Solved: Re: DHCP on inside interface with NAT can not work fine(subnet of nat inside interface is different ...

angelyouyou · ‎02-27-2018

Topology:

Client(DHCP Client:192.168.1.1/24)-----(DHCP Relay:192.168.1.254/24)Gateway----(NAT Inside:

10.1.1.2/30)Outband(NAT Outband:200.1.1.1/30)----ISP

Issue:

The overload nat can not work fine.the Outband router did not translate 192.168.1.1(DHCP Client) to its s1/1 interface's IP(200.1.1.1).

Configuration on Outband router:

!
ip nat source list NAT interface Serial1/1 overload --->!!!!!!this configuraion can not work fine.

ip nat inside source static tcp 192.168.10.1 23 200.1.1.1 2300 extendable --->another static NAT for inside Server, it works fine.
ip route 0.0.0.0 0.0.0.0 200.1.1.2 -->point to ISP
ip route 192.168.0.0 255.255.0.0 10.1.1.1 -->point to Gateway
!
ip access-list extended NAT
permit ip 192.168.1.0 0.0.0.255 any -->point to DHCP client
permit ip 192.168.2.0 0.0.0.255 any -->point to DHCP client
!

The nat shown as below is another static NAT for inside Server.

Outband#show ip nat translations
Pro Inside global Inside local Outside local Outside global
tcp 200.1.1.1:2300 192.168.10.1:23 --- ---

angelyouyou · ‎03-04-2018

I have found themistake of NAT configuration.
"ip nat source list NAT interface Serial1/1 overload"
There is no inside key word.

View solution in original post

Alexander Istomin · ‎02-27-2018

Hello,

Why did you focus on DHCP in the scenario? Does this really matter?

1. Please, show "show ip nat statictics" output.

2. Can u ping 10.1.1.2 from client?

At first sight, nat configuration looks fine.

angelyouyou · ‎02-27-2018

1. Please, show "show ip nat statictics" output.

-->After I modified the interfaces IP confguations between Outband and Gateway(from 10.1.1.1/24 to 192.168.0.1/30) it work fine.

2. Can u ping 10.1.1.2 from client?

-->ping is sucess.DHCP relay work fine.

My lab devices are C7200(c7200-adventerprisek9_sna-mz.152-4.M11.image) on GNS3 2.1.3 platform.

Deepak Kumar · ‎02-27-2018

Hi,

You can use the 10.1.1.2 IP. What I thinking that You are having an issue with routing in your previous network subnets.

Regards.

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

Deepak Kumar · ‎02-27-2018

Hi,

I can see that there is two type of NAT configured on your router 1. Source and 2. Destination.

I have some confusion with your current configuration. Can you share full running configuration?

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

angelyouyou · ‎02-27-2018

1.Ping result from PC:
PC-1> ping 200.1.1.2
200.1.1.2 icmp_seq=1 timeout
200.1.1.2 icmp_seq=2 timeout
200.1.1.2 icmp_seq=3 timeout
200.1.1.2 icmp_seq=4 timeout
200.1.1.2 icmp_seq=5 timeout

PC-1> ping 10.1.1.2
84 bytes from 10.1.1.2 icmp_seq=1 ttl=254 time=65.146 ms
84 bytes from 10.1.1.2 icmp_seq=2 ttl=254 time=40.716 ms
84 bytes from 10.1.1.2 icmp_seq=3 ttl=254 time=24.430 ms
84 bytes from 10.1.1.2 icmp_seq=4 ttl=254 time=32.573 ms
84 bytes from 10.1.1.2 icmp_seq=5 ttl=254 time=36.645 ms

2.Information about another NAT item
ip nat inside source static tcp 192.168.10.1 23 200.1.1.1 2300 extendable
This static NAT item is used for Internet to access inside Server, it works fine.

3. Configuration and other information.
====================================
1.configuration and routes on Gateway(DHCP-Relay):
!
interface GigabitEthernet0/0.1
encapsulation dot1Q 10
ip address 192.168.1.254 255.255.255.0
ip helper-address 192.168.0.2
ip helper-address 10.1.1.2
!
interface GigabitEthernet0/0.2
encapsulation dot1Q 20
ip address 192.168.2.254 255.255.255.0
ip helper-address 192.168.0.2
ip helper-address 10.1.1.2
!

