03-13-2019 08:38 PM
cisco.k259#ping 8.8.8.8 source 192.168.0.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
Packet sent with a source address of 192.168.0.5
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 40/42/44 ms
cisco.k259#
Mar 13 16:57:56.436: NAT: s=192.168.0.5->90.157.26.245, d=8.8.8.8 [1657]
Mar 13 16:57:56.480: NAT*: s=8.8.8.8, d=90.157.26.245->192.168.0.5 [0]
Mar 13 16:57:56.480: NAT: s=192.168.0.5->90.157.26.245, d=8.8.8.8 [1658]
Mar 13 16:57:56.524: NAT*: s=8.8.8.8, d=90.157.26.245->192.168.0.5 [0]
Mar 13 16:57:56.524: NAT: s=192.168.0.5->90.157.26.245, d=8.8.8.8 [1659]
Mar 13 16:57:56.568: NAT*: s=8.8.8.8, d=90.157.26.245->192.168.0.5 [0]
Mar 13 16:57:56.568: NAT: s=192.168.0.5->90.157.26.245, d=8.8.8.8 [1660]
Mar 13 16:57:56.612: NAT*: s=8.8.8.8, d=90.157.26.245->192.168.0.5 [0]
Mar 13 16:57:56.612: NAT: s=192.168.0.5->90.157.26.245, d=8.8.8.8 [1661]
Mar 13 16:57:56.656: NAT*: s=8.8.8.8, d=90.157.26.245->192.168.0.5 [0]
ping from the client does not go through NAT (no answer at all)
C:\>ping 8.8.8.8Pinging 8.8.8.8 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.Ping statistics for 8.8.8.8:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss)cisco.k259#
Mar 13 16:58:44.073: NAT*: s=192.168.0.12->90.157.26.245, d=8.8.8.8 [8632]
Mar 13 16:58:48.706: NAT*: s=192.168.0.12->90.157.26.245, d=8.8.8.8 [8633]
Mar 13 16:58:53.706: NAT*: s=192.168.0.12->90.157.26.245, d=8.8.8.8 [8634]
Mar 13 16:58:58.706: NAT*: s=192.168.0.12->90.157.26.245, d=8.8.8.8 [8635]
cisco.k259#show run
Building configuration...
Current configuration : 7255 bytes
!
! Last configuration change at 22:08:00 GMT Mon Mar 11 2019 by atest
! NVRAM config last updated at 14:43:41 GMT Sun Mar 10 2019 by atest
!
version 15.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service internal
!
hostname cisco.k259
!
boot-start-marker
boot-end-marker
!
!
logging discriminator FAN-FAIL severity drops 3 facility drops FAN mnemonics drops FAN_FAILED
logging buffered discriminator FAN-FAIL
no logging console
logging monitor discriminator FAN-FAIL
enable secret 5 $1$WSti$mDMsh6sXY2iguEI/Mchiy1
enable password xxxxxxxx_
!
no aaa new-model
memory-size iomem 10
clock timezone GMT 5 0
!
crypto pki trustpoint TP-self-signed-3690135629
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3690135629
revocation-check none
rsakeypair TP-self-signed-3690135629
!
!
crypto pki certificate chain TP-self-signed-3690135629
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
quit
!
!
!
ip dhcp excluded-address 192.168.0.1 192.168.0.7
!
ip dhcp pool k259
import all
network 192.168.0.0 255.255.255.0
default-router 192.168.0.3
domain-name k259
dns-server 192.168.0.12 8.8.8.8
lease 0 2
!
!
!
ip domain name k259
ip name-server 192.168.0.12
ip inspect WAAS flush-timeout 10
ip cef
no ipv6 cef
!
!
vpdn enable
!
vpdn-group PPTP_CLIENT
description Rostelecom ISP
request-dialin
protocol pptp
pool-member 1
initiate-to ip 10.0.0.1
!
cts logging verbose
license udi pid CISCO881W-GN-E-K9 sn FCZ164190LZ
!
!
username atest privilege 15 secret 4 6in4Lru2ZZ8N8cUij4q7JvPlkL..hsURCkjm.d4NOR2
!
!
!
!
no cdp run
!
!
!
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface FastEthernet4
ip address 10.0.47.132 255.255.255.0
duplex auto
speed auto
!
interface wlan-ap0
description Service module interface to manage the embedded AP
ip address 10.10.11.1 255.255.255.0
arp timeout 0
!
