cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1652
Views
0
Helpful
13
Replies

NAT IP is not working in MWR 1941 DC

mpaulino710
Level 1
Level 1

Hello everyone.
I got 2 DC Cisco MWR 1941 and 3600, I do not know the reason why when I set up IP NAT to 1941 does not work but if I do it in the 3600 if it works. someone could help me please?

13 Replies 13

Fabrice Ducomble
Cisco Employee
Cisco Employee

Please provide the config you apply to both routers together with a show version and try to describe what's is actually not working (is the NAT entry created or not,etc...).

Thx,

Fabrice

Thank you for replaying.

I'm using same config in both router (1941 and 3600) but only 3600 work, attach are running config and show versions of MWR 1941DC

thx

Thanks for the config and sh version. That's really basic config. What is not working exactly ? There is no traffic translated at all or only some applications are not working ? Do you have some NAT entries when traffic flow through the router ?

Thx,


Fabrice

There is no traffic translated at all, but I can ping from inside the router from any interface using ping internet_ip source fastEthernet 0/0, but I can't ping from Lan side to any internet ip.

Thank you.

Miguel Paulino

Ok, taking a closer look to your config, I see you use 'no ip routing' and 'ip default-gateway x.x.x.x'. With this config, the router behaves like a host, i.e. doesn't route any packet. That explains why you can reach Internet from router itself but not from any hosts on the LAN.

This behavior should be the same with all Cisco routers.

You need to enable 'ip routing' if you want hosts to be routed (and NATed) through the router.

You need as well to configure a default route instead of a default gateway -> ip route 0.0.0.0 0.0.0.0 x.x.x.x

It's recommended to enable CEF as well (ip cef)

Thx,


Fabrice

Hi,

Thank Fabrice for you reply.

I already corrected ip routting option, but in this plataform ip cef is enable by default and I can't disable it. the same condition still persists no traslate any address from the local lan.

again attached the current configuration file.

Thanks.

Miguel Paulino

ok, please start 'debug ip nat' and do :

1. a ping from the router to any IP on Internet with source IP = Fa0/0

2. a ping from a host on your LAN (which uses Fa0/0 of 1941 router as DG) to same IP on Internet

3. take a snapshot of 'sh ip nat trans'

4. undebug all

Thx,


Fabrice

Ok,

I activated the debug mode, but does not display any events.

however, are data in the translation table.

According to what I found on the cisco website, maybe the router is optimized for specific functions.
The MWR 1941-DC Mobile Wireless Edge Router is a networking platform optimized for use in mobile wireless networks; specifically designed to be used at the cell site edge as a part of an IP Radio Access Network (IP-RAN) or Cell Site Data Communications Network (DCN).

http://www.cisco.com/en/US/docs/wireless/mwr_1941/hardware_install/1941_hardware_install/guide/1941ovr.html

Maybe this is the reason that the translations address does not work.

1) Can you try turning off CEF just in case to test if this is an issue with CEF.You can try the "no ip cef" command

I tried to disable this function, but the router said "you can not disable IP CEF on this plantaform"

I'm expecting to see debug output, at least when you do the ping from the router. Are you sure you had 'term mon' enabled if you access the router via teln

et or check your logging info via 'sh logging' and please redo both pings test.

If there is still no debug output, please turn 'ip flow egress' on FastEthernet0/1 and redo the 2 ping tests. Then please collect 'sh ip cache flow'

Thx


Fabrice

The command ip flow egress is not available on this plataform only has ip flow ingress, but I can see the debug result after enable term mon and using ping google.com source fastethernet 0/0, there was not event when I try to ping from my pc. attached is debug file.

thank.

Miguel Paulino

Since we don't see any debug output for packets generated from inside host, this means NAT code is not even called. I would like to make sure packets from inside host are forwarded on Fa0/1. Can you please add the below access-list on Fa0/1 and do a ping to google.com (74.125.229.48) from the inside host :

access-list 132 permit icmp host 195.168.1.x host 74.125.229.48  (where 195.168.1.x is the address of the inside host you do the ping from)

access-list 132 permit ip any any

interface fa0/1

ip access-group 132 out

Then please collect 'sh ip access-list 132'

Thx,


Fabrice

Review Cisco Networking for a $25 gift card