Solved: Glad you got it to work.

Ela Snessjna · ‎12-27-2016

NAT is working for the devices on Gig0/1.61 who receive ip addresses from the DHCP pool.

But when I try to ping to the outside from within the router it doesn't work. How can this be? The outside is 192.168.1.1 (temporary setup)

When I perform a clear ip nat translation it works until a client pings and then it stops working from the router.

I don't understand why this is happening?

This is my configuration :

Current configuration : 2875 bytes
!
! Last configuration change at 15:24:40 UTC Tue Dec 27 2016 by administrator
version 15.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname UCRouter
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
!
no aaa new-model
!
!
!
!
ip dhcp excluded-address 192.168.2.1 192.168.2.20
!
ip dhcp pool VLAN61
network 192.168.2.0 255.255.255.0
default-router 192.168.2.1
domain-name uc_test
dns-server 8.8.8.8 8.8.4.4
!
!
!
no ip domain lookup
ip domain name marketingmap.com
ip name-server 8.8.8.8
ip cef
no ipv6 cef
multilink bundle-name authenticated
!
!
!
!
license udi pid CISCO2921/K9 sn Fxxxxxxxxxx
hw-module sm 1
!
!
!
username administrator password 7 xxxxxxxxxxxxxx
!
redundancy
!
!
ip ssh version 2
!
!
!
!
interface Loopback0
ip address 10.0.1.1 255.255.255.0
!
interface GigabitEthernet0/0
ip address 10.2.1.45 255.255.0.0
duplex auto
speed auto
!
interface GigabitEthernet0/1
no ip address
no ip route-cache
duplex auto
speed auto
!
interface GigabitEthernet0/1.61
description MMAP_TEST
encapsulation dot1Q 61
ip address 192.168.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
no ip route-cache
!
interface GigabitEthernet0/2
ip address 192.168.1.9 255.255.255.0
ip nat outside
ip virtual-reassembly in
no ip route-cache
duplex auto
speed auto
!
interface Vlan1
no ip address
!
ip forward-protocol nd
!
ip http server
no ip http secure-server
!
ip nat pool ovrld 192.168.1.9 192.168.1.9 prefix-length 30
ip nat inside source list 100 pool ovrld
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
!
!
access-list 100 permit ip 192.168.2.0 0.0.0.255 any
access-list 101 permit icmp any any
access-list 102 permit ip 10.2.0.0 0.0.255.255 any
!
control-plane

Thanks!

Georg Pauwen · ‎12-28-2016

Hello,

try and add the keyword 'overload' to your NAT statement:

ip nat inside source list 100 pool ovrld overload

View solution in original post

Georg Pauwen · ‎12-27-2016

Hello,

what is the source of your ping ? For example:

ping 192.168.1.1 source lo0

Ela Snessjna · ‎12-27-2016

UCRouter#ping 192.168.1.1 source lo0

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:

Packet sent with a source address of 10.0.1.1

.....

Success rate is 0 percent (0/5)

Some more information

sh ip route

Gateway of last resort is 192.168.1.1 to network 0.0.0.0

S* 0.0.0.0/0 [1/0] via 192.168.1.1

10.0.0.0/8 is variably subnetted, 4 subnets, 3 masks

C 10.0.1.0/24 is directly connected, Loopback0

L 10.0.1.1/32 is directly connected, Loopback0

C 10.2.0.0/16 is directly connected, GigabitEthernet0/0

L 10.2.1.45/32 is directly connected, GigabitEthernet0/0

192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks

C 192.168.1.0/24 is directly connected, GigabitEthernet0/2

L 192.168.1.9/32 is directly connected, GigabitEthernet0/2

192.168.2.0/24 is variably subnetted, 2 subnets, 2 masks

C 192.168.2.0/24 is directly connected, GigabitEthernet0/1.61

L 192.168.2.1/32 is directly connected, GigabitEthernet0/1.61

Georg Pauwen · ‎12-27-2016

Where is 192.168.1.1, the address you are pinging ? And what address id the client pinging from ?

Can you post the NAT table after the client successfully pings ?

