Solved: Re: Connect lab to home router

ARPhillips · ‎05-11-2019

Good evening all,

I recently set up a lab in GNS3 and have managed to use NAT to translate my 10.0.0.0 /16 network to my dynamically assigned IP address. I then wanted to replicate this in real life with my home lab. I'm not having much luck with it and the research I've done either hasn't helped or shown me that my config is correct. I have pretty much copied the config from my GNS3 lab so I'm pretty confident this should work.

I can ping from the interface fa0/0, I have a serial link that can't ping, nothing on the other side of that can ping. There is no NAT translations taking place (I assume because nothing is making a round trip)

I have put my running config below

interface FastEthernet0/0
description link-to-home-router
ip address 192.168.1.200 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto

!
interface Serial0/0
description link-to-bedroom
ip address 172.16.0.1 255.255.255.252
ip nat inside
ip virtual-reassembly

ip nat source list 1 interface FastEthernet0/0 overload
!
access-list 1 permit 172.0.0.0 0.255.255.255

I have a debug ip packets 1 below when I try and ping

R1#ping 192.168.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/9/12 ms
R1#
*Mar 1 01:32:16.055: IP: tableid=0, s=192.168.1.200 (local), d=192.168.1.1 (FastEthernet0/0), routed via FIB
*Mar 1 01:32:16.055: IP: s=192.168.1.200 (local), d=192.168.1.1 (FastEthernet0/0), len 100, sending

R1#ping 192.168.1.1 source 172.16.0.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
Packet sent with a source address of 172.16.0.1

*Mar 1 01:33:12.583: IP: tableid=0, s=172.16.0.1 (local), d=192.168.1.1 (FastEthernet0/0), routed via FIB
*Mar 1 01:33:12.583: IP: s=172.16.0.1 (local), d=192.168.1.1 (FastEthernet0/0), len 100, sending.

Many thanks in advance, I don't like not knowing why this isn't working, my guess is GNS3 is doing some magic that I don't understand to make it work.

ARPhillips · ‎05-13-2019

Hi all,

Thanks to everyone that gave feedback.

The correct answer was hidden in the NAT statement that I missed.

I had "ip nat source list 1 interface FastEthernet0/0 overload" whereas I needed "ip nat inside source list 1 interface FastEthernet0/0 overload" a small but important difference!

Its now all working as planned.

View solution in original post

Georg Pauwen · ‎05-11-2019

Hello,

your inside network has only two addresses, which seems odd. What are you trying to NAT ?

Also, it might be useful to post the entire configuration, as I don't see a default route.

Try and change/add the below:

access-list 1 permit any

ip route 0.0.0.0 0.0.0.0 FastEthernet0/0

ARPhillips · ‎05-12-2019

Hi Georg,

It only has that as s0/0 is going to another router that I've not set up yet fully, there are some loopback interfaces for testing. using a 172.x.x.x which should be permitted. I'm using OSPF on the 2 cisco routers to learn those routes.

Apologies for not showing the full config before, I have added the permit any statement, I did have the default route already in place, that was shown by being able to ping the 192.168.1.1 address from the 192.168.1.200 interface.

Many thanks

Router#show runn
Building configuration...

Current configuration : 1270 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
no network-clock-participate slot 1
no network-clock-participate wic 0
ip subnet-zero
ip cef
!
!
no ip dhcp use vrf connected
!
!
no ip ips deny-action ips-interface
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 172.16.100.1 255.255.255.255
ip ospf network point-to-point
!
interface FastEthernet0/0
description link-to-home-router
ip address 192.168.1.200 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface Serial0/0
description link-to-bedroom
ip address 172.16.0.1 255.255.255.252
ip nat inside
ip virtual-reassembly
clockrate 192000
!
interface Serial0/1
no ip address
shutdown
!
router ospf 1
log-adjacency-changes
network 172.0.0.0 0.255.255.255 area 0
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
no ip http server
no ip http secure-server
ip nat source list 1 interface FastEthernet0/0 overload
!
access-list 1 permit 172.0.0.0 0.255.255.255
access-list 1 permit any
!
!
control-plane
!
!
!
!
line con 0
privilege level 15
logging synchronous
line aux 0
line vty 0 4
!
!
end

jurczak · ‎05-12-2019

What is the configuration for the serial on the other side?

Also check the serial cable to see which one is DTE and which one is DCE

ARPhillips · ‎05-12-2019

Serial config is fine, other router can ping this one. Shouldn’t matter though as the ping fails using the s0/0 port on the router connected to the home router.

jurczak · ‎05-12-2019

does the bedroom side know the routes?

pieterh · ‎05-13-2019

your ACL used for nat statement reads "access-list 1 permit 172.0.0.0 0.255.255.255

the subnet is incorrect / wrong network class that also includes public internet addresses.

not all addresses starting with 172 are private addresses.

you may encounter problems when trying to access public IP's that begin with 172.

ARPhillips · ‎05-13-2019

I'm not trying to reach the internet with the 172 address. That's there to
translate the 172 address to the address of the fa0/0 interface.

At the moment I can't even reach the router on 192.168.1.1 let alone the
internet.

Jon Marshall · ‎05-13-2019

jurczak · ‎05-13-2019

Just to make sure that it is fully understood.
Each interface of this router can ping the interface of the router that is in the opposite side but the opposite sides cannot ping each other? Can you do a show ip route from all routers?

ARPhillips · ‎05-13-2019

Hi all,

Thanks to everyone that gave feedback.

The correct answer was hidden in the NAT statement that I missed.

I had "ip nat source list 1 interface FastEthernet0/0 overload" whereas I needed "ip nat inside source list 1 interface FastEthernet0/0 overload" a small but important difference!

Its now all working as planned.

jurczak · ‎05-13-2019

Am I missing something? they look the same statement

The "inside" is missing?