Re: NAT Configuration with ip routing (2811 <---> AS5300) - Page 2

hirmoge123_2 · ‎09-22-2009

Hello, I need to interconnect two Cisco routers (2811 and A5300) through IP, and my purpose is to use 2811 as NAT service provider to translate between Private and Public, so that office LAN can use Private IP to access the internet.

AS5300 is working as our internet gateway provider and we use static public IP addresses, for security we need to use NAT.

As shown in the attached diagram, 2811 has 2 FE, I used FE0/0 to connect to the public switch and FE0/1 is connected to private switch to provide private IP and internet accessibility.

My problem is that how to make routing between AS5300 and 2811, and also to check with me if the NAT configuration is correct.

Attached are:

2811 sh config

AS5300 sh config

Diagram

platinum_jem · ‎09-23-2009

Post the ipconfigs for your client

Yes, you need to make sure they are configured with default gateway 10.10.0.1.

Post also

1) PING to 10.10.0.1

2) PING to www.yahoo.com

hirmoge123_2 · ‎09-23-2009

Microsoft Windows XP [Version 5.1.2600]

C:\Documents and Settings\Administrator>ipconfig

Windows IP Configuration

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :

IP Address. . . . . . . . . . . . : 10.10.0.4

Subnet Mask . . . . . . . . . . . : 255.255.0.0

Default Gateway . . . . . . . . . : 10.10.0.1

C:\Documents and Settings\Administrator>ipconfig

Windows IP Configuration

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :

IP Address. . . . . . . . . . . . : 10.10.0.4

Subnet Mask . . . . . . . . . . . : 255.255.0.0

Default Gateway . . . . . . . . . : 10.10.0.1

C:\Documents and Settings\Administrator>ping 10.10.0.1

Pinging 10.10.0.1 with 32 bytes of data:

Reply from 10.10.0.1: bytes=32 time<1ms TTL=255

Ping statistics for 10.10.0.1:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\Documents and Settings\Administrator>ping 196.201.205.3

Pinging 196.201.205.3 with 32 bytes of data:

Reply from 196.201.205.3: bytes=32 time<1ms TTL=255

Ping statistics for 196.201.205.3:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\Documents and Settings\Administrator>ping www.yahoo.com

Ping request could not find host www.yahoo.com. Please check the name and try ag

ain.

platinum_jem · ‎09-23-2009

>> C:\Documents and Settings\Administrator>ping www.yahoo.com

>> Ping request could not find host www.yahoo.com. Please check the name and try again.

Your client is not configured with DNS servers.

Please do a PING to 209.131.36.158 (IP for www.yahoo.com) instead.

Your PINGs from client looks okay. Perhaps because your clients are not configured with DNS servers, they are not able to surf the Internet.

hirmoge123_2 · ‎09-23-2009

Microsoft Windows XP [Version 5.1.2600]

C:\Documents and Settings\Administrator>ping 209.131.36.158

Pinging 209.131.36.158 with 32 bytes of data:

Request timed out.

Ping statistics for 209.131.36.158:

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

C:\Documents and Settings\Administrator>ping 74.125.67.100

Pinging 74.125.67.100 with 32 bytes of data:

Request timed out.

Ping statistics for 74.125.67.100:

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

platinum_jem · ‎09-23-2009

Can you do a traceroute and see where it stops ?

hirmoge123_2 · ‎09-24-2009

Microsoft Windows XP [Version 5.1.2600]

C:\Documents and Settings\Administrator>tracert 209.131.36.158

Tracing route to 209.131.36.158 over a maximum of 30 hops

1 * * * Request timed out.

2 * * * Request timed out.

3 * * * Request timed out.

4 * * * Request timed out.

5 * * * Request timed out.

6 * * * Request timed out.

7 * * * Request timed out.

8 * * * Request timed out.

9 * * * Request timed out.

10 * * * Request timed out.

11 * * * Request timed out.

12 * * * Request timed out.

13 * * * Request timed out.

14 * * * Request timed out.

15 * * * Request timed out.

16 * * * Request timed out.

17 * * * Request timed out.

18 * * * Request timed out.

19 * * * Request timed out.

20 * * * Request timed out.

21 * * * Request timed out.

22 * * * Request timed out.

23 * * * Request timed out.

24 * * * Request timed out.

25 * * * Request timed out.

26 * * * Request timed out.

27 * * * Request timed out.

28 * * * Request timed out.

29 * * * Request timed out.

30 * * * Request timed out.

Trace complete.

hirmoge123_2 · ‎09-24-2009

now routing is working after disabling this command:

!

no ip routing

!

Thanks for your efforts

hirmoge123_2 · ‎09-24-2009

Now NAT and routing are working well, what type of NAT is best to deploy in term of efficiency and reliability. now i am using only one public ip address for nat, as you can see below output.

2800#sh ip nat translations

Pro Inside global Inside local Outside local Outside global

tcp 196.201.205.3:1128 10.10.0.5:1128 74.15.246.63:60967 74.15.246.63:60967

tcp 196.201.205.3:1151 10.10.0.5:1151 90.210.153.93:43871 90.210.153.93:43871

tcp 196.201.205.3:1172 10.10.0.5:1172 90.220.58.229:52718 90.220.58.229:52718

tcp 196.201.205.3:1214 10.10.0.5:1214 173.33.239.199:33485 173.33.239.199:33485

tcp 196.201.205.3:1270 10.10.0.5:1270 174.3.135.41:43633 174.3.135.41:43633

tcp 196.201.205.3:1281 10.10.0.5:1281 87.101.161.101:55826 87.101.161.101:55826

tcp 196.201.205.3:1288 10.10.0.5:1288 173.6.142.89:34207 173.6.142.89:34207

tcp 196.201.205.3:1297 10.10.0.5:1297 196.209.111.116:14151 196.209.111.116:14151

tcp 196.201.205.3:1347 10.10.0.5:1347 196.221.185.195:11800 196.221.185.195:11800

tcp 196.201.205.3:1408 10.10.0.5:1408 188.24.15.201:27328 188.24.15.201:27328

tcp 196.201.205.3:1423 10.10.0.5:1423 95.209.210.59:41341 95.209.210.59:41341

tcp 196.201.205.3:1443 10.10.0.5:1443 122.107.82.187:13050 122.107.82.187:13050

tcp 196.201.205.3:1467 10.10.0.5:1467 203.206.110.4:51733 203.206.110.4:51733

tcp 196.201.205.3:1496 10.10.0.5:1496 77.54.215.160:59729 77.54.215.160:59729

tcp 196.201.205.3:1502 10.10.0.5:1502 89.143.162.177:52335 89.143.162.177:52335

tcp 196.201.205.3:1534 10.10.0.5:1534 190.201.255.11:37402 190.201.255.11:37402

tcp 196.201.205.3:1548 10.10.0.5:1548 93.125.189.43:35333 93.125.189.43:35333

tcp 196.201.205.3:1570 10.10.0.5:1570 154.5.121.77:50256 154.5.121.77:50256

tcp 196.201.205.3:1614 10.10.0.5:1614 121.44.235.243:61052 121.44.235.243:61052

tcp 196.201.205.3:1616 10.10.0.5:1616 86.157.47.58:33550 86.157.47.58:33550

tcp 196.201.205.3:1622 10.10.0.5:1622 123.236.147.54:12604 123.236.147.54:12604

tcp 196.201.205.3:1623 10.10.0.5:1623 76.69.128.44:18009 76.69.128.44:18009

tcp 196.201.205.3:1652 10.10.0.5:1652 138.217.152.47:46612 138.217.152.47:46612