Solved: Thanks for your quick

brentpavlovich · ‎12-02-2015

Looking for some guidance on configuring the NAT settings on a 2811 router. Currently i have the cisco 2811 router plugged in behind a centurylink router with NAT. From behind the 2811 router i can get to everything on my sub-interfaces including the same subnet the centurylink router is operating on. But i cannot get out to the internet. From what i have read online this is a NAT issue within the 2811. My static IP through CL is 216.161.16.194 and the private interface side of the CL router is 192.168.0.9. Any guidance on how to make the 2811 talk to the internet would be greatly appreciated.

Here is the config for the 2811 router.

Current configuration : 3171 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
hostname WHA1992-R1
!
boot-start-marker
boot-end-marker
!
! card type command needed for slot/vwic-slot 0/0
! card type command needed for slot/vwic-slot 0/1
enable secret 5 $1$kIZg$Vw.ufLKpVGU94fW30uX5l1
!
no aaa new-model
!
resource policy
!
!
!
ip cef
!
!
!
!
!
voice-card 0
no dspfarm
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
username admin privilege 15 secret 5 $1$GC.I$hLUntGvE/zVwTZ7qW4RuF.
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 192.168.0.2 255.255.255.248
ip route-cache flow
duplex full
speed 100
!
interface FastEthernet0/1
description LINK 192.168.10.6
no ip address
ip route-cache flow
duplex full
speed 100
!
interface FastEthernet0/1.101
description WHA1992
encapsulation dot1Q 101
ip address 192.168.1.1 255.255.255.0
ip helper-address 192.168.0.43
!
interface FastEthernet0/1.102
description WHA1992-WL
encapsulation dot1Q 102
ip address 192.168.2.1 255.255.255.0
ip helper-address 192.168.0.43
!
interface FastEthernet0/1.103
description PARENT
encapsulation dot1Q 103
ip address 192.168.3.1 255.255.255.0
ip helper-address 192.168.0.43
!
interface FastEthernet0/1.104
description PARENT-WL
encapsulation dot1Q 104
ip address 192.168.4.1 255.255.255.0
ip helper-address 192.168.0.43
!
interface FastEthernet0/1.105
description SECURITY
encapsulation dot1Q 105
ip address 192.168.5.1 255.255.255.0
ip helper-address 192.168.0.43
!
interface FastEthernet0/1.110
description MANAGEMENT
encapsulation dot1Q 110
ip address 192.168.10.1 255.255.255.0
ip helper-address 192.168.0.43
!
ip default-gateway 192.168.0.9
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
!
ip flow-export version 9 origin-as bgp-nexthop
ip flow-export template options export-stats
ip flow-export template options timeout-rate 120
ip flow-export template options refresh-rate 25
ip flow-export template timeout-rate 90
ip flow-export template refresh-rate 15
!
no ip http server
no ip http secure-server
!
logging history informational
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
banner motd ^CCCCC

**************************************
* WHA1992 Legal Notice *
**************************************

This system is restricted solely to WHA1992 authorized users for
legitimate purposes only. The actual or attempted access, use, or
modification of this system is strictly prohibited by WHA1992.
Unauthorized users are subject to state, federal, or other applicable
domestic and foreign laws. The use of this system may be monitored
and recorded for administrative and security reasons. Anyone accessing
this system expressly consents to such monitoring and is advised
that if such monitoring reveals possible evidence of criminal
activity, WHA1992 may provide the evidence of such activity to law
enforcement officials. All users must comply with WHA1992 Corporate
instructions regarding the protection of WHA1992 and customer
information assets.

^C
!
line con 0
logging synchronous
login local
line aux 0
line vty 0 4
logging synchronous
login local
!
scheduler allocate 20000 1000
!
end

Masoud Pourshabanian · ‎12-03-2015

Hello,

if the internal IP of CL router is 192.168.0.9 , you need to configure an IP in the same range.

If the subnet mask of CL internal interface is 248 so you need to change your IP on the 2811 interface. For example use 192.168.0.10

interface FastEthernet0/0
ip address 192.168.0.10 255.255.255.248

If the subnet mask of CL router is 255.255.255.0 then

interface FastEthernet0/0
ip address 192.168.0.2 255.255.255.0

Now the configuration of johnlloyd should work.

Just a suggestion. Instead of doing two NATs on 2811 and CL routers, Just do one NAT on CL.

Check your CL router.

Configure route 192.168.0.0 to 2811( return route)

Check the access-list or firewall to see if 192.168.0.0 is allowed.

Hope it helps,

Masoud

View solution in original post

johnlloyd_13 · ‎12-02-2015

hi,

try to configure as below:

no ip default-gateway 192.168.0.9
no ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
ip route 0.0.0.0 0.0.0.0 192.168.0.9

access-list 10 permit 192.168.0.0 0.0.255.255
ip nat inside source list 10 interface FastEthernet0/0 overload

interface FastEthernet0/0
ip nat outside

interface FastEthernet0/1.101
ip nat inside

interface FastEthernet0/1.102
ip nat inside

interface FastEthernet0/1.103
ip nat inside

interface FastEthernet0/1.104
ip nat inside

interface FastEthernet0/1.105
ip nat inside

interface FastEthernet0/1.110
ip nat inside

brentpavlovich · ‎12-03-2015

Thanks for your quick response. Unfourtnatly that didnt work. While it did NAT correctly i still cant ping out to the internet from any device behind the router. Or from the 192.168.0.2 interface on the router.

Thanks

Masoud Pourshabanian · ‎12-03-2015