Gateway#show ip route
...

S* 0.0.0.0/0 [1/0] via 10.1.1.2
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.1.1.0/30 is directly connected, Serial1/0
L 10.1.1.1/32 is directly connected, Serial1/0
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.0/24 is directly connected, GigabitEthernet0/0.1
L 192.168.1.254/32 is directly connected, GigabitEthernet0/0.1
192.168.2.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.2.0/24 is directly connected, GigabitEthernet0/0.2
L 192.168.2.254/32 is directly connected, GigabitEthernet0/0.2

2.configuration, nat and routes on Outband(DHCP-Server and NAT):
!
ip dhcp pool dhcp-pool1
network 192.168.1.0 255.255.255.0
default-router 192.168.1.254
dns-server 114.114.114.114
!
ip dhcp pool dhcp-pool2
network 192.168.2.0 255.255.255.0
default-router 192.168.2.254
dns-server 114.114.114.114
!
interface GigabitEthernet0/0
ip address 192.168.10.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex full
speed 1000
media-type gbic
negotiation auto
!
interface Serial1/0
ip address 10.1.1.2 255.255.255.252
ip nat inside
ip virtual-reassembly in
serial restart-delay 0
!
interface Serial1/1
ip address 200.1.1.1 255.255.255.0
ip nat outside
ip virtual-reassembly in
serial restart-delay 0
!
ip nat source list NAT interface Serial1/1 overload
ip nat inside source static tcp 192.168.10.1 23 200.1.1.1 2300 extendable
ip route 0.0.0.0 0.0.0.0 200.1.1.2
ip route 192.168.0.0 255.255.0.0 10.1.1.1
!
ip access-list extended NAT
permit ip 192.168.1.0 0.0.0.255 any
permit ip 192.168.2.0 0.0.0.255 any
!

Outband#show ip route
...

S* 0.0.0.0/0 [1/0] via 200.1.1.2
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.1.1.0/30 is directly connected, Serial1/0
L 10.1.1.2/32 is directly connected, Serial1/0
S 192.168.0.0/16 [1/0] via 10.1.1.1
192.168.10.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.10.0/24 is directly connected, GigabitEthernet0/0
L 192.168.10.254/32 is directly connected, GigabitEthernet0/0
200.1.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 200.1.1.0/24 is directly connected, Serial1/1
L 200.1.1.1/32 is directly connected, Serial1/1

Outband#show ip nat translations
Pro Inside global Inside local Outside local Outside global
tcp 200.1.1.1:2300 192.168.10.1:23 --- ---

Outband#show ip nat statistics
Total active translations: 1 (1 static, 0 dynamic; 1 extended)
Peak translations: 1, occurred 00:10:21 ago
Outside interfaces:
Serial1/1
Inside interfaces:
GigabitEthernet0/0, Serial1/0
Hits: 0 Misses: 0
CEF Translated packets: 0, CEF Punted packets: 0
Expired translations: 0
Dynamic mappings:
-- Outside Destination
[Id: 1] access-list NAT interface Serial1/1 refcount 0

Total doors: 0
Appl doors: 0
Normal doors: 0
Queued Packets: 0

3.configuration and routes on Outband(ISP):
!
ip host www.baidu.com 201.1.1.2
!
interface Loopback0
ip address 114.114.114.114 255.255.255.255
!
interface GigabitEthernet0/0
ip address 201.1.1.1 255.255.255.0
duplex full
speed 1000
media-type gbic
negotiation auto
!
interface Serial1/1
ip address 200.1.1.2 255.255.255.0
serial restart-delay 0
!
!
ip dns server
ip route 0.0.0.0 0.0.0.0 201.1.1.2
!

ISP#show ip route
...

S* 0.0.0.0/0 [1/0] via 201.1.1.2
114.0.0.0/32 is subnetted, 1 subnets
C 114.114.114.114 is directly connected, Loopback0