Ela Snessjna · ‎12-28-2016

UCRouter#show ip nat translations
Pro Inside global Inside local Outside local Outside global
icmp 192.168.1.9:1 192.168.2.22:1 8.8.8.8:1 8.8.8.8:1
udp 192.168.1.9:45104 192.168.2.22:45104 217.10.68.152:3478 217.10.68.152:3478
udp 192.168.1.9:50476 192.168.2.22:50476 8.8.8.8:53 8.8.8.8:53
udp 192.168.1.9:50507 192.168.2.22:50507 8.8.4.4:53 8.8.4.4:53
udp 192.168.1.9:50507 192.168.2.22:50507 8.8.8.8:53 8.8.8.8:53
udp 192.168.1.9:51055 192.168.2.22:51055 8.8.8.8:53 8.8.8.8:53
udp 192.168.1.9:51056 192.168.2.22:51056 54.213.100.191:3478 54.213.100.191:3478
udp 192.168.1.9:51056 192.168.2.22:51056 74.125.143.127:19302 74.125.143.127:19302
udp 192.168.1.9:51056 192.168.2.22:51056 173.194.202.127:19302 173.194.202.127:19302
udp 192.168.1.9:51139 192.168.2.22:51139 8.8.8.8:53 8.8.8.8:53
udp 192.168.1.9:51628 192.168.2.22:51628 108.177.96.189:443 108.177.96.189:443
udp 192.168.1.9:51855 192.168.2.22:51855 8.8.4.4:53 8.8.4.4:53
udp 192.168.1.9:51855 192.168.2.22:51855 8.8.8.8:53 8.8.8.8:53
udp 192.168.1.9:51901 192.168.2.22:51901 8.8.4.4:53 8.8.4.4:53
udp 192.168.1.9:51901 192.168.2.22:51901 8.8.8.8:53 8.8.8.8:53
tcp 192.168.1.9:52005 192.168.2.22:52005 108.160.172.204:443 108.160.172.204:443
Pro Inside global Inside local Outside local Outside global
tcp 192.168.1.9:52006 192.168.2.22:52006 13.107.4.52:80 13.107.4.52:80
tcp 192.168.1.9:52009 192.168.2.22:52009 162.125.18.133:443 162.125.18.133:443
tcp 192.168.1.9:52010 192.168.2.22:52010 131.253.61.100:443 131.253.61.100:443
tcp 192.168.1.9:52011 192.168.2.22:52011 40.77.226.246:443 40.77.226.246:443
tcp 192.168.1.9:52012 192.168.2.22:52012 40.77.229.38:443 40.77.229.38:443
tcp 192.168.1.9:52013 192.168.2.22:52013 64.15.124.212:443 64.15.124.212:443
tcp 192.168.1.9:52014 192.168.2.22:52014 64.15.124.212:443 64.15.124.212:443
tcp 192.168.1.9:52015 192.168.2.22:52015 173.194.69.125:5222 173.194.69.125:5222
tcp 192.168.1.9:52016 192.168.2.22:52016 108.160.172.204:443 108.160.172.204:443
tcp 192.168.1.9:52017 192.168.2.22:52017 40.77.229.85:443 40.77.229.85:443
tcp 192.168.1.9:52018 192.168.2.22:52018 173.194.69.125:5222 173.194.69.125:5222
tcp 192.168.1.9:52019 192.168.2.22:52019 108.177.96.188:5228 108.177.96.188:5228
tcp 192.168.1.9:52020 192.168.2.22:52020 108.177.96.188:5228 108.177.96.188:5228
tcp 192.168.1.9:52021 192.168.2.22:52021 40.77.226.246:443 40.77.226.246:443
tcp 192.168.1.9:52022 192.168.2.22:52022 207.46.194.33:443 207.46.194.33:443
tcp 192.168.1.9:52023 192.168.2.22:52023 40.77.229.10:443 40.77.229.10:443
tcp 192.168.1.9:52024 192.168.2.22:52024 173.223.106.161:80 173.223.106.161:80
Pro Inside global Inside local Outside local Outside global
udp 192.168.1.9:52024 192.168.2.22:52024 64.15.124.212:443 64.15.124.212:443
tcp 192.168.1.9:52025 192.168.2.22:52025 64.15.124.212:443 64.15.124.212:443
udp 192.168.1.9:52025 192.168.2.22:52025 8.8.8.8:53 8.8.8.8:53
tcp 192.168.1.9:52026 192.168.2.22:52026 64.15.124.212:443 64.15.124.212:443
udp 192.168.1.9:52376 192.168.2.22:52376 8.8.4.4:53 8.8.4.4:53
udp 192.168.1.9:52376 192.168.2.22:52376 8.8.8.8:53 8.8.8.8:53
udp 192.168.1.9:53248 192.168.2.22:53248 8.8.4.4:53 8.8.4.4:53
udp 192.168.1.9:53248 192.168.2.22:53248 8.8.8.8:53 8.8.8.8:53
udp 192.168.1.9:53610 192.168.2.22:53610 8.8.8.8:53 8.8.8.8:53
