Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1665
Views
0
Helpful
11
Replies

Nat/Pat Configuration help

Deepak Suryavanshi
Level 1
Level 1

‎01-19-2011 11:39 PM - edited ‎03-04-2019 11:09 AM

Dear Experts,

I have recently configured a router 2800 series for 2Mbps of Internet connections. E1 is directly terminated on the 2800

There are approx 20 + users on a remote site.

I am trying to configure a PAT so that all the lan users can access the internet.

Currently I have configured a NAT POOL and it is a one to one nat.

below is my config.

My question is how can I configure a PAT so that only one ip address will be used instead of assigning a pool.

Because if the users increase on site the POOL will be exausted.

I tried source list # ip nat inside source list 101 interface serial 0/1/0:0 overload however it does not work and none of the users are able to access internet.

when I run the command sh ip int brief I can see FA0/0 protocol is down can any one please help me weather the config is correct.

Test#sh ip int brief
Interface                  IP-Address      OK? Method Status                Prot
ocol
FastEthernet0/0            X.X.X.33   YES NVRAM  up                    down

FastEthernet0/1            192.168.96.1    YES NVRAM  up                    up

Serial0/0/0                unassigned      YES NVRAM  down                  down

Serial0/0/1                unassigned      YES NVRAM  administratively down down

Serial0/1/0:0              X.X.X.33   YES TFTP   up                    up

Config_____________________

Current configuration : 1869 bytes

!

version 12.3

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname test

!

boot-start-marker

boot-end-marker

!

no logging buffered

!

no aaa new-model

!

resource policy

!

no network-clock-participate wic 1

ip subnet-zero

!

!

ip cef

no ip dhcp use vrf connected

ip dhcp excluded-address 192.168.96.1 192.168.96.14

!

ip dhcp pool test

   network 192.168.96.0 255.255.255.0

   domain-name test.com

   default-router 192.168.96.1

   dns-server X.X.X.X

   lease 8

!

!

ip name-server X.x.x.x

ip name-server X.X.X.X

no ftp-server write-enable

!

username XXXXXX privilege 15 secret 5 $1$9rpI$NoasdfsdfsaJy58SMEXP1

!

!

controller E1 0/1/0

framing NO-CRC4

clock source internal

channel-group 0 timeslots 1-31

!

!

interface FastEthernet0/0

description $ETH-WAN$

ip address x.x.x.33 255.255.255.240

duplex auto

speed auto

!

interface FastEthernet0/1

ip address 192.168.96.1 255.255.255.0

ip nat inside

duplex auto

speed auto

!

interface Serial0/0/0

no ip address

clockrate 2000000

!

interface Serial0/0/1

no ip address

shutdown

clockrate 2000000

!

interface Serial0/1/0:0

ip unnumbered FastEthernet0/0

ip nat outside

!

interface BRI1/0

no ip address

shutdown

!

interface BRI1/1

no ip address

shutdown

!

interface BRI1/2

no ip address

shutdown

!

interface BRI1/3

no ip address

shutdown

!

ip classless

ip route 0.0.0.0 0.0.0.0 Serial0/1/0:0

!

ip http server

ip nat pool test-Nat-Pool x.x.x.34 x.x.x.44 netmask 255.255.255.240

ip nat inside source list 1 pool test-Nat-Pool

!

access-list 1 remark SDM_ACL Category=2

access-list 1 permit 192.168.96.0 0.0.0.255

access-list 101 remark SDM_ACL Category=16

access-list 101 permit ip any any

!

control-plane

!

!

line con 0

line aux 0

line vty 0 4

login local

!

scheduler allocate 20000 1000

!

end

Labels:
0 Helpful
11 Replies 11

skarthic
Cisco Employee
Cisco Employee

‎01-20-2011 01:53 AM

configure" ip nat outside" at fa0/0 i/f that is going to WAN

0 Helpful

Deepak Suryavanshi
Level 1
Level 1
In response to skarthic

‎01-20-2011 04:15 AM

Thanks for the reply

S0/1/0:0 is unnumbered with Fa0/0, Fa0/0 does not have any physical connection.

The internet link is directly terminated on E01/10 on Cisco 2800.

S0/1/0:0 is a virtual interface(correct me if I am wrong)

My question is will the ip nat outside work on an interface which does not have any connection?

Regards

Deepak

0 Helpful

mrdogantr
Level 1
Level 1
In response to Deepak Suryavanshi

‎01-20-2011 06:09 AM

Hi Deepak,

      "ip nat outside" command's don't work in this case. Sorry i don't understand what do you want?

hth

Muammmer

0 Helpful

Deepak Suryavanshi
Level 1
Level 1
In response to mrdogantr

‎01-20-2011 06:21 AM

So what kind of configuration should I follow Please help

0 Helpful

Varun Uniyal
Level 1
Level 1

‎01-20-2011 06:44 AM

since your default route is pointing out to s0/1/0:0 the packet will be sent out of that interface with an IP from the pool x.x.x.34 x.x.x.44.

Now the question is if the upstream device across s0/1/0:0 has a route for the pool ip's

you can always do a "sh ip nat translations" to check if the NAT translations are forming properly,

If nat is fine add a route on the upstream device for the NAT pool or atleast the inside global ip (as seen in sh ip nat translation)

If you are overloading on the s0/1/0:0 interface add a route on upstream device for x.x.x.33.

BTW you don't need a pool of 10 IP's, since you are overloading all 65535 ports will have to be exhausted before next ip from the pool is taken.

0 Helpful

Deepak Suryavanshi
Level 1
Level 1
In response to Varun Uniyal

‎01-20-2011 07:14 AM

Varun,

The nat translation is forming perfectly fine only problem is it's a one to one nat.

If I specify only one ip in the nat pool then only one system from the lan can access the internet. For that reason I had added a pool of 11 ip addresses.

Please guide me how can I configure so that only one ip is used and not the whole pool

0 Helpful

Varun Uniyal
Level 1
Level 1

‎01-20-2011 07:19 AM

use only a singel ip in the pool and overload on it...you will still need to make sure the upstream devie has a route back for the pool ip.

ip nat pool test-Nat-Pool x.x.x.34 x.x.x.34 netmask 255.255.255.240

ip nat inside source list 1 pool test-Nat-Pool overload

The upstream device across s0/1/0:0 should have a route for x.x.x.34

0 Helpful

Deepak Suryavanshi
Level 1
Level 1
In response to Varun Uniyal

‎01-20-2011 08:04 PM

Varun,

Thanks for your inputs

I had configured exactly the way you have mentioned except the overload part.

However even after adding the overload it is still one to one nat below is the output of sh ip nat statistics. How can I fix this ?

Total active translations: 114 (0 static, 114 dynamic; 114 extended)

Outside interfaces:

Serial0/1/0:0

Inside interfaces:

FastEthernet0/1

Hits: 12838 Misses: 544

CEF Translated packets: 12375, CEF Punted packets: 2004

Expired translations: 463

Dynamic mappings:

-- Inside Source

access-list 1 pool test-Nat-Pool refcount 114

pool test-Nat-Pool: netmask 255.255.255.240

start X.X.X.34 end X.X.X.46

type generic, total addresses 13, allocated 1 (7%), misses 0

0 Helpful

Varun Uniyal
Level 1
Level 1
In response to Deepak Suryavanshi

‎01-20-2011 08:41 PM

It says :

Total active translations: 114 ??

Difficult  to believe they are one-to-one even after you've overloaded on a single ip.

Try the overload config suggested earlier and send me the following :

a) sh run | i ip nat

b) sh ip nat translation

c) sh ver

0 Helpful

Deepak Suryavanshi
Level 1
Level 1
In response to Varun Uniyal

‎01-20-2011 10:24 PM

Sorry Varun my mistake you solution definitely worked.

I can see more the one translations in sh ip nat translations

I was just looking at the statistics where the output was

"type generic, total addresses 13, allocated 1 (7%), misses 0"

So I thought allocated 1 means only one translation is happening.

Any way thanks for you support my problem is solved.

0 Helpful

Varun Uniyal
Level 1
Level 1
In response to Deepak Suryavanshi

‎01-20-2011 11:14 PM

Glad to be of help.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card