Solved: CISCO 1841 Won't Overload NAT

firemonkey123 · ‎01-27-2015

Hi all,

Hope I'm not too out of line here. I have Cisco 1841 with software version 12.4. For some reason, nating on dialer interface won't overload. I can only access google and facebook, but not any other site, it will just keep on trying to access the sites. Please see my configuration.

NPCISCO(config)#do sh run
Building configuration...

Current configuration : 1462 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname NPCISCO
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$M.16$/6xrCLI7atrsHS5DaLETh1
!
no aaa new-model
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.146.1 192.168.146.99
!
ip dhcp pool LAN
   network 192.168.146.0 255.255.255.0
   default-router 192.168.146.3
   dns-server 119.82.248.67 119.82.249.10
!
!
ip name-server 119.82.248.67
ip name-server 119.82.249.10
!
!
!
!
interface FastEthernet0/0
no ip address
ip nat outside
duplex auto
speed auto
pppoe enable
pppoe-client dial-pool-number 1
!
interface FastEthernet0/1
ip address 192.168.146.3 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface Dialer1
ip address negotiated
ip nat outside
encapsulation ppp
dialer pool 1
ppp pap sent-username xxxx password 0 xxxx
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
!
no ip http server
ip nat inside source list NAT_ADDRESSES interface Dialer1 overload
!
ip access-list extended NAT_ADDRESSES
permit ip 192.168.146.0 0.0.0.255 any
!
!
control-plane
!
banner motd ^C### Athorized Personnel Only ###^C
!
line con 0
exec-timeout 0 0
password xxxx
logging synchronous
login
line aux 0
line vty 0 5
password xxxx
login
!
end

Any help would be greatly appreciated as I'm learning cisco currently.

Much thanks

bluestreak66 · ‎01-28-2015

It seems that you are using a DSL connection connected to fa0/0 although you didn't specify.

If so and you are having issue with some sites and not others as well as a rather slow connection add:

ip mtu 1452

under interface dialer 1 and I suspect your problem may disappear.

you may also need:

ip tcp adjust-mss 1452

View solution in original post

Richard Burts · ‎01-28-2015

I am a bit puzzled about your problem. In one part of describing the problem you say that the router does not overload - which I assume means that it does not NAT. But then you say "I can only access google and Facebook". It seems to me that if you can reach Google and Faceboot that the router must be doing NAT.

I have two suggestions, though I am not sure that either of them will solve your problem.

- you have nat outside configured on both the Ethernet interface and the Dialer interface. I am not sure why it is on the Ethernet and suggest that you remove that.

- if you are only testing on source interface then why use an extended access list. I suggest that you change the access list and make it a standard access list.

HTH

Rick

HTH

Rick

firemonkey123 · ‎01-29-2015

Thanks for your suggestions but that didn't work. When I can't get out into the internet first thing come to mind was something wrong with NAT. If I didn't overload NAT, then only 1 person can go out to the internet at least that's my logic. And that it seems what was happening. Anyway, thanks though, Bluestreak's suggestion has solve the problem

Richard Burts · ‎01-29-2015

I am glad to know that you have resolved the problem. Thanks for posting back to the forum and letting us know that the problem turned out to be an issue with MTU.

HTH