Can't correctly implement NAT on 1900 series router

oudouz · ‎10-08-2023

Hi, I'm replacing my small office D-link router with a Cisco 1900 series. I can't replicate the configuration, where I need to use NAT (my knowledge is basic). The setup is (I'll use different IP addresses, but they're similar):

One LAN interface plugged to the LAN switch (local network is 192.168.1.0/24)
One WAN interface plugged to corporate network (WAN interface is 192.168.20.146, and gateway should be 192.168.20.145

The current state is that :

From my local PC:
- I can ping the 192.168.1.1, 192.168.20.146 and also the 192.168.20.145
- I CAN'T reach any external internet IP addresses such as 1.1.1.1 or 8.8.8.8
From the 1900 series router:
- I can ping 192.168.20.145
- I can't ping any external internet IP addresses such as 1.1.1.1 or 8.8.8.8

Here's the current config :

interface GigabitEthernet0/0
description TO_RMS
ip address 192.168.20.146 255.255.255.248 ### WAN facing interface
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
description TO_LAN_ELDJAMILA
ip address 192.168.1.1 255.255.255.0 ### LAN facing interface
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
ip forward-protocol nd
!
ip http server
no ip http secure-server
!
ip nat pool LAN_ELDJAMILA 192.168.1.1 192.168.1.254 netmask 255.255.255.0 ### LAN addresses pool
ip nat inside source list 41 interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 192.168.20.145 ### next hop
!
access-list 41 permit 192.168.1.0 0.0.0.255
!
control-plane
!
end

I'm not sure what the issue is, HELP ! Thank you ladies and gentlemen

balaji.bandi · ‎10-08-2023

that is straight forward setup and that should work.

you do not need below nat pool config

ip nat pool LAN_ELDJAMILA 192.168.1.1 192.168.1.254 netmask 255.255.255.0 ### LAN addresses pool

so remove

no ip nat pool LAN_ELDJAMILA 192.168.1.1 192.168.1.254 netmask 255.255.255.0 ### LAN addresses pool

Questions :

1. what IOS code running ? (show version)

2. from what device you try to ping 1.1.1.1 or 8.8.8.8 (from the router ?)

3.

#show ip nat translations
#show ip nat statistics
#show ip route

#show ip cef

Run Debug :
debug ip nat

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

M02@rt37 · ‎10-08-2023

Hello @oudouz

Do you use DHCP on PC ? If yes, which equipement act as DHCP server ? Does PC receive IP/Mask ?

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

Richard Burts · ‎10-08-2023

I agree with BB that the config is fairly straightforward and seems it should work. I am wondering if the issue is with the upstream device. Is that upstream device expecting to receive traffic from 192.168.20.144 subnet?

Based on this "from the 1900 I can't ping any external internet IP addresses such as 1.1.1.1 or 8.8.8.8" I am guessing that the upstream is not correctly processing that traffic.

HTH

Rick