01-27-2015 04:33 AM - edited 03-07-2019 10:24 PM
Hi all,
Hope I'm not too out of line here. I have Cisco 1841 with software version 12.4. For some reason, nating on dialer interface won't overload. I can only access google and facebook, but not any other site, it will just keep on trying to access the sites. Please see my configuration.
NPCISCO(config)#do sh run
Building configuration...
Current configuration : 1462 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname NPCISCO
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$M.16$/6xrCLI7atrsHS5DaLETh1
!
no aaa new-model
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.146.1 192.168.146.99
!
ip dhcp pool LAN
network 192.168.146.0 255.255.255.0
default-router 192.168.146.3
dns-server 119.82.248.67 119.82.249.10
!
!
ip name-server 119.82.248.67
ip name-server 119.82.249.10
!
!
!
!
interface FastEthernet0/0
no ip address
ip nat outside
duplex auto
speed auto
pppoe enable
pppoe-client dial-pool-number 1
!
interface FastEthernet0/1
ip address 192.168.146.3 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface Dialer1
ip address negotiated
ip nat outside
encapsulation ppp
dialer pool 1
ppp pap sent-username xxxx password 0 xxxx
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
!
no ip http server
ip nat inside source list NAT_ADDRESSES interface Dialer1 overload
!
ip access-list extended NAT_ADDRESSES
permit ip 192.168.146.0 0.0.0.255 any
!
!
control-plane
!
banner motd ^C### Athorized Personnel Only ###^C
!
line con 0
exec-timeout 0 0
password xxxx
logging synchronous
login
line aux 0
line vty 0 5
password xxxx
login
!
end
Any help would be greatly appreciated as I'm learning cisco currently.
Much thanks
Solved! Go to Solution.
01-28-2015 10:23 PM
It seems that you are using a DSL connection connected to fa0/0 although you didn't specify.
If so and you are having issue with some sites and not others as well as a rather slow connection add:
ip mtu 1452
under interface dialer 1 and I suspect your problem may disappear.
you may also need:
ip tcp adjust-mss 1452
01-28-2015 03:24 PM
I am a bit puzzled about your problem. In one part of describing the problem you say that the router does not overload - which I assume means that it does not NAT. But then you say "I can only access google and Facebook". It seems to me that if you can reach Google and Faceboot that the router must be doing NAT.
I have two suggestions, though I am not sure that either of them will solve your problem.
- you have nat outside configured on both the Ethernet interface and the Dialer interface. I am not sure why it is on the Ethernet and suggest that you remove that.
- if you are only testing on source interface then why use an extended access list. I suggest that you change the access list and make it a standard access list.
HTH
Rick
01-29-2015 02:24 AM
Thanks for your suggestions but that didn't work. When I can't get out into the internet first thing come to mind was something wrong with NAT. If I didn't overload NAT, then only 1 person can go out to the internet at least that's my logic. And that it seems what was happening. Anyway, thanks though, Bluestreak's suggestion has solve the problem
01-29-2015 07:49 AM
I am glad to know that you have resolved the problem. Thanks for posting back to the forum and letting us know that the problem turned out to be an issue with MTU.
HTH
Rick
01-28-2015 10:23 PM
It seems that you are using a DSL connection connected to fa0/0 although you didn't specify.
If so and you are having issue with some sites and not others as well as a rather slow connection add:
ip mtu 1452
under interface dialer 1 and I suspect your problem may disappear.
you may also need:
ip tcp adjust-mss 1452
01-29-2015 02:19 AM
It is working now after added ip tcp adjust-mss 1452 line into to all interfaces. But I notice that the throughput is a little bit slower then when I was using Endian UTM 3.0 firewall. Maybe because cisco 1800 is too old, but I can live with that.
Thank you
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide