Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
7417
Views
14
Helpful
10
Replies

Cisco 2921 Router Wan configuration

Go to solution
ajay
Level 1
Level 1

‎01-15-2013 06:08 AM - edited ‎03-04-2019 06:43 PM

Hi,

i have a Cisco 2921 Router,

with 3 giga interfaces

i have a leased line for the internet with a public ip address and i want to configure this router as NAT /PAT gateway, so that users in my network can ue the internet by the router,

my wan interface is g0/0 - ip 122.xx.xx.xx

lan is g 0/1 -- 192.168.1.1 /24

please advice me the configuration.

i have tried doing nat once but i was not able to make the wan port up.

using cisco CP when i test the interface it givves error and i dont get internet to my users.

Please guide the configuration.

Thanks

Ajay

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jose Bogantes
Level 1
Level 1

‎01-15-2013 09:54 AM

Hello Ajay,

Please try the following commands and let me know the results:

access-list 1 permit 192.168.1.0 0.0.0.255

ip nat inside source list 1 interface GigabitEthernet0/0 overload

ip route 0.0.0.0 0.0.0.0 gigabitEthernet 0/0

Regards.

View solution in original post

10 Replies 10

Go to solution
Abzal
Level 7
Level 7

‎01-15-2013 06:12 AM

Hi Ajay,

I would strongly recommend to not post here Public IPs. You can just simply replace it with 122.X.X.X. So everybody would understand that it is public IP not private.

Hope it will help.

Best regards,
Abzal

Best regards,
Abzal
0 Helpful

Go to solution
Jose Bogantes
Level 1
Level 1

‎01-15-2013 09:54 AM

Hello Ajay,

Please try the following commands and let me know the results:

access-list 1 permit 192.168.1.0 0.0.0.255

ip nat inside source list 1 interface GigabitEthernet0/0 overload

ip route 0.0.0.0 0.0.0.0 gigabitEthernet 0/0

Regards.

Go to solution
turnera
Level 1
Level 1
In response to Jose Bogantes

‎01-15-2013 10:55 AM

Need to include the following to what Jose has provided:

interface g0/0

ip nat outside

interface g0/1

ip nat inside

Go to solution
Jose Bogantes
Level 1
Level 1
In response to turnera

‎01-15-2013 12:12 PM

Hi Turnera,

Very useful piece of information. Thanks for adding that part of the configuration!!!

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to Jose Bogantes

‎01-15-2013 08:08 PM

The suggested static route is somewhat problematic. It MIGHT work but it might not work. And even if it works there are some issues with it.

ip route 0.0.0.0 0.0.0.0 gigabitEthernet 0/0

The problems involve static routes that just point to the outbound interface where the outbound interface is Ethernet (or various flovors of Ethernet such as GigEthernet).

The effect of this configuration is that the router must ARP for every destination to which it will forward packets and that brings up several problems:

- for this to work at all requires that the next hop router must have enabled proxy arp. And increasingly organizations are disabling proxy arp believing that it is a security weakness. So the chances are increasing that this will just not work.

- even if it does work there are several other aspects that are not desirable

- the router must ARP for every destination and this will result in increased CPU load from processing all the ARP request and ARP response messages.

- the router must maintain the ARP table based on the responses and so there will be increased load on the CPU from the effort to maintain the ARP table.

- it will increase memory utilization since the ARP table will now contain an ARP entry for each remote destination for which the router has forwarded traffic and that potentially is a lot of ARP entries.

It is much better practice to specify the next hop address when configuring a static route that will go out an Ethernet interface.

HTH

Rick

HTH

Rick

Go to solution
ajay
Level 1
Level 1

‎01-16-2013 05:40 AM

thanks All for the given info. and after doing the same now my nat seems working , but from my clients , they are able to ping the websires and dns address given, but no web page are opend,

like from client 1 if i ping to google.com - i am able to get the reply but whel i try to eopn google.com web site i am not able to.

it ther any thing in the accss list to be configued , please advoice me the same thanks a lot.

0 Helpful

Go to solution
cadet alain
VIP Alumni
VIP Alumni
In response to ajay

‎01-16-2013 06:20 AM

Hi,

Post sanitized config .

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
0 Helpful

Go to solution
Abzal
Level 7
Level 7
In response to ajay

‎01-16-2013 07:03 AM

Hi,

There might be some sort of ACL that could block web browsing.

Here is simple verification(but remove public IPs):

sh run int g0/0

sh run int g0/1

sh access-list

Hope it will help.

Best regards,
Abzal

Best regards,
Abzal
0 Helpful

Go to solution
Jose Bogantes
Level 1
Level 1
In response to Abzal

‎01-16-2013 08:14 AM

Hello Ajay,

If there are no ACLs related to that behavior, the issue could be related to TCP MSS. The idea is to reduce the TCP MSS value under the LAN interface. You can use 1452 to start but if the PC cannot load the webpages yet, you could use a smaller value:

interface Gig0/0

ip tcp adjust-mss 1452

If you need more information, you can check the following link:

http://www.cisco.com/en/US/docs/ios/12_2t/12_2t4/feature/guide/ft_admss.html

Regards.

0 Helpful

Go to solution
Jose Bogantes
Level 1
Level 1
In response to Jose Bogantes

‎01-16-2013 11:07 AM

FYI ...

Complete configuration:

interface g0/0 ---> WAN interface

ip nat outside

interface g0/1 --> LAN interface

ip nat inside

access-list 1 permit 192.168.1.0 0.0.0.255

ip nat inside source list 1 interface GigabitEthernet0/0 overload

ip route 0.0.0.0 0.0.0.0 gigabitEthernet 0/0

0 Helpful
Customers Also Viewed These Support Documents
Top