Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
923
Views
25
Helpful
4
Replies

PAT issues on a Cisco 2901

Go to solution
JesseSinclair
Level 1
Level 1

‎02-21-2021 01:43 PM

Hello community, I've been having some difficulties setting up PAT on my 2901 with an otherwise basic configuration.

I've implemented all the required steps for PAT as far as I can tell, there has to be some detail that I'm missing. I configured my inside and outside interfaces, set up the access list for my only subnet as of current and I've linked my ACL to the my outside interface but nothing is being translated, nothing at all is being generated in the nat translation table. Router can ping hosts on the internet and the PC, PC can ping the router but not a host on the internet.

 

As far as I can tell, the only things that would cause this would be if I've incorrectly configured NAT or if my router isn't set up to facilitate traffic to the internet. Ive got a permit ip any any at the end of my WAN acl and I dont have an ACL on my inside port so I don't think its that. Am I maybe missing a routing table entry? 

 

Any insight would be appreciated. I'll paste my running config below. I'll be able to provide any other relevant information.

 

2901#show run    
Building configuration...

Current configuration : 1862 bytes
!
! Last configuration change at 21:09:42 UTC Sun Feb 21 2021 by jesse
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname 2901
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 [redacted]
!
no aaa new-model
!
!
!
!
!
!
!
!
!
!
!
ip dhcp excluded-address 10.0.0.1 10.0.0.64
!
ip dhcp pool DHCP
 network 10.0.0.0 255.255.255.0
 default-router 10.0.0.1 
!
!
!
ip domain name home.lab
ip cef    
login block-for 10 attempts 5 within 20
login delay 10
login on-failure log
login on-success log
no ipv6 cef
!         
multilink bundle-name authenticated
!         
!         
cts logging verbose
!         
!         
license udi pid CISCO2901/K9 sn FTX143801Q8
!         
!         
username jesse privilege 15 secret 5 [redacted]
!         
redundancy
!         
!         
!         
!         
lldp run  
!         
!         
!         
!         
!         
!         
!         
!         
!         
!         
!         
interface Embedded-Service-Engine0/0
 no ip address
 shutdown 
!         
interface GigabitEthernet0/0
 ip address dhcp
 ip access-group WAN in
 ip access-group WAN out
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto
 no lldp transmit
 no cdp enable
!         
interface GigabitEthernet0/1
 ip address 10.0.0.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
 duplex auto
 speed auto
!         
ip forward-protocol nd
!         
no ip http server
no ip http secure-server
!         
ip nat source list NAT interface GigabitEthernet0/0 overload
ip ssh version 2
!         
ip access-list standard NAT
 permit 10.0.0.0 0.0.0.255
!         
ip access-list extended WAN
 deny   tcp any any eq 22
 permit ip any any
!         
!         
!         
!         
control-plane
!         
!         
!         
line con 0
 logging synchronous
 login local
line aux 0
line 2    
 no activation-character
 no exec  
 transport preferred none
 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line vty 0 4
 exec-timeout 15 0
 logging synchronous
 login local
 transport input ssh
!         
scheduler allocate 20000 1000
!         
end
Labels:
1 Accepted Solution

Accepted Solutions

Go to solution
paul driver
VIP
VIP

‎02-21-2021 02:57 PM - edited ‎02-21-2021 03:01 PM

Hello
Change to the following and test again...

Ip nat inside source list NAT  .........


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

4 Replies 4

Go to solution
paul driver
VIP
VIP

‎02-21-2021 02:57 PM - edited ‎02-21-2021 03:01 PM

Hello
Change to the following and test again...

Ip nat inside source list NAT  .........


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Go to solution
JesseSinclair
Level 1
Level 1
In response to paul driver

‎02-21-2021 03:10 PM

Ha, amateur move. Won't make that mistake again, thanks Paul. Marked as solution.

0 Helpful

Go to solution
Georg Pauwen
VIP
VIP

‎02-21-2021 03:11 PM - edited ‎02-21-2021 03:15 PM

Hello,

 

in addition to Paul's post, make the changes marked in bold:

 

2901#show run
Building configuration...

Current configuration : 1862 bytes
!
! Last configuration change at 21:09:42 UTC Sun Feb 21 2021 by jesse
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname 2901
!
boot-start-marker
boot-end-marker
!
enable secret 5 [redacted]
!
no aaa new-model
!
ip dhcp excluded-address 10.0.0.1 10.0.0.64
!
ip dhcp pool DHCP
network 10.0.0.0 255.255.255.0
default-router 10.0.0.1
--> dns server 8.8.8.8 8.8.4.4
!
ip domain name home.lab
ip cef
login block-for 10 attempts 5 within 20
login delay 10
login on-failure log
login on-success log
no ipv6 cef
!
multilink bundle-name authenticated
!
cts logging verbose
!
license udi pid CISCO2901/K9 sn FTX143801Q8
!
username jesse privilege 15 secret 5 [redacted]
!
redundancy
!
lldp run
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
ip address dhcp
ip access-group WAN in
ip access-group WAN out
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
no lldp transmit
no cdp enable
!
interface GigabitEthernet0/1
ip address 10.0.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
--> ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 dhcp
!
--> ip nat inside source list NAT interface GigabitEthernet0/0 overload
!
ip ssh version 2
!
ip access-list standard NAT
permit 10.0.0.0 0.0.0.255
!
ip access-list extended WAN
deny tcp any any eq 22
permit ip any any
!
control-plane
!
line con 0
logging synchronous
login local
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
exec-timeout 15 0
logging synchronous
login local
transport input ssh
!
scheduler allocate 20000 1000
!
end

Go to solution
JesseSinclair
Level 1
Level 1
In response to Georg Pauwen

‎02-21-2021 04:26 PM - edited ‎02-21-2021 06:57 PM

Hey Georg, I really appreciate that, adding a DNS was the thing I did right after I resolved this issue. I appreciate the tip for the default route, wasnt sure how to do it with DHCP. ill be sure to use that as well.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card