Need Help With NAT 2811 Router

OwenB · ‎03-13-2019

I am currently trying to configure NAT for a network that needs a 192.168.x.x private for a dhcp server and a few other VMs and I don't want it to leak out into the 10.10.x.x network. I need almost all machines in the 192.168.x.x to have internet connectivity and the gateway is on the 10.10.x.x. I have followed a few guides including the Cisco official NAT guide, I can ping all 10.10.x.x with my current config but can't ping in or get any sort of internet access. Here is my current config.

hostname owenrouter
!
boot-start-marker
boot-end-marker
!
enable password airsoft11
!
no aaa new-model
!
!
!
!
dot11 syslog
ip source-route
!
!
ip cef
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
!
!
!
license udi pid CISCO2811 sn FTX1303A02C
!
redundancy
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 10.10.150.150 255.255.0.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
!
interface FastEthernet0/1
ip address 192.168.150.150 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
!
interface Serial0/0/0
no ip address
shutdown
clock rate 2000000
!
!
interface Serial0/0/1
no ip address
shutdown
clock rate 2000000
!
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source list 100 interface FastEthernet0/0 overload
!
access-list 100 permit ip any any
!
!
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line vty 0 4
login
!
scheduler allocate 20000 1000
end

Seb Rupik · ‎03-13-2019

If you devices in the 192.168.150.0/24 subnet can ping other devices in the outside subnet 10.10.0.0/16 then this shows NAT on the 2811 is working as intended.

You appear to be lacking a default route, which is preventing your NAT'd traffic from being routed off-subnet. Install a static route for the 10.10.0.0/8 subnet gateway and it will probably start working.

cheers,

Seb.

paul driver · ‎03-13-2019

Hello

no access-list 100

access-list 100 permit ip 192.168.50.0 0.0.0.255 any

ip route 0.0.0.0 0.0.0.0 fa0/0 10.10.x.x

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Jaderson Pessoa · ‎03-13-2019

Hello,

Your current configuration doesn't has a default route.

try it:
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0 (is best practice input the ip address as destination).

Regards

Jaderson Pessoa
*** Rate All Helpful Responses ***

Jaderson Pessoa · ‎03-13-2019

Hello,
Your current configuration doesn't has a default route.

try it:
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0 (is best practice input the ip address as destination).

Regards

Jaderson Pessoa
*** Rate All Helpful Responses ***

Deepak Kumar · ‎03-13-2019

Hi,

As all configuration looking ok but you are missing a default route configuration.

ip route 0.0.0.0 0.0.0.0 FastEthernet0/0

Note: As a best practice, we are choosing remote end IP address (ISP modem/ISP Gateway) instead of an interface but We don't you have any such information about your ISP devices so we are given example with an outside interface and it's ID.

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!