05-11-2019 03:45 PM
Good evening all,
I recently set up a lab in GNS3 and have managed to use NAT to translate my 10.0.0.0 /16 network to my dynamically assigned IP address. I then wanted to replicate this in real life with my home lab. I'm not having much luck with it and the research I've done either hasn't helped or shown me that my config is correct. I have pretty much copied the config from my GNS3 lab so I'm pretty confident this should work.
I can ping from the interface fa0/0, I have a serial link that can't ping, nothing on the other side of that can ping. There is no NAT translations taking place (I assume because nothing is making a round trip)
I have put my running config below
interface FastEthernet0/0
description link-to-home-router
ip address 192.168.1.200 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface Serial0/0
description link-to-bedroom
ip address 172.16.0.1 255.255.255.252
ip nat inside
ip virtual-reassembly
ip nat source list 1 interface FastEthernet0/0 overload
!
access-list 1 permit 172.0.0.0 0.255.255.255
I have a debug ip packets 1 below when I try and ping
R1#ping 192.168.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/9/12 ms
R1#
*Mar 1 01:32:16.055: IP: tableid=0, s=192.168.1.200 (local), d=192.168.1.1 (FastEthernet0/0), routed via FIB
*Mar 1 01:32:16.055: IP: s=192.168.1.200 (local), d=192.168.1.1 (FastEthernet0/0), len 100, sending
R1#ping 192.168.1.1 source 172.16.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
Packet sent with a source address of 172.16.0.1
*Mar 1 01:33:12.583: IP: tableid=0, s=172.16.0.1 (local), d=192.168.1.1 (FastEthernet0/0), routed via FIB
*Mar 1 01:33:12.583: IP: s=172.16.0.1 (local), d=192.168.1.1 (FastEthernet0/0), len 100, sending.
Many thanks in advance, I don't like not knowing why this isn't working, my guess is GNS3 is doing some magic that I don't understand to make it work.
Solved! Go to Solution.
05-13-2019 12:12 PM - edited 05-13-2019 01:02 PM
Hi all,
Thanks to everyone that gave feedback.
The correct answer was hidden in the NAT statement that I missed.
I had "ip nat source list 1 interface FastEthernet0/0 overload" whereas I needed "ip nat inside source list 1 interface FastEthernet0/0 overload" a small but important difference!
Its now all working as planned.
05-11-2019 05:22 PM
Hello,
your inside network has only two addresses, which seems odd. What are you trying to NAT ?
Also, it might be useful to post the entire configuration, as I don't see a default route.
Try and change/add the below:
access-list 1 permit any
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
05-12-2019 01:48 AM
Hi Georg,
It only has that as s0/0 is going to another router that I've not set up yet fully, there are some loopback interfaces for testing. using a 172.x.x.x which should be permitted. I'm using OSPF on the 2 cisco routers to learn those routes.
Apologies for not showing the full config before, I have added the permit any statement, I did have the default route already in place, that was shown by being able to ping the 192.168.1.1 address from the 192.168.1.200 interface.
Many thanks
Router#show runn
Building configuration...
Current configuration : 1270 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
no network-clock-participate slot 1
no network-clock-participate wic 0
ip subnet-zero
ip cef
!
!
no ip dhcp use vrf connected
!
!
no ip ips deny-action ips-interface
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 172.16.100.1 255.255.255.255
ip ospf network point-to-point
!
interface FastEthernet0/0
description link-to-home-router
ip address 192.168.1.200 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface Serial0/0
description link-to-bedroom
ip address 172.16.0.1 255.255.255.252
ip nat inside
ip virtual-reassembly
clockrate 192000
!
interface Serial0/1
no ip address
shutdown
!
router ospf 1
log-adjacency-changes
network 172.0.0.0 0.255.255.255 area 0
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
no ip http server
no ip http secure-server
ip nat source list 1 interface FastEthernet0/0 overload
!
access-list 1 permit 172.0.0.0 0.255.255.255
access-list 1 permit any
!
!
control-plane
!
!
!
!
line con 0
privilege level 15
logging synchronous
line aux 0
line vty 0 4
!
!
end
05-12-2019 06:04 AM - edited 05-12-2019 06:11 AM
What is the configuration for the serial on the other side?
Also check the serial cable to see which one is DTE and which one is DCE
05-12-2019 08:01 AM
05-12-2019 09:03 AM
05-13-2019 01:37 AM - edited 05-13-2019 01:42 AM
your ACL used for nat statement reads "access-list 1 permit 172.0.0.0 0.255.255.255
the subnet is incorrect / wrong network class that also includes public internet addresses.
not all addresses starting with 172 are private addresses.
you may encounter problems when trying to access public IP's that begin with 172.
05-13-2019 02:50 AM
05-13-2019 04:42 AM - edited 05-13-2019 04:43 AM
05-13-2019 05:18 AM
05-13-2019 12:12 PM - edited 05-13-2019 01:02 PM
Hi all,
Thanks to everyone that gave feedback.
The correct answer was hidden in the NAT statement that I missed.
I had "ip nat source list 1 interface FastEthernet0/0 overload" whereas I needed "ip nat inside source list 1 interface FastEthernet0/0 overload" a small but important difference!
Its now all working as planned.
05-13-2019 12:17 PM - edited 05-13-2019 12:18 PM
Am I missing something? they look the same statement
The "inside" is missing?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide