Solved: Router 881 nat problem

umk_bilejspa · ‎11-23-2012

I have router 881. I prepare simply configuration with two vlan and one of them is DMZ with www server. Everything look all right with one exception. NAT not work at all. I have no entry when i type command sh ip nat translation. I try configure NAT in several ways (pools, static, one host, whole network, only one network, separate acl for networks itd.) there is no change. NAT still not work and sh ip nat trans show nothing. My config look's that:

interface FastEthernet0

description Lan

switchport access vlan 2

no ip address

!

interface FastEthernet1

description lan

switchport access vlan 2

no ip address

!

interface FastEthernet2

description lan

switchport access vlan 2

no ip address

!

interface FastEthernet3

description dmz

switchport access vlan 6

no ip address

!

interface FastEthernet4

description WAN$FW_OUTSIDE$

ip address X.X.X.X X.X.X.X

ip access-group 105 in

ip nat outside

ip virtual-reassembly in

ip verify unicast reverse-path

duplex auto

speed auto

interface Vlan2

description LAN$FW_INSIDE$

ip address 192.168.1.1 255.255.255.0

ip access-group 103 in

ip nat inside

ip inspect CCP_LOW in

ip virtual-reassembly in

!

interface Vlan6

description DMZ$FW_DMZ$

ip address 192.168.2.1 255.255.255.0

ip access-group 104 in

ip nat inside

ip inspect dmzinspect out

ip virtual-reassembly in

ip nat inside source list 2 interface FastEthernet4 overload

ip nat inside source static tcp 192.168.2.17 80 interface FastEthernet4 80

ip route 0.0.0.0 0.0.0.0 FastEthernet4

access-list 2 permit 192.168.1.0 0.0.0.255

Can anyone help me resolv this problem ?

ROM: System Bootstrap, Version 12.4(22r)YB5, RELEASE SOFTWARE (fc1)

Cisco 881-K9

cadet alain · ‎11-26-2012

Hi,

Could you try changing your default route to point to next hop instead of outgoing interface.

Regards.

Alain

Don't forget to rate helpful posts.

View solution in original post

paolo bevilacqua · ‎11-23-2012

Wrong forum, post in "infrastructure - WAN and routing". You can move your post using the actions panel on the right.

Daniele Giordano · ‎11-23-2012

How are defined ACL 103, 104, 105? Can stop traffic before it reaches NAT engine?

Try to remove ACL and inspect.

Regards.

umk_bilejspa · ‎11-25-2012

I already try that. I remove all ACL and inspect, left only basic configuration on interfaces and NAT configuration - same result NAT still not work. I try to find some solutions on Internet, and I find that some of users 881 have similar NAT problems. I don't know, maybe IOS bug ?

siddiqirf · ‎11-26-2012

have you advertised the default route into your local network? make sure that your local machines on your LAN are causing the router to hit the NAT

umk_bilejspa · ‎11-26-2012

I configured DHCP for vlan 2 serwer on this router:

ip dhcp pool LAN

network 192.168.1.0 255.255.255.0

default-router 192.168.1.1

dns-server X.X.X.X

In Vlan 6 i have only one host so I'm used static address

cadet alain · ‎11-26-2012

Hi,

Have you tried changing the default route as I suggested ? What do you mean with everything looks alright?

Can you ping 8.8.8.8 from the router ?

Regards.

Alain

Don't forget to rate helpful posts.

cadet alain · ‎11-26-2012

Hi,

Could you try changing your default route to point to next hop instead of outgoing interface.

Regards.

Alain

Don't forget to rate helpful posts.

umk_bilejspa · ‎11-26-2012

I don't have access to the router right now, I try change default route asp and I give you update. I have this router in other localization so I can't change config before wednesday.

"everything looks alright" - means that all other things work perfectly - DHCP, ping to interfaces and other hosts, all network functionality eg. network shares, printing, RDP,...).

umk_bilejspa · ‎11-30-2012

I change default route from fa4 to nex hop and that was solution to my problem.

THX.