Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1758
Views
0
Helpful
4
Replies

NAT only works from router

peto.frank@gmail.com
Level 1
Level 1

‎06-01-2019 12:01 AM

Good day guys,

I am having trouble with NAT on Cisco MWR 2941-DC Mobile Wireless Router.

For the sake of simplicity I have created "ip nat inside source list 100 interface Vlan776 overload"

and very simple access list 100.. Ideally i want to use pool with 41.78.x.x addresses instead of overloading vlan776.

 

I can ping 8.8.8.8 directly from router using: ping 8.8.8.8 source vlan 800 (output below) but not from my PC which is connected via G0/3, there is no nat debug when pinging from my PC.

ANY help is highly appreciated :)

 

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
Packet sent with a source address of 10.10.10.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 52/52/56 ms
NAT-ROUTER#
*Sep 6 19:14:17.958: NAT: Entry assigned id 5
*Sep 6 19:14:17.958: NAT: ICMP id=18->1024
*Sep 6 19:14:17.958: NAT: s=10.10.10.1->197.211.x.x, d=8.8.8.8 [88]
*Sep 6 19:14:18.007: NAT*: ICMP id=1024->18
*Sep 6 19:14:18.007: NAT*: s=8.8.8.8, d=197.211.x.x->10.10.10.1 [0]

 

--------------------------------sh ip int brief----------------------------------

NAT-ROUTER#sh ip int brief
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0 unassigned YES unset up down
GigabitEthernet0/1 unassigned YES unset up down
GigabitEthernet0/2 unassigned YES unset up up
GigabitEthernet0/3 unassigned YES unset up up
GigabitEthernet0/4 unassigned YES unset up down
GigabitEthernet0/5 unassigned YES unset up down
Vlan1 unassigned YES unset administratively down down
Vlan776 197.211.126.163 YES manual up up
Vlan778 41.78.218.1 YES manual up up
Vlan800 10.10.10.1 YES manual up up

 

 

---------------------------- Config-------------------------------

 

Building configuration...

Current configuration : 1946 bytes
!
! Last configuration change at 18:56:54 UTC Thu Sep 6 2018
!
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname NAT-ROUTER
!
boot-start-marker
boot-end-marker
!
!
!card type command needed for slot/vwic-slot 0/0
enable secret 4 ZnG/aSx1yRUOhDwmqvCTPLUmSVVKtU7/Nb4WJmlAttQ
!
no aaa new-model
ptp mode ordinary
ptp priority1 128
ptp priority2 128
ptp domain 0
ip source-route
ip cef
!
!
!
no ip domain lookup
no ipv6 cef
!
!
multilink bundle-name authenticated
!
!
spanning-tree mode pvst
spanning-tree extend system-id
username pef password 7 131512060E1E227B727C7D
!
controller BITS
applique E1
!
vlan internal allocation policy ascending
!
!


interface GigabitEthernet0/0
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
switchport trunk allowed vlan 776,778
switchport mode trunk
!
interface GigabitEthernet0/3
switchport access vlan 800
switchport mode access
!
interface GigabitEthernet0/4
!
interface GigabitEthernet0/5
!
interface Vlan1
no ip address
ip mtu 1500
shutdown
no ptp enable
!
interface Vlan776
ip address 197.211.x.x 255.255.255.248
ip nat outside
no ptp enable
!
interface Vlan778
ip address 41.78.x.x 255.255.255.0
no ptp enable
!
interface Vlan800
ip address 10.10.10.1 255.255.255.0
ip nat inside
no ptp enable
!
ip nat inside source list 100 interface Vlan776 overload
!
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 197.211.x.x
!
logging esm config
access-list 100 permit ip 10.10.10.0 0.0.0.255 any
!
!
!
control-plane
!
!
line con 0
logging synchronous
no modem enable
line aux 0
line vty 0 4
login local
transport input telnet
line vty 5 15
login local
transport input telnet
!
exception crashinfo buffersize 128
network-clock-select hold-timeout infinite
network-clock-select mode nonrevert
end

Labels:
0 Helpful
4 Replies 4

Georg Pauwen
VIP
VIP

‎06-01-2019 01:04 AM - edited ‎06-01-2019 01:42 AM

Hello,

 

the router configuration looks ok. What is connected to GigabitEthernet0/3, a Windows machine ? What is the output of 'ipconfig /all' ? Can you even ping the default gateway (the Vlan 800 interface IP address) from the machine connected to Gig0/3 ?

 

Also, can you actually reach the Internet at all from the PC ? Possibly the local PC firewall is blocking PING (ICMP) traffic...

0 Helpful

peto.frank@gmail.com
Level 1
Level 1
In response to Georg Pauwen

‎06-01-2019 02:03 AM

Hi and thanks for the reply,

Yes, PC is Windows machine with disabled FW and ip of 10.10.10.10/24, I can ping 10.10.10.1 (DGW)  of the router's vlan800 interface as well as 41.78.x.x on vlan Vlan778. Pinging anything outside of course does not work as this is where NAT should come into play.

 

Below relevant part from ipconfig/all

Ethernet adapter Ethernet 3:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) 82579LM Gigabit Network Connection #2
Physical Address. . . . . . . . . : 00-23-CB-DB-A8-E2
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::b10b:ef0b:d5a4:6d14%15(Preferred)
IPv4 Address. . . . . . . . . . . : 10.10.10.10(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.10.10.1
DHCPv6 IAID . . . . . . . . . . . : 1462293060
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-23-EF-07-03-02-00-4C-4F-4F-50
DNS Servers . . . . . . . . . . . : 8.8.8.8
NetBIOS over Tcpip. . . . . . . . : Enabled

0 Helpful

Georg Pauwen
VIP
VIP
In response to peto.frank@gmail.com

‎06-01-2019 05:04 AM

Hello,

 

try the 'newer' NVI NAT:

 

interface Vlan776
ip address 197.211.x.x 255.255.255.248
ip nat enable
no ptp enable
!
interface Vlan778
ip address 41.78.x.x 255.255.255.0
no ptp enable
!
interface Vlan800
ip address 10.10.10.1 255.255.255.0
ip nat enable
no ptp enable
!
ip nat source list 100 interface Vlan776 overload
!

0 Helpful

paul driver
VIP
VIP

‎06-01-2019 03:31 AM - edited ‎06-01-2019 03:52 AM

Hello
I dont see any access port in vlan 776 connecting to the WAN/outside are you using the trunk port gig0/2 if so why as trunk and not a access port?

Do you wish to use both vl776 and 778 or just 778?

If the latter then to nat on vlan 778 then you need to enable nat on that vlan and also this subnet needs to be publicly reachable from outside your network.

 

int vlan 778
ip nat outside

no ip nat inside source list 100 interface Vlan776 overload
no ip route 0.0.0.0 0.0.0.0 197.211.x.x
ip route 0.0.0.0 0.0.0.0 vlan776 197.211.x.x
ip nat pool vl778 41.78.x.x 41.78.x.x prefix-length 24
ip nat inside source list 100 pool vl778


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Customers Also Viewed These Support Documents