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
no ip address
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
ip address 192.168.0.3 255.255.255.0
ip address 192.168.0.5 255.255.255.0 secondary
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1360
!
interface Dialer0
description $ETH-WAN$
mtu 1436
ip address negotiated
ip nat outside
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1360
dialer pool 1
dialer idle-timeout 0
dialer string 123
dialer persistent
dialer vpdn
ppp authentication ms-chap-v2 callin
ppp chap hostname 90.157.26.245
ppp chap password 0 XXXXXXXXXX
no cdp enable
!
ip forward-protocol nd
ip http server
ip http access-class 23
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip http path flash:
!
no ip ftp passive
ip dns server
ip nat translation max-entries all-host 400
ip nat inside source static tcp 192.168.0.12 3389 interface Dialer0 3389
ip nat inside source list 101 interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0 3
ip route 10.0.0.1 255.255.255.255 10.0.47.1
ip route 10.10.11.0 255.255.255.0 wlan-ap0
!
dialer-list 1 protocol ip permit
!
snmp-server community k259 RO
access-list 1 remark internet
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 23 remark CCP_ACL Category=17
access-list 23 permit 10.10.10.0 0.0.0.7
access-list 23 permit 192.168.0.0 0.0.0.15
access-list 101 remark internet2
access-list 101 remark CCP_ACL Category=2
access-list 101 remark test 2
access-list 101 permit ip 192.168.0.0 0.0.0.255 any
access-list 150 remark WAN rule
access-list 150 remark CCP_ACL Category=1
access-list 150 remark WAN rule entry
access-list 150 permit ip any any
!
vstack
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------
^C
banner login ^C
-----------------------------------------------------------------------
Cisco Configuration Professional (Cisco CP) is installed on this device.
^C
!
line con 0
login local
no modem enable
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
line vty 0 4
access-class 23 in
privilege level 15
password xxxxxxxx
login local
transport input telnet ssh
!
ntp master
ntp update-calendar
ntp server ntp2.stratum2.ru
!
end
03-13-2019 08:58 PM
Are you able to connect to the internet and is it just icmp you are having a problem with. In which case put an access list on you dialer inbound allowing icmp echo replies.
03-14-2019 02:23 AM
03-15-2019 08:18 AM
So, gentlemens, the problem was at CEF.
no ip cef
Brings NAT to the working state.
03-14-2019 01:44 AM
Hello
@aleks222 wrote:
Very simple networkclient -> Cisco 881 -> ISPbit more detailsclient(192.168.0.12) -> Vlan1(192.168.0.3, ip nat inside) -> Dialer0(90.157.26.245, ip nat outside) -> ISPThe configuration is enclosed at the bottom.The problem is as follows:
Ping from the router is successfully transmitted through NATcisco.k259#ping 8.8.8.8 source 192.168.0.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
Packet sent with a source address of 192.168.0.5
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 40/42/44 ms
cisco.k259#
Mar 13 16:57:56.436: NAT: s=192.168.0.5->90.157.26.245, d=8.8.8.8 [1657]
Mar 13 16:57:56.480: NAT*: s=8.8.8.8, d=90.157.26.245->192.168.0.5 [0]
Mar 13 16:57:56.480: NAT: s=192.168.0.5->90.157.26.245, d=8.8.8.8 [1658]
Mar 13 16:57:56.524: NAT*: s=8.8.8.8, d=90.157.26.245->192.168.0.5 [0]
Mar 13 16:57:56.524: NAT: s=192.168.0.5->90.157.26.245, d=8.8.8.8 [1659]
Mar 13 16:57:56.568: NAT*: s=8.8.8.8, d=90.157.26.245->192.168.0.5 [0]
Mar 13 16:57:56.568: NAT: s=192.168.0.5->90.157.26.245, d=8.8.8.8 [1660]
Mar 13 16:57:56.612: NAT*: s=8.8.8.8, d=90.157.26.245->192.168.0.5 [0]
Mar 13 16:57:56.612: NAT: s=192.168.0.5->90.157.26.245, d=8.8.8.8 [1661]
Mar 13 16:57:56.656: NAT*: s=8.8.8.8, d=90.157.26.245->192.168.0.5 [0]ping from the client does not go through NAT (no answer at all)
C:\>ping 8.8.8.8Pinging 8.8.8.8 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.Ping statistics for 8.8.8.8:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss)cisco.k259#
Mar 13 16:58:44.073: NAT*: s=192.168.0.12->90.157.26.245, d=8.8.8.8 [8632]
Mar 13 16:58:48.706: NAT*: s=192.168.0.12->90.157.26.245, d=8.8.8.8 [8633]
Mar 13 16:58:53.706: NAT*: s=192.168.0.12->90.157.26.245, d=8.8.8.8 [8634]
Mar 13 16:58:58.706: NAT*: s=192.168.0.12->90.157.26.245, d=8.8.8.8 [8635]
Looks like nat is working, Check to make sure you dont have any software FW on the client negating echo-reply, for testing tuning the client FW off and try again.
03-14-2019 02:30 AM
03-14-2019 02:50 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide