Solved: Re: Cisco 2801 router NAT configuration

shoddy1988 · ‎02-12-2013

Hi,

Im using a 2801 router with a nat configuration.

The issue im having is the nat seems to be allowing only one machine at a time through the nat.

the range i am testing is 192.168.243.0

The firmware is c2801-spservicesk9-m

The config is as follows

Thanks for you help in advance

Brendon

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname VlanRouter

!

boot-start-marker

boot-end-marker

!

no aaa new-model

!

resource policy

!

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

ip subnet-zero

ip cef

!

no ip dhcp use vrf connected

ip dhcp excluded-address 192.168.242.1

ip dhcp excluded-address 192.168.240.1

ip dhcp excluded-address 192.168.241.1

ip dhcp excluded-address 192.168.243.1

ip dhcp excluded-address 10.127.0.1 10.127.0.10

!

ip dhcp pool VL211

network 192.168.241.0 255.255.255.0

dns-server 210.18.210.210

default-router 192.168.241.1

!

ip dhcp pool VL210

network 192.168.240.0 255.255.255.0

dns-server 210.18.210.210

default-router 192.168.240.1

!

ip dhcp pool VL212

network 192.168.242.0 255.255.255.0

default-router 192.168.242.1

dns-server 210.18.210.210

!

ip dhcp pool VL213

network 192.168.243.0 255.255.255.0

default-router 192.168.243.1

dns-server 210.18.210.210

!

ip dhcp pool VL200

network 10.127.0.0 255.255.255.0

default-router 10.127.0.253

dns-server 210.18.210.210

!

interface FastEthernet0/0

ip address 203.25.120.202 255.255.255.0

ip nat outside

duplex auto

speed auto

!

interface FastEthernet0/1

ip address 192.168.239.1 255.255.255.0

duplex auto

speed auto

!

interface FastEthernet0/1.3

encapsulation dot1Q 3

ip address 172.20.255.202 255.255.0.0

ip nat outside

no snmp trap link-status

!

interface FastEthernet0/1.200

encapsulation dot1Q 200

ip address 10.127.0.253 255.255.255.0

ip nat inside

no snmp trap link-status

!

interface FastEthernet0/1.210

description ATV-Tracey

encapsulation dot1Q 210

ip address 192.168.240.1 255.255.255.0

ip nat inside

no snmp trap link-status

!

interface FastEthernet0/1.211

description ATV-Tierney

encapsulation dot1Q 211

ip address 192.168.241.1 255.255.255.0

ip nat inside

no snmp trap link-status

!

interface FastEthernet0/1.212

description ATV-Nitec

encapsulation dot1Q 212

ip address 192.168.242.1 255.255.255.0

ip nat inside

no snmp trap link-status

!

interface FastEthernet0/1.213

description iMac

encapsulation dot1Q 213

ip address 192.168.243.1 255.255.255.0

ip nat inside

no snmp trap link-status

!

interface ATM0/1/0

no ip address

shutdown

no atm ilmi-keepalive

dsl equipment-type CPE

dsl operating-mode GSHDSL symmetric annex A

dsl linerate AUTO

!

ip classless

ip route 0.0.0.0 0.0.0.0 203.25.120.4

!

no ip http server

no ip http secure-server

ip nat inside source list INAT interface FastEthernet0/1.3 overload

ip nat inside source list NAT interface FastEthernet0/0 overload

!

ip access-list standard INAT

permit 192.168.243.0 0.0.0.255

ip access-list standard NAT

permit 10.127.0.0 0.0.0.255

permit 192.168.240.0 0.0.0.255

permit 192.168.241.0 0.0.0.255

permit 192.168.242.0 0.0.0.255

!

control-plane

!

Abzal · ‎02-12-2013

Hi,

If I understood you right. You want subnets under NAT access-list to be forwarded f0/0 and INAT f0/1.3

For such thing you could use Policy-based routing(PBR).

route-map PBR permit 10

match ip address INAT

set interface f0/1.3

interface FastEthernet0/1.213

description iMac

encapsulation dot1Q 213

ip address 192.168.243.1 255.255.255.0

ip policy route-map PBR

ip nat inside

Other traffic would go through f0/0.

Hope it will help.

Best regards,
Abzal

Best regards,
Abzal

View solution in original post

Abzal · ‎02-12-2013

Hi,

If I understood you right. You want subnets under NAT access-list to be forwarded f0/0 and INAT f0/1.3

For such thing you could use Policy-based routing(PBR).

route-map PBR permit 10

match ip address INAT

set interface f0/1.3

interface FastEthernet0/1.213

description iMac

encapsulation dot1Q 213

ip address 192.168.243.1 255.255.255.0

ip policy route-map PBR

ip nat inside

Other traffic would go through f0/0.

Hope it will help.

Best regards,
Abzal

Best regards,
Abzal

shoddy1988 · ‎02-12-2013

Hi Abzal,

Thanks for your reply.

i set the router up using the PBR you set above and i am not getting a response from my default gateway (172.20.251.3).

The NAT was working although it seemed like it couldn't support multiple machines at the same time.

EDIT: I also can't modify any other router which is why i am using a NAT.

Thanks

Brendon

Abzal · ‎02-12-2013

Try this one:

no ip route 0.0.0.0 0.0.0.0 203.25.120.4

route-map PBR2 permit 10

match ip address NAT

set default interface f0/0

route-map PBR1 permit 10

match ip address INAT

set default interface f0/1.3

interface FastEthernet0/1.200

encapsulation dot1Q 200

ip address 10.127.0.253 255.255.255.0

ip nat inside

ip policy route-map PBR2

no snmp trap link-status

!

interface FastEthernet0/1.210

description ATV-Tracey

encapsulation dot1Q 210

ip address 192.168.240.1 255.255.255.0

ip nat inside

ip policy route-map PBR2

no snmp trap link-status

!

interface FastEthernet0/1.211

description ATV-Tierney

encapsulation dot1Q 211

ip address 192.168.241.1 255.255.255.0

ip nat inside

ip policy route-map PBR2

no snmp trap link-status

!

interface FastEthernet0/1.212

description ATV-Nitec

encapsulation dot1Q 212

ip address 192.168.242.1 255.255.255.0

ip nat inside

ip policy route-map PBR2

no snmp trap link-status

interface FastEthernet0/1.213

description iMac

encapsulation dot1Q 213

ip address 192.168.243.1 255.255.255.0

ip policy route-map PBR1

ip nat inside

Hope it will help.

Best regards,
Abzal

Best regards,
Abzal

shoddy1988 · ‎02-12-2013

Hi Abzal,

At this stage I can access everything so i will now do a stress test and get back to you.

Thanks Mate

shoddy1988 · ‎02-13-2013

Hi Abzal.

I tried this configuration again. and it Worked!!

Much Appreciated

With Thanks

Brendon