey,

NAT looks like it is configured correctly.  Are you having any issues?

Edit:  Why are you using the route-map to configure NAT?  I may be wrong, but I think you should configure a separate access list.

Bryan

P.S.

For future reference, you should X out ur password "7" keystrings, as they take only a simple google search (or in my case, a simple Ipad App) decode.

0 Helpful

Go to solution
spaseman.spiff
Level 1
Level 1
In response to swordcrowned

‎02-03-2012 09:21 AM

Bryan -

Thanks for the assistance. I won't know if I'll have any issues until I send this router to the client, and they connect it to the network.

As for the route-map, I used it only because that was the prior information I was given. I'm still a newbie at this networking stuff, so googled it for proper syntax. (Next time, I won't raise my hand so fast to volunteer to do some networking.)    :O)

And, as for X-ing out my passwd "7" keystrings, I'll google that too, cause I have no idea what that means.

Thanks.

- Joey

0 Helpful

Go to solution
swordcrowned
Level 1
Level 1
In response to spaseman.spiff

‎02-03-2012 11:05 AM

Joey,

No problem.  I hope this helped you outl  Just for saftey sake(and frankly, my lack of understanding) I would just create a separate access-list and attach that to the "ip nat source ###" command.  As for the password "7".  When you posted your config, all of the password commands listed under the line commands for "con" and "vty" are easily decrypted.  Just a future reference for you if you need to post a config online like you did here.  As an example:

line con 0

exec-timeout 0 0

password 7

logging synchronous

login local

line aux 0

Replace:

password 7

with:

password 7 xxxxxxxxxxxxxxxxxxxx

Just a heads up for the future.  And I would change your password that you have already configured.

Also, if its not too much of a bother, please mark this question as answered.  Thank you.

Bryan

0 Helpful

Go to solution
Gautam Renjen
Cisco Employee
Cisco Employee
In response to swordcrowned

‎02-03-2012 03:47 PM

Hi Bryan,

I haven't had a chance to look at the config (i'm assuming it was removed due to your password warning, which is good).

The reason route-maps are configured is to support a case of load-balancing on multiple outside links, wihch would otherwise cause traffic to blackhole if on ACLs were used. So maybe someone could have mentioned that fact and suggested to use route-maps in advanced so that it's non-disruptive once it's installed and in operation. I used to do that on many cases myself, when setting up new routers.

0 Helpful

Go to solution
swordcrowned
Level 1
Level 1
In response to Gautam Renjen

‎02-03-2012 06:56 PM

Gautam,

Im sorry if it came off as if I dont understand Route-maps.  I do.  What I didnt understand was how he was using a route-map with his "ip nat source" command.  Seeing as how when using a route-map for routing load balance, if something falls off the end of the route-map, it will just route normally.  I did not know how that would work with NAT.

Bryan

0 Helpful

Go to solution
Gautam Renjen
Cisco Employee
Cisco Employee
In response to swordcrowned

‎02-10-2012 10:43 AM

Hi Bryan,

I apologize, but I'm not sure if that's a question for me, or a statement that you understood what I said about route-map usage in NAT? Do you want me to explain how it works, or have you understood it?

Thanks,

Gautam

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card