06-19-2015 02:02 AM - edited 03-05-2019 01:41 AM
Hi guys,
Sorry for such a lame post, its been years since I've had to configure a Cisco device.
I have an Ethernet internet connection presented to me that i'd like to test. I have a useable public address for that connection. I want to connect an old 1841 to it.
I want FE0/0 to have the public IP (and hence the gateway to the interweb)
I want FE0/1 to have an internal IP, and the 1841 to dole out DHCP.
So basically I want all internet traffic to go out via FE0/0.
This is where I've got to, but no joy. I suspect NAT is my issue, its been my arch enemy.
Can you point out where i'm going wrong?
Thanks!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Mary_Celeste
!
boot-start-marker
boot-end-marker
!
enable secret 5 blablabla
!
no aaa new-model
!
resource policy
!
ip cef
!
!
ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.250 255.255.255.0
!
ip dhcp pool DHCP
network 192.168.1.0 255.255.255.0
dns-server 194.150.201.22
lease 2
!
!
!
!
controller E1 0/0/0
!
!
interface FastEthernet0/0
ip address 188.111.222.33 255.255.255.224
ip nat outside
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.1.250 255.255.255.0
ip nat inside
duplex auto
speed auto
!
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
!
no ip http server
ip nat pool NAT 192.168.1.0 192.168.1.100 netmask 255.255.255.0
ip nat outside source list 1 pool NAT add-route
!
disable-eadi
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
login
!
scheduler allocate 20000 1000
end
Solved! Go to Solution.
06-19-2015 05:41 AM
If that is your public IP can you blank out the middle octets eg. 188.x.x.33 as this is a public forum.
That aside not sure what the NAT pool is for but for a basic configuration -
1) remove your current NAT configuration
2) add this configuration -
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
ip nat inside source list 101 interface fa0/0 overload
Jon
06-19-2015 05:41 AM
If that is your public IP can you blank out the middle octets eg. 188.x.x.33 as this is a public forum.
That aside not sure what the NAT pool is for but for a basic configuration -
1) remove your current NAT configuration
2) add this configuration -
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
ip nat inside source list 101 interface fa0/0 overload
Jon
06-19-2015 06:27 AM
Jon is quite right that the NAT pool as configured will not work because it would attempt to translate the private address into a private address (and in the same subnet range).
Aside from the NAT issue there may be another aspect to consider which is the default route
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
At best it is not a good practice and it is quite possible that this default route could cause failure to access the Internet. The issue is that when a static route points just to the exit interface (and the interface is Ethernet) then the router must ARP for every destination address. And it will work only if the next hop router has enabled proxy arp. If the next hop does not enable proxy arp (and increasingly providers are not enabling proxy arp because of security concerns) then the router can not access the Internet. So it would be much better if the default route specified the next hop address rather than just the exit interface.
HTH
Rick
06-19-2015 06:37 AM
OK Richard i'll alter that thanks
06-19-2015 06:36 AM
Hi Jon - yep I made that public IP range up.
cheers for the reply i'll give those a go
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide