07-25-2013 07:42 AM - edited 03-04-2019 08:33 PM
We have recently had BT Infinity installed, we are swapping out the homehub for a 2901 and an ASA.
I am having some trouble with the router side of the config. My interface shows as up and is getting an IP address but I cannot get to the internet, I can run a trace that appears to be getting out but it dies before getting to the destination.
Any help would be greatly appreciated. I have attached our config and the trace results.
Solved! Go to Solution.
07-26-2013 06:53 AM
Change this:
ip nat inside source route-map infinity interface Dialer1 overload
to:
ip nat inside source list infinity interface Dialer1 overload
07-25-2013 12:09 PM
Roger, your configuration is missing 'ip nat inside' on the internal interface and a NAT statement.
interface GigabitEthernet0/0
ip nat inside
ip access-list extended NAT-ACL
permit ip 10.10.10.0 0.0.0.255 any
permit ip 192.168.0.0 0.0.255.255 any
ip nat inside source list NAT-ACL interface Dialer1 overload
07-26-2013 01:55 AM
Thanks for that, I can now ping and trace from the router. But strangely i have no external access from my pc when connected to the 10.10.10.0 network.
If I run a tracert from my pc the connection goes as far as the router and dies.
07-26-2013 06:24 AM
Hi,
Can you post an updated "show run" and include a "show ip route" please?
You can also configure "debug ip nat" on the router and retry your connection and post the debug here.
07-26-2013 06:49 AM
Hi, please see the updated config and routing table.
I think I have a NAT issue as show ip nat translation has no results
sho ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
S* 0.0.0.0/0 is directly connected, Dialer1
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.10.10.0/24 is directly connected, GigabitEthernet0/0
L 10.10.10.1/32 is directly connected, GigabitEthernet0/0
81.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
C 81.137.28.200/29 is directly connected, Dialer1
L 81.137.28.206/32 is directly connected, Dialer1
C 81.148.0.1/32 is directly connected, Dialer1
S 192.168.0.0/16 [1/0] via 10.10.10.2
sho run
Building configuration...
Current configuration : 3747 bytes
!
! Last configuration change at 10:06:07 PCTime Fri Jul 26 2013 by admin
! NVRAM config last updated at 10:06:08 PCTime Fri Jul 26 2013 by admin
! NVRAM config last updated at 10:06:08 PCTime Fri Jul 26 2013 by admin
version 15.2
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname *****
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200
logging console critical
enable secret *****
enable password *****
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
!
!
!
!
aaa session-id common
clock timezone PCTime 0 0
clock summer-time PCTime date Mar 30 2003 1:00 Oct 26 2003 2:00
!
no ip source-route
ip cef
!
!
!
!
!
!
no ip bootp server
no ipv6 cef
multilink bundle-name authenticated
!
!
!
!
license udi pid CISCO2901/K9 sn FCZ16509433
!
!
username
!
!
controller VDSL 0/0/0
!
ip tcp synwait-time 10
csdb tcp synwait-time 30
csdb tcp idle-time 3600
csdb tcp finwait-time 5
csdb tcp reassembly max-memory 1024
csdb tcp reassembly max-queue-length 16
csdb udp idle-time 30
csdb icmp idle-time 10
csdb session max-session 65535
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
shutdown
!
interface GigabitEthernet0/0
ip address 10.10.10.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
no mop enabled
!
interface GigabitEthernet0/1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
shutdown
duplex auto
speed auto
no mop enabled
!
interface ATM0/0/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
shutdown
no atm ilmi-keepalive
!
interface Ethernet0/0/0
description BT Infinity Connection$ES_LAN$
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
no mop enabled
!
interface Ethernet0/0/0.101
description BT Infinity Connection
encapsulation dot1Q 101
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface Dialer1
ip address 81.137.28.206 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1492
ip flow ingress
ip nat outside
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname *****
ppp chap password *****
ppp pap sent-username ***** password *****
ppp ipcp dns request
no cdp enable
!
ip forward-protocol nd
!
ip http server
ip http authentication local
no ip http secure-server
!
ip nat inside source route-map infinity interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 192.168.0.0 255.255.0.0 10.10.10.2
!
ip access-list extended infinity
permit ip 192.168.0.0 0.0.255.255 any
permit ip 10.10.10.0 0.0.0.255 any
!
logging trap debugging
no cdp run
!
route-map infinty permit 1
match ip address infinity
!
!
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
password *****
transport input all
!
scheduler allocate 20000 1000
!
end
07-26-2013 06:53 AM
Change this:
ip nat inside source route-map infinity interface Dialer1 overload
to:
ip nat inside source list infinity interface Dialer1 overload
07-29-2013 01:50 AM
Fantastic, that worked.
Is it possible to have multiple ip addresses on the dialer interface, we have a pool of 5 static addresses.
07-29-2013 02:17 AM
Yes, you can have mutliple addresses on an interface - just use the keyword "secondary" when adding them. If you just want to use multiple addresses for your NAT translations then configure a pool as per this link:
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094e77.shtml#topic4
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide