Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
613
Views
0
Helpful
4
Replies

PAT not working on Cisco 1921 with LTE card.

Xividar
Level 1
Level 1

‎02-13-2018 09:38 AM - edited ‎03-05-2019 09:55 AM

Hi Guys,

I am trying to get PAT working on a 1921 with an LTE card (SIM from my provider). The router is up, LTE is up, and I can ICMP 8.8.8.8 from the router. If i try and connect with my laptop however, absolutely zilch, and also 0 hits on my NAT stats. I have tried using a Route-Map, regular ACL and Extended ACL, but I just can't figure it out.

 

version 15.7
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname R1-4G-EDGE
!
boot-start-marker
boot system flash:c1900-universalk9-mz.SPA.157-3.M1.bin
boot-end-marker
!
!
no logging console
!
no aaa new-model
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!


!
ip dhcp excluded-address 192.168.200.0 192.168.200.9
!
ip dhcp pool Local-Pool
network 192.168.200.0 255.255.255.0
default-router 192.168.200.1
dns-server 8.8.4.4
lease 60
!
!
!
ip domain name R1-4G-EDGE
ip name-server 8.8.8.8
ip name-server 8.8.4.4
ip cef
no ipv6 cef
multilink bundle-name authenticated
!
!
chat-script lte "" "AT!CALL" TIMEOUT 60 "OK"
!
!
license udi pid CISCO1921/K9 sn FCZ173991GP
!
!
!
redundancy
!
!
controller Cellular 0/0
lte sim data-profile 1 attach-profile 1
lte modem link-recovery rssi onset-threshold -110
lte modem link-recovery monitor-timer 20
lte modem link-recovery wait-timer 10
lte modem link-recovery debounce-count 6
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description Link to Internal LAN
ip address 192.168.200.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Cellular0/0/0
no ip address
ip nat outside
ip virtual-reassembly in
encapsulation slip
load-interval 60
dialer in-band
dialer pool-member 1
dialer idle-timeout 0
dialer-group 1
async mode interactive
!
interface Cellular0/0/1
no ip address
encapsulation slip
!
interface Dialer0
ip address negotiated
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer idle-timeout 0
dialer string lte
dialer persistent
dialer-group 1
ppp chap hostname *
no cdp enable
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat source route-map INTERNAL-NAT-TO-PAT interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
!
!
ip prefix-list INTERNAL-CLIENT-NAT-TO-PAT seq 5 permit 192.168.200.0/24 le 32
dialer-list 1 protocol ip permit
ipv6 ioam timestamp
!
route-map INTERNAL-NAT-TO-PAT permit 10
match ip address prefix-list INTERNAL-CLIENT-NAT-TO-PAT

 

--

 

Total active translations: 0 (0 static, 0 dynamic; 0 extended)
Peak translations: 0
Outside interfaces:
Cellular0/0/0, Dialer0
Inside interfaces:
GigabitEthernet0/0
Hits: 0 Misses: 0
CEF Translated packets: 0, CEF Punted packets: 0
Expired translations: 0
Dynamic mappings:
-- Outside Destination
[Id: 1] route-map INTERNAL-NAT-TO-PAT interface Dialer0 refcount 0

Total doors: 0
Appl doors: 0
Normal doors: 0
Queued Packets: 0

Thanks.

Labels:
0 Helpful
4 Replies 4

Richard Burts
Hall of Fame
Hall of Fame

‎02-13-2018 09:46 AM

I do not see a reason why you would need a route map for pat. While it does seem that doing pat with a route map should work it is a more complex solution and I believe that usually simple solutions are better. So I would suggest that you change the config for pat to not use the route map but to use a standard access list to permit 192.168.200.0.

 

HTH

 

Rick

HTH

Rick
0 Helpful

Xividar
Level 1
Level 1
In response to Richard Burts

‎02-13-2018 09:54 AM

Hi Richard,

Thank you for your quick reply. I have tried a regular ACL, that was my first port of call, then an Extended, and the RM was really a last resort. Is there technically a reason not to use a RM? Or is that just your personal preference/recommendation?

Thanks a lot! :)

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to Xividar

‎02-13-2018 09:58 AM

You are welcome. I do not know of any technical reason to not use a route map. It is my personal preference to use more simple solutions when there is a choice. If you want to use a route map you may certainly continue to try to get it to work. In that case I suggest that you keep the route map and change the match clause from matching a prefix list to matching a standard access list.

 

HTH

 

Rick

HTH

Rick
0 Helpful

Georg Pauwen
VIP
VIP

‎02-13-2018 11:05 AM

Hello,

 

your inside NAT statement is missing the 'inside' keyword:

 

ip nat source route-map INTERNAL-NAT-TO-PAT interface Dialer0 overload

 

should be:

 

ip nat inside source route-map INTERNAL-NAT-TO-PAT interface Dialer0 overload

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card