Ok i have removed all static routes and default routes and my network seems to be functioning properly now,iv included the updated packet tracer file.thanks for all your help Alain.

ok

1) put a static default on ISP: ip route 0.0.0.0 0.0.0.0 172.16.85.89

2) redistribute connected into OSPF on R1:

  router os 1

  redistribute conn subnets

3) create an ACL for NAT overload:

    access-list 1 permit 172.16.85.0 0.0.0.63

    access-list 1 permit 172.16.85.64 0.0.0.15

4) enable nat on R1: outside is s1/4 all other serials are inside

5) NAT overload: ip nat inside source list 1 interface s1/4 overload

6) static NAT for web server: ip nat inside source static tcp 172.16.85.86 80 172.16.85.89 80

Regards.

Alain.

Thanks so much for all the help guys its much appreciated, so far what iv done is given the s0/0/0 interface on my isp router the ip 199.1.1.37 and added a default route of 0.0.0.0.0.0.0.0 17.16.85.89. should i configure the other serial interface on the isp router with the spare .38 address? Looking at your replies i dont see the public address pool i was given anywhere,where does this come in? Im learning this as i go along so sorry if im asking dumb questions.

houserocka1 wrote:
Thanks so much for all the help guys its much appreciated, so far what iv done is given the s0/0/0 interface on my isp router the ip 199.1.1.37 and added a default route of 0.0.0.0.0.0.0.0 17.16.85.89. should i configure the other serial interface on the isp router with the spare .38 address? Looking at your replies i dont see the public address pool i was given anywhere,where does this come in? Im learning this as i go along so sorry if im asking dumb questions. 

You can't have 199.1.1.37 on your WAN interface and then use 172.16.85.89 as the default-route. Perhaps i am misunderstanding but if your ISP allocated you 199.1.1.36/30 then this is for the connection between your router and theirs. When they allocated that address range they should have told you which address they were using and which one they use.

As for the public pool that was included in my last thread eg. if you wanted to present a web server on your network to the internet -

ip nat inside source static 10.1.1.20 195.100.190.1

the above would allow people on the internet to access your web server using 195.100.190.1 as the destination IP. Your router would then translate this to the real address of 10.1.1.20.

If you don't have any servers you need to give access to from the internet then you don't need to use any of the pool assigned to you. Note you still need the bit i i included in previous post for outbound internet access.

Jon

No your right Jon thats my fault, i originaly had 2 private addresses between isp and r1 i forgot to change r1,its been rectified now.Im still very confused over this though,i mean i dont see where the public address pool of 195.100.190.0/24 is being mapped to my internal network, do i not need to use the ip nat pool public-access command somewhere.forgive me if im testing your patience but this is all very new to me.

ok i have included an updated file,with some nat  work done the way i have been reading about in the ccna lab manual,i am getting an inside global and inside local address translation but no outside global or local translation.I need them to be translating to the public class c licence pool of address i was given by the isp,it seems the way i have beeen shown in the posts above is done by using PAT which is translating all address to the one IP,that of the ISP s0/0/0 interface.i have included 2 files this time, the first, named wan nat, is the method iv been trying, the second is the way that was suggested to me,what i need is for the internal network to be translating into the public class c licensce pool of address i have but neither method is doing this,how can i get this to work,its been two days now and im no closer to figuring it out despite all my reading.thanks again guys

Firstly, your'e not testing my patience so no need to apologise 

Unfortunately i can't read packet tracer files but i'll try and explain how this works.

When you get an internet connection from an ISP often you get 2 address ranges -

1) the first is for the connection between your device and the ISP - that is what the 199.x.x.x/30 addresses are for.

2) the second is for you to use, not to assign to internal hosts as they usually use private addressing but for access from the internet to a subset of these hosts.

So you then want to do 2 things usually -

1) allow your internal hosts to access the internet. Easiest and commonest way to do this is simply to PAT all your host addresses to the outside interface address of your router. you do this as i described in my previous thread.

2) the pool that you have also been allocated is for you to present internal servers (because you can't route to private addressing across the internet) as public IP addresses so people on the internet can access these servers.

Now, if you don't have any servers that need to be accessed from the internet then you don't need to use this pool. If you do have a server or servers though you can use addressing from the public pool. Again you can see an example of how to do this in my last post. The mapping as you call it is the NAT statement eg,

ip nat inside source static 10.1.1.10 195.100.190.3

maps the private IP of 10.1.1.10 to the public IP of 195.100.190.3

For this to work the IP pool of 195.100.190.0/24 must be routed to the WAN interface of your router by the ISP. So if someone on the internet tries to connect to 195.100.190.3 then the packet must be routed from the internet to the WAN interface of your router. That is the job of your ISP. Then your router translates that address to the real address of 10.1.1.10 and forwards the traffic to the internal server.

