2821 NAT Issue

AndrewHaskell · ‎09-20-2013

Hello, I'm setting up a 2821 to act as the primary Router for a network of just over 100 devices. Upstream of this router is a Motorola Canopy serving as the gateway to the ISP's network. I don't have access to the Canopy, but I do know that is is operating simply as a modem and is not performing any routing functions. I have set up the 2821 with the following configuration file and can successfully ping botht the WAN and the LAN from it. However from any of the downstream devices I can only ping within the LAN, all WAN packets timeout. I've looked through many different config files on the internet and can't see what is causing my own to not function properly.

The settings from the ISP are as follows:

-------------------------------------------------------------------------------------------

Public IP: 64.25.148.144

Subnet: 255.255.255.0

Next Hop: 64.25.148.1

DNS Server 1: 64.25.145.12

DNS Server 2: 64.25.146.12

-------------------------------------------------------------------------------------------

Ouput of 'show ip route' :

-------------------------------------------------------------------------------------------

Gateway of last resort is 64.25.148.1 to network 0.0.0.0

64.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

S 64.0.0.0/8 [1/0] via 64.25.148.0

C 64.25.148.0/24 is directly connected, GigabitEthernet0/0

S* 0.0.0.0/0 [1/0] via 64.25.148.1

-------------------------------------------------------------------------------------------

And here is my config file:

-------------------------------------------------------------------------------------------

!

version 12.3

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname CISCO-2821

!

boot-start-marker

boot-end-marker

!

enable secret 5 removed

enable password removed

!

no aaa new-model

!

resource policy

!

voice-card 0

no dspfarm

!

voice-card 1

no dspfarm

!

ip subnet-zero

!

ip cef

no ip dhcp use vrf connected

ip dhcp excluded-address 10.1.10.1 10.1.10.150

ip dhcp excluded-address 10.1.10.251 10.1.10.254

!

ip dhcp pool main

network 10.1.10.0 255.255.255.0

default-router 10.1.10.1

dns-server 64.25.145.12 64.25.146.12

domain-name coth-intranet.local

netbios-node-type b-node

!

ip dhcp pool default

!

ip name-server 64.25.145.12

ip name-server 64.25.146.12

no ip ips deny-action ips-interface

!

no ftp-server write-enable

!

no crypto isakmp ccm

!

interface GigabitEthernet0/0

ip address 64.25.148.144 255.255.255.0

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

no mop enabled

!

interface GigabitEthernet0/1

ip address 10.1.10.1 255.255.255.0

ip broadcast-address 10.1.10.255

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

!

interface Serial0/0/0

no ip address

shutdown

!

ip classless

ip route 0.0.0.0 0.0.0.0 64.25.148.1

ip route 64.0.0.0 255.0.0.0 64.25.148.0 ----On a side note why can't I negate this line with 'no ip route 64.0.0.0 255.0.0.0 64.25.148.0' ?----

!

ip http server

no ip http secure-server

ip nat inside source list 7 interface GigabitEthernet0/0 overload

!

access-list 7 permit 10.1.10.0 0.0.0.254

!

control-plane

!

voice-port 1/0/0

!

voice-port 1/0/1

!

voice-port 1/0/2

!

voice-port 1/0/3

!

voice-port 1/0/4

!

voice-port 1/0/5

!

voice-port 1/0/6

!

voice-port 1/0/7

!

line con 0

line aux 0

line vty 0 4

password removed

login

!

scheduler allocate 20000 1000

!

end

-------------------------------------------------------------------------------------------

AndrewHaskell · ‎09-23-2013

Well, I got this figured out from other sources, Cisco wildcard masks in the lone ACL should have been 0.0.0.255 instead of 0.0.0.254. Typo on my end that I failed to catch.