02-19-2011 04:25 PM - edited 03-04-2019 11:29 AM
Hello everyone.
I got 2 DC Cisco MWR 1941 and 3600, I do not know the reason why when I set up IP NAT to 1941 does not work but if I do it in the 3600 if it works. someone could help me please?
02-24-2011 05:09 AM
Please provide the config you apply to both routers together with a show version and try to describe what's is actually not working (is the NAT entry created or not,etc...).
Thx,
Fabrice
02-24-2011 12:06 PM
02-25-2011 12:34 AM
Thanks for the config and sh version. That's really basic config. What is not working exactly ? There is no traffic translated at all or only some applications are not working ? Do you have some NAT entries when traffic flow through the router ?
Thx,
Fabrice
02-25-2011 04:58 AM
There is no traffic translated at all, but I can ping from inside the router from any interface using ping internet_ip source fastEthernet 0/0, but I can't ping from Lan side to any internet ip.
Thank you.
Miguel Paulino
03-01-2011 01:09 AM
Ok, taking a closer look to your config, I see you use 'no ip routing' and 'ip default-gateway x.x.x.x'. With this config, the router behaves like a host, i.e. doesn't route any packet. That explains why you can reach Internet from router itself but not from any hosts on the LAN.
This behavior should be the same with all Cisco routers.
You need to enable 'ip routing' if you want hosts to be routed (and NATed) through the router.
You need as well to configure a default route instead of a default gateway -> ip route 0.0.0.0 0.0.0.0 x.x.x.x
It's recommended to enable CEF as well (ip cef)
Thx,
Fabrice
03-01-2011 07:37 AM
Hi,
Thank Fabrice for you reply.
I already corrected ip routting option, but in this plataform ip cef is enable by default and I can't disable it. the same condition still persists no traslate any address from the local lan.
again attached the current configuration file.
Thanks.
Miguel Paulino
03-01-2011 09:10 AM
ok, please start 'debug ip nat' and do :
1. a ping from the router to any IP on Internet with source IP = Fa0/0
2. a ping from a host on your LAN (which uses Fa0/0 of 1941 router as DG) to same IP on Internet
3. take a snapshot of 'sh ip nat trans'
4. undebug all
Thx,
Fabrice
03-01-2011 01:12 PM
Ok,
I activated the debug mode, but does not display any events.
however, are data in the translation table.
According to what I found on the cisco website, maybe the router is optimized for specific functions.
The MWR 1941-DC Mobile Wireless Edge Router is a networking platform optimized for use in mobile wireless networks; specifically designed to be used at the cell site edge as a part of an IP Radio Access Network (IP-RAN) or Cell Site Data Communications Network (DCN).
Maybe this is the reason that the translations address does not work.
03-01-2011 02:03 PM
1) Can you try turning off CEF just in case to test if this is an issue with CEF.You can try the "no ip cef" command
03-01-2011 02:48 PM
I tried to disable this function, but the router said "you can not disable IP CEF on this plantaform"
03-02-2011 02:19 PM
I'm expecting to see debug output, at least when you do the ping from the router. Are you sure you had 'term mon' enabled if you access the router via teln
et or check your logging info via 'sh logging' and please redo both pings test.
If there is still no debug output, please turn 'ip flow egress' on FastEthernet0/1 and redo the 2 ping tests. Then please collect 'sh ip cache flow'
Thx
Fabrice
03-03-2011 12:42 PM
The command ip flow egress is not available on this plataform only has ip flow ingress, but I can see the debug result after enable term mon and using ping google.com source fastethernet 0/0, there was not event when I try to ping from my pc. attached is debug file.
thank.
Miguel Paulino
03-04-2011 02:53 PM
Since we don't see any debug output for packets generated from inside host, this means NAT code is not even called. I would like to make sure packets from inside host are forwarded on Fa0/1. Can you please add the below access-list on Fa0/1 and do a ping to google.com (74.125.229.48) from the inside host :
access-list 132 permit icmp host 195.168.1.x host 74.125.229.48 (where 195.168.1.x is the address of the inside host you do the ping from)
access-list 132 permit ip any any
interface fa0/1
ip access-group 132 out
Then please collect 'sh ip access-list 132'
Thx,
Fabrice
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide