Re: ip nat question

visteknetworking · ‎10-01-2007

Hi

I have encounter Nat problem on the config below.

The thing is that router itself sees the internet but local clients(workstations) don't see any internet .

Client can't ping outside nor they can see web pages.

I assume something wrong with the nat

Thank you for your help

interface Serial0/0

description connected to Internet

ip address 227.227.227.227 255.255.255.252

no ip directed-broadcast

ip nat outside

encapsulation ppp

load-interval 30

service-module t1 remote-alarm-enable

!

interface Ethernet0/1

ip address 192.168.10.1 255.255.255.0

no ip directed-broadcast

ip nat inside

!

interface Serial0/1

no ip address

no ip directed-broadcast

shutdown

!

router eigrp 2468

passive-interface Serial0/0

network 222.222.222.0

no auto-summary

!

ip nat inside source list 100 interface Serial0/0 overload

ip classless

ip route 0.0.0.0 0.0.0.0 227.227.227.228

!

logging trap debugging

logging 192.168.10.122

access-list 1 permit any

access-list 100 permit ip 192.168.10.0 0.0.0.255 any

luqmankondeth · ‎10-01-2007

I dont see any problems with NAT.

what is eigrp doing here?

RUn a couple of debugs and show commands like

debug ip packet 100

sh ip nat translations

if still having problems, do a clear ip nat translations *

Richard Burts · ‎10-01-2007

Bar

I think that I understood your post to indicate that the router itself can access resources in the Internet (can ping resources by name and by address in the Internet) but want to make sure that I did understand this correctly.

Assuming that it is true that the router does have internet connectivity then we can assume that is is not a basic IP connectivity issues.

The next thing that I would want to check is whether the clients have properly configured default gateway (also properly configured IP address and mask). The easy way to check this is to have the clients attempt to ping to the serial 0/0 interface of the router. My guess is that the clients will not be able to ping the outside interface of the router. Give this a try and let us know the results.

HTH

Rick

HTH

Rick

visteknetworking · ‎10-01-2007

Hi,

Well,

The thing is that I have posted this config from my backup router. I was trying to use it on friday when my primary router has crashed.

I managed to recover the original one and now it is working fine.

The reason why I have posted this post is because I want to know why the backup router didn't work when I needed.

Also as you can imagine that I can't test the config since the backup router is not connected any longer.

Any Idea what should I do ?

Thank you again

ankbhasi · ‎10-01-2007

Hi Bar,

I do not see any HSRP configuration on your lan interface that means no virtual gateway address for your clients which makes me believe your clients must be having gateway address configured for your primary router lan interface and when it crashed clients not able to reach gateway and also not abl to connect to internet.

HTH

Ankur

Richard Burts · ‎10-01-2007

Bar

Ankur's thinking is going in exactly the direction that I indicated in my post. It seems very likely that the clients default gateway was not the interface address of this router. If this router was not their default gateway (and if the device that is their default gateway was down - as you seem to be saying) then that is the reason that clients could not access the Internet.

As for what you should do, I believe that you need to reconsider the functionality of the primary and backup router. As Ankur suggests it would seem logical that the primary and the backup router should run HSRP or do something like this.

HTH

Rick

HTH

Rick

visteknetworking · ‎10-01-2007

Sorry do say it but default gateway wast the interface of the router.

I checked it myself. and i'm pretty much sure that it was correct.

in regards the crash on the router I meant that I just replace the backup once with the old original there is no any kind of HSRP setup.

Thanks

rfearing72 · ‎10-02-2007

dude, you're advertising the wrong network via EIGRP... look at your serial interface config... you've got no adjancency I'm sure... do a {show ip nat tran} to see if you're getting nat

visteknetworking · ‎10-02-2007

hi

I think you are right

I can't check it now but i give full credit

enjoy