udp 192.168.1.9:54093 192.168.2.22:54093 8.8.4.4:53 8.8.4.4:53
udp 192.168.1.9:54093 192.168.2.22:54093 8.8.8.8:53 8.8.8.8:53
udp 192.168.1.9:54440 192.168.2.22:54440 54.213.100.191:3478 54.213.100.191:3478
udp 192.168.1.9:54440 192.168.2.22:54440 74.125.143.127:19302 74.125.143.127:19302
udp 192.168.1.9:54440 192.168.2.22:54440 173.194.202.127:19302 173.194.202.127:19302
udp 192.168.1.9:55036 192.168.2.22:55036 8.8.4.4:53 8.8.4.4:53
udp 192.168.1.9:55036 192.168.2.22:55036 8.8.8.8:53 8.8.8.8:53
udp 192.168.1.9:55354 192.168.2.22:55354 8.8.4.4:53 8.8.4.4:53
udp 192.168.1.9:55354 192.168.2.22:55354 8.8.8.8:53 8.8.8.8:53
udp 192.168.1.9:55888 192.168.2.22:55888 8.8.4.4:53 8.8.4.4:53
Pro Inside global Inside local Outside local Outside global
udp 192.168.1.9:55888 192.168.2.22:55888 8.8.8.8:53 8.8.8.8:53
udp 192.168.1.9:55890 192.168.2.22:55890 54.213.100.191:3478 54.213.100.191:3478
udp 192.168.1.9:55890 192.168.2.22:55890 74.125.143.127:19302 74.125.143.127:19302
udp 192.168.1.9:55890 192.168.2.22:55890 173.194.202.127:19302 173.194.202.127:19302
udp 192.168.1.9:56178 192.168.2.22:56178 8.8.8.8:53 8.8.8.8:53
udp 192.168.1.9:56948 192.168.2.22:56948 8.8.8.8:53 8.8.8.8:53
udp 192.168.1.9:57750 192.168.2.22:57750 8.8.4.4:53 8.8.4.4:53
udp 192.168.1.9:57750 192.168.2.22:57750 8.8.8.8:53 8.8.8.8:53
udp 192.168.1.9:57751 192.168.2.22:57751 54.213.100.191:3478 54.213.100.191:3478
udp 192.168.1.9:57751 192.168.2.22:57751 74.125.143.127:19302 74.125.143.127:19302
udp 192.168.1.9:57751 192.168.2.22:57751 173.194.202.127:19302 173.194.202.127:19302
udp 192.168.1.9:57917 192.168.2.22:57917 8.8.4.4:53 8.8.4.4:53
udp 192.168.1.9:57917 192.168.2.22:57917 8.8.8.8:53 8.8.8.8:53
udp 192.168.1.9:57935 192.168.2.22:57935 8.8.8.8:53 8.8.8.8:53
udp 192.168.1.9:57948 192.168.2.22:57948 8.8.4.4:53 8.8.4.4:53
udp 192.168.1.9:57948 192.168.2.22:57948 8.8.8.8:53 8.8.8.8:53
Pro Inside global Inside local Outside local Outside global
udp 192.168.1.9:58006 192.168.2.22:58006 8.8.8.8:53 8.8.8.8:53
udp 192.168.1.9:58519 192.168.2.22:58519 8.8.8.8:53 8.8.8.8:53
udp 192.168.1.9:58727 192.168.2.22:58727 8.8.4.4:53 8.8.4.4:53
udp 192.168.1.9:58727 192.168.2.22:58727 8.8.8.8:53 8.8.8.8:53
udp 192.168.1.9:58788 192.168.2.22:58788 8.8.4.4:53 8.8.4.4:53
udp 192.168.1.9:58788 192.168.2.22:58788 8.8.8.8:53 8.8.8.8:53
udp 192.168.1.9:58789 192.168.2.22:58789 54.213.100.191:3478 54.213.100.191:3478
udp 192.168.1.9:58789 192.168.2.22:58789 74.125.143.127:19302 74.125.143.127:19302
udp 192.168.1.9:58789 192.168.2.22:58789 173.194.202.127:19302 173.194.202.127:19302
udp 192.168.1.9:58975 192.168.2.22:58975 8.8.4.4:53 8.8.4.4:53
udp 192.168.1.9:58975 192.168.2.22:58975 8.8.8.8:53 8.8.8.8:53
udp 192.168.1.9:59031 192.168.2.22:59031 8.8.8.8:53 8.8.8.8:53
udp 192.168.1.9:59302 192.168.2.22:59302 8.8.4.4:53 8.8.4.4:53
udp 192.168.1.9:59929 192.168.2.22:59929 54.213.100.191:3478 54.213.100.191:3478
udp 192.168.1.9:59929 192.168.2.22:59929 74.125.143.127:19302 74.125.143.127:19302
udp 192.168.1.9:59929 192.168.2.22:59929 173.194.202.127:19302 173.194.202.127:19302
Pro Inside global Inside local Outside local Outside global
udp 192.168.1.9:60882 192.168.2.22:60882 8.8.4.4:53 8.8.4.4:53
udp 192.168.1.9:61147 192.168.2.22:61147 8.8.4.4:53 8.8.4.4:53
