Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
505
Views
0
Helpful
0
Replies

IOS XE and NAT

Mike Buyarski
Level 3
Level 3

‎04-28-2015 06:27 AM - edited ‎03-05-2019 01:21 AM

SO apparently they changed how you config NAT on IOS-XE the old way does not seem to work. i was testing out a new 4331 router and NAT does not work with the config i have which is the same NAT config i have for many many IOS routers. so what did Cisco change to make this config not work?

Building configuration...

Current configuration : 4467 bytes
!
! Last configuration change at 08:22:59 CDT Tue Apr 28 2015
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no platform punt-keepalive disable-kernel-core
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
vrf definition Mgmt-intf
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!
enable secret 5 "password"
!
no aaa new-model
clock timezone CST -6 0
clock summer-time CDT recurring
!
!
!
!
!
!
!
!
!


ip domain name domain.local
ip name-server 10.101.1.15
ip name-server 10.101.1.19

!
!
!
ip wccp 10
!
!
!
!
!
!
!
subscriber templating
!
multilink bundle-name authenticated
!
!
!
crypto pki trustpoint TP-self-signed-1315675230
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1315675230
 revocation-check none
 rsakeypair TP-self-signed-1315675230
!
!
crypto pki certificate chain TP-self-signed-1315675230
 certificate self-signed 01
  3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 31333135 36373532 3330301E 170D3135 30343237 31393532
  32375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 33313536
  37353233 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100C9A1 D4162EF4 E2937E26 6B731B43 F991726B 3152B040 7B07558A 4397034E
  28697D16 2BE6E5E8 0B7B2455 01E89D33 D7910604 11239842 A07F067D 6264182A
  6C953E31 6812B6F2 DB162475 E860A7AC 5441E1AD 04B76344 C9671EAD 47C0358D
  07DB1B08 687C220B D3D215BE F2DF13CD F8C692ED 13C9F801 00601938 B8F4FA08
  6CB50203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
  551D2304 18301680 140CED3F C3AB1ADD 1B04145E AE6CE85B B37BA5D5 73301D06
  03551D0E 04160414 0CED3FC3 AB1ADD1B 04145EAE 6CE85BB3 7BA5D573 300D0609
  2A864886 F70D0101 05050003 8181002E BD3142BF 835E66F6 979822CA A1BC6EC3
  9ACE9CE5 E31CEF4A 45A0E3E1 5239B151 93863BAA 3A48397F 8A405CB0 A61344D6
  776BD9C3 4C60D490 6619A93C A96937C7 3F19F0B7 C328E287 AB97F822 7E347567
  5FD3D4BE D615A361 7DBFF680 06213CAA 46097C77 1418A153 2993289D 91A27A73
  67F449E7 9E6F8D4A 19E9882F B905FC
        quit
license udi pid ISR4331/K9 sn FDO19061F0Q
!
username "UN" privilege 15 secret 5 "password"
!
redundancy
 mode none
!
!
!
!
!
!
ip tftp source-interface GigabitEthernet0/0/0
!
class-map type inspect match-any FIREOUT
 match protocol http
 match protocol https
 match protocol ftp
 match protocol tftp
 match protocol tcp
 match protocol udp
 match protocol icmp
!
policy-map type inspect FIREOUT
 class type inspect FIREOUT
  inspect
 class class-default
!
zone security BAY
 description bay firewall
zone-pair security BAY source BAY destination BAY
 service-policy type inspect FIREOUT
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0/0
 ip address 10.1.1.7 255.255.0.0
 ip nat inside
 negotiation auto
!
interface GigabitEthernet0/0/1
 ip address "external IP and Subnet mask"
 ip nat outside
 negotiation auto
!
interface GigabitEthernet0/0/2
 no ip address
 shutdown
 negotiation auto
!
interface GigabitEthernet0
 vrf forwarding Mgmt-intf
 no ip address
 shutdown
 negotiation auto
!
!
router eigrp 10
 network 10.0.0.0
!
ip nat inside source list 102 interface GigabitEthernet0/0/1 overload
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip route 0.0.0.0 0.0.0.0 "GW IP"
!
!
ip access-list extended acl_inbound
 permit udp any eq bootps any
 permit icmp any any echo
 permit icmp any any echo-reply
 permit icmp any any traceroute
 permit icmp any any unreachable
 permit icmp any any time-exceeded
 permit tcp 216.170.229.0 0.0.0.63 any eq telnet
 permit ip host 216.170.229.58 any
 remark ####Ports for VPN
 permit gre any any
 permit tcp any any eq 443
 permit tcp any any eq 1723
 permit tcp any eq 1723 any
 permit esp any any
 permit ahp any any
 permit udp any eq isakmp any eq isakmp
 permit udp any any eq 1701
 permit udp any eq 1701 any eq 1701
 permit udp any any eq isakmp
 permit udp any eq non500-isakmp any
 permit udp any any eq non500-isakmp
 deny   ip any any
!
access-list 102 permit ip 10.0.0.0 0.0.0.255 any
!
!
!
control-plane
!
!
line con 0
 password "password"
 stopbits 1
line aux 0
 stopbits 1
line vty 0 4
 password "password"
 login
 transport input all
!
!
end

Router#

3 people had this problem
Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents