Nat/Pat Configuration help
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-19-2011 11:39 PM - edited 03-04-2019 11:09 AM
Dear Experts,
I have recently configured a router 2800 series for 2Mbps of Internet connections. E1 is directly terminated on the 2800
There are approx 20 + users on a remote site.
I am trying to configure a PAT so that all the lan users can access the internet.
Currently I have configured a NAT POOL and it is a one to one nat.
below is my config.
My question is how can I configure a PAT so that only one ip address will be used instead of assigning a pool.
Because if the users increase on site the POOL will be exausted.
I tried source list # ip nat inside source list 101 interface serial 0/1/0:0 overload however it does not work and none of the users are able to access internet.
when I run the command sh ip int brief I can see FA0/0 protocol is down can any one please help me weather the config is correct.
Test#sh ip int brief
Interface IP-Address OK? Method Status Prot
ocol
FastEthernet0/0 X.X.X.33 YES NVRAM up down
FastEthernet0/1 192.168.96.1 YES NVRAM up up
Serial0/0/0 unassigned YES NVRAM down down
Serial0/0/1 unassigned YES NVRAM administratively down down
Serial0/1/0:0 X.X.X.33 YES TFTP up up
Config_____________________
Current configuration : 1869 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname test
!
boot-start-marker
boot-end-marker
!
no logging buffered
!
no aaa new-model
!
resource policy
!
no network-clock-participate wic 1
ip subnet-zero
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.96.1 192.168.96.14
!
ip dhcp pool test
network 192.168.96.0 255.255.255.0
domain-name test.com
default-router 192.168.96.1
dns-server X.X.X.X
lease 8
!
!
ip name-server X.x.x.x
ip name-server X.X.X.X
no ftp-server write-enable
!
username XXXXXX privilege 15 secret 5 $1$9rpI$NoasdfsdfsaJy58SMEXP1
!
!
controller E1 0/1/0
framing NO-CRC4
clock source internal
channel-group 0 timeslots 1-31
!
!
interface FastEthernet0/0
description $ETH-WAN$
ip address x.x.x.33 255.255.255.240
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.96.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
clockrate 2000000
!
interface Serial0/0/1
no ip address
shutdown
clockrate 2000000
!
interface Serial0/1/0:0
ip unnumbered FastEthernet0/0
ip nat outside
!
interface BRI1/0
no ip address
shutdown
!
interface BRI1/1
no ip address
shutdown
!
interface BRI1/2
no ip address
shutdown
!
interface BRI1/3
no ip address
shutdown
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/1/0:0
!
ip http server
ip nat pool test-Nat-Pool x.x.x.34 x.x.x.44 netmask 255.255.255.240
ip nat inside source list 1 pool test-Nat-Pool
!
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.96.0 0.0.0.255
access-list 101 remark SDM_ACL Category=16
access-list 101 permit ip any any
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
login local
!
scheduler allocate 20000 1000
!
end
- Labels:
-
Other Routing
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-20-2011 01:53 AM
configure" ip nat outside" at fa0/0 i/f that is going to WAN
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-20-2011 04:15 AM
Thanks for the reply
S0/1/0:0 is unnumbered with Fa0/0, Fa0/0 does not have any physical connection.
The internet link is directly terminated on E01/10 on Cisco 2800.
S0/1/0:0 is a virtual interface(correct me if I am wrong)
My question is will the ip nat outside work on an interface which does not have any connection?
Regards
Deepak
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-20-2011 06:09 AM
Hi Deepak,
"ip nat outside" command's don't work in this case. Sorry i don't understand what do you want?
hth
Muammmer
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-20-2011 06:21 AM
So what kind of configuration should I follow Please help
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-20-2011 06:44 AM
since your default route is pointing out to s0/1/0:0 the packet will be sent out of that interface with an IP from the pool x.x.x.34 x.x.x.44.
Now the question is if the upstream device across s0/1/0:0 has a route for the pool ip's
you can always do a "sh ip nat translations" to check if the NAT translations are forming properly,
If nat is fine add a route on the upstream device for the NAT pool or atleast the inside global ip (as seen in sh ip nat translation)
If you are overloading on the s0/1/0:0 interface add a route on upstream device for x.x.x.33.
BTW you don't need a pool of 10 IP's, since you are overloading all 65535 ports will have to be exhausted before next ip from the pool is taken.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-20-2011 07:14 AM
Varun,
The nat translation is forming perfectly fine only problem is it's a one to one nat.
If I specify only one ip in the nat pool then only one system from the lan can access the internet. For that reason I had added a pool of 11 ip addresses.
Please guide me how can I configure so that only one ip is used and not the whole pool
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-20-2011 07:19 AM
use only a singel ip in the pool and overload on it...you will still need to make sure the upstream devie has a route back for the pool ip.
ip nat pool test-Nat-Pool x.x.x.34 x.x.x.34 netmask 255.255.255.240
ip nat inside source list 1 pool test-Nat-Pool overload
The upstream device across s0/1/0:0 should have a route for x.x.x.34
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-20-2011 08:04 PM
Varun,
Thanks for your inputs
I had configured exactly the way you have mentioned except the overload part.
However even after adding the overload it is still one to one nat below is the output of sh ip nat statistics. How can I fix this ?
Total active translations: 114 (0 static, 114 dynamic; 114 extended)
Outside interfaces:
Serial0/1/0:0
Inside interfaces:
FastEthernet0/1
Hits: 12838 Misses: 544
CEF Translated packets: 12375, CEF Punted packets: 2004
Expired translations: 463
Dynamic mappings:
-- Inside Source
access-list 1 pool test-Nat-Pool refcount 114
pool test-Nat-Pool: netmask 255.255.255.240
start X.X.X.34 end X.X.X.46
type generic, total addresses 13, allocated 1 (7%), misses 0
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-20-2011 08:41 PM
It says :
Total active translations: 114 ??
Difficult to believe they are one-to-one even after you've overloaded on a single ip.
Try the overload config suggested earlier and send me the following :
a) sh run | i ip nat
b) sh ip nat translation
c) sh ver
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-20-2011 10:24 PM
Sorry Varun my mistake you solution definitely worked.
I can see more the one translations in sh ip nat translations
I was just looking at the statistics where the output was
"type generic, total addresses 13, allocated 1 (7%), misses 0"
So I thought allocated 1 means only one translation is happening.
Any way thanks for you support my problem is solved.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-20-2011 11:14 PM
Glad to be of help.