udp 192.168.1.9:61147 192.168.2.22:61147 8.8.8.8:53 8.8.8.8:53
udp 192.168.1.9:61268 192.168.2.22:61268 8.8.4.4:53 8.8.4.4:53
udp 192.168.1.9:61268 192.168.2.22:61268 8.8.8.8:53 8.8.8.8:53
udp 192.168.1.9:61789 192.168.2.22:61789 8.8.8.8:53 8.8.8.8:53
udp 192.168.1.9:61790 192.168.2.22:61790 54.213.100.191:3478 54.213.100.191:3478
udp 192.168.1.9:61790 192.168.2.22:61790 74.125.143.127:19302 74.125.143.127:19302
udp 192.168.1.9:61790 192.168.2.22:61790 173.194.202.127:19302 173.194.202.127:19302
udp 192.168.1.9:62145 192.168.2.22:62145 8.8.4.4:53 8.8.4.4:53
udp 192.168.1.9:62145 192.168.2.22:62145 8.8.8.8:53 8.8.8.8:53
udp 192.168.1.9:62161 192.168.2.22:62161 172.217.17.78:443 172.217.17.78:443
udp 192.168.1.9:62767 192.168.2.22:62767 8.8.8.8:53 8.8.8.8:53
udp 192.168.1.9:62769 192.168.2.22:62769 64.15.124.212:443 64.15.124.212:443
udp 192.168.1.9:63378 192.168.2.22:63378 8.8.4.4:53 8.8.4.4:53
udp 192.168.1.9:63378 192.168.2.22:63378 8.8.8.8:53 8.8.8.8:53
udp 192.168.1.9:63578 192.168.2.22:63578 8.8.4.4:53 8.8.4.4:53
udp 192.168.1.9:63578 192.168.2.22:63578 8.8.8.8:53 8.8.8.8:53
udp 192.168.1.9:63945 192.168.2.22:63945 8.8.4.4:53 8.8.4.4:53
Pro Inside global Inside local Outside local Outside global
udp 192.168.1.9:64347 192.168.2.22:64347 8.8.4.4:53 8.8.4.4:53
udp 192.168.1.9:64347 192.168.2.22:64347 8.8.8.8:53 8.8.8.8:53
udp 192.168.1.9:64390 192.168.2.22:64390 8.8.4.4:53 8.8.4.4:53
udp 192.168.1.9:64390 192.168.2.22:64390 8.8.8.8:53 8.8.8.8:53
udp 192.168.1.9:64400 192.168.2.22:64400 8.8.4.4:53 8.8.4.4:53
udp 192.168.1.9:64400 192.168.2.22:64400 8.8.8.8:53 8.8.8.8:53
udp 192.168.1.9:65368 192.168.2.22:65368 8.8.4.4:53 8.8.4.4:53
udp 192.168.1.9:65368 192.168.2.22:65368 8.8.8.8:53 8.8.8.8:53
udp 192.168.1.9:65376 192.168.2.22:65376 8.8.4.4:53 8.8.4.4:53
udp 192.168.1.9:65376 192.168.2.22:65376 8.8.8.8:53 8.8.8.8:53
--- 192.168.1.9 192.168.2.22 --- ---
UCRouter#ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
UCRouter#clear ip nat translation *
UCRouter#ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/16/16 ms
UCRouter#

Georg Pauwen · ‎12-28-2016

Hello,

when you ping 8.8.8.8, what is the source of the ping :

UCRouter#ping 8.8.8.8 source ?

By default, the source is the outgoing interface.

8.8.8.8 is the Google DNS server, which is a public IP address. How are you connected to the Internet ? I would assume the next hop, 192.168.1.1, is then connected to the Internet ?

With the configuration below, everything from network 192.168.2.0/24 is being translated to 192.168.1.9. What do you eventually want to achieve ?

ip nat pool ovrld 192.168.1.9 192.168.1.9 prefix-length 30
ip nat inside source list 100 pool ovrld
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
!
!
access-list 100 permit ip 192.168.2.0 0.0.0.255 any

Georg Pauwen · ‎12-28-2016

Hello,

try and add the keyword 'overload' to your NAT statement:

ip nat inside source list 100 pool ovrld overload

Ela Snessjna · ‎12-28-2016

Hi,

the overload keyword did the trick.Of course it can't work without overload.

Many thanks!

Georg Pauwen · ‎12-28-2016

Glad you got it to work. Indeed, without 'overload' the single address would be used up with only one single translation in use...

Cisco 2921 NAT works but not from within the router