That is how the pool assigned to you by the ISP is used.

Jon

Hi Jon,

Thanks for the reply you explained it well to me, couple of things though,ill write out what it says in my scenario exactly.

1.Configure NAT on R1 to translate between private and public addresses.You have been allocated one public class C licence (195.100.190.0/24). This is not sufficient for complete internal addressing so the internal network must use Private Addresses.The public license will be used for NAT mappings. The ISP WAN that connects to the customer site uses network address 199.1.1.36/30 and for the ISPs Loopback port uses IP address 126.0.0.1/8.

The web server hosts the  enterprise web business and therefore must have a fixed address assignment. i have done this the way you showed me giving it the static nat address and im getting an inside global address from the pool of 195.100.190.0/24

2.Configure a default route to the ISP on R1 and propagate it through the network via the routing  advertisements. Configure a static route from the ISP to the customer site and  remember the  public/private NAT conversion when implementing this.I have configured a default route but im not sure how the nat conversion affects this.

3.Verify NAT mappings at this point and connectivity to the Loopback port of the ISP.I have no connectivity to my loopback interface of 126.0.0.1, i cant ping it from anywhere.

I guess what im saying is do i have to use PAT as nowhere in the scenario does it say use PAT.Currently in my setup im not getting an outside global or local address and i should be right?.Iv posted my router config of r1,if you or anyone else can take a look and see what i have done that would be great.I want my inside private addresses to be translating to outside public addresses as they go out on the internet.

interfaceSerial1/4  ip address 199.1.1.38 255.255.255.252

ip nat outside

!

router ospf 1

log-adjacency-changes

redistribute connected subnets

network 172.16.85.96 0.0.0.3 area 0

network 172.16.85.92 0.0.0.3 area 0

network 172.16.85.100 0.0.0.3 area 0

!

ip nat pool public-access 195.100.190.1 195.100.190.240 netmask 255.255.255.0

ip nat inside source list 1 pool public-access

ip nat inside source static 172.16.85.86 195.100.190.241

ip classless

ip route 0.0.0.0 0.0.0.0 199.1.1.37

!

!

access-list 1 permit 172.16.85.0 0.0.0.31

access-list 1 permit 172.16.85.32 0.0.0.31

! !

!

banner motd ^CUnauthorized access strictly prohibited and prosecuted to the full extent of the law^^C

line con 0

exec-timeout 0 0

logging synchronous

line vty 0 4

login

!

!

end .

Also here are my NAT statistics.

r1#show ip nat translations

Pro  Inside global         Inside local       Outside local      Outside global

---   195.100.190.241   172.16.85.86         ---                         ---

r1#show ip nat translations

Pro  Inside global     Inside local       Outside local      Outside global

---  195.100.190.1     172.16.85.2        ---                ---

---  195.100.190.241   172.16.85.86       ---                ---

r1#show ip nat statistics

Total translations: 2 (1 static, 1 dynamic, 0 extended)

Outside Interfaces: Serial1/4

Inside Interfaces: Serial1/0 , Serial1/2 , Serial1/3

Hits: 7  Misses: 45 Expired translations: 0

Dynamic mappings:

-- Inside Source

access-list 1 pool public-access refCount 1

pool public-access: netmask 255.255.255.0

     start 195.100.190.1 end 195.100.190.240        type generic, total addresses 240 , allocated 1 (0%), misses 0

r1#

Hi Alain, i havent changed any ip addresses i dont think,im using the ones i started out with.Yes its the nat configuration i dont understand, i am supposed to translate the public addresses into private addresses but am not sure how to go about doing it,im learning it as i go along but im unsure where to start.I presume the the public addresses coming in from the isp router must be translated at r1 and then sent around the network but dont know how to do it,im reading up on it as we speak.

also if you look at my file, i had a private address on one of the isp router interfaces that joins isp to r1,i haave since put the public address 199.1.1.36/30 on it,is this correct.

If your ISP has given you 199.1.1.36/30 then this provides 2 addresses ie. 199.1.1.37 & 38.

If your ISP is using .138 then you would assign 199.1.1.37 to your WAN interface. You would also then add a default-route pointing to .138 ie.

ip route 0.0.0.0 0.0.0.0 199.1.1.38

then on your LAN interface

int

ip nat inside

WAN interface

int

ip nat outside

for LAN access to internet -

access-list 101 permit ip 10.1.1.0 0.0.0.255 any  <-- assuming your LAN addresses are 10.1.1.x

ip nat inside source list 101 interface overload    <-- where is your WAN interface

for presenting internal addresses to the internet eg. lets say you have a webserver on 10.1.1.20  and a spare public IP of 199.10.10.2

ip nat inside source static 10.1.1.20 199.10.10.2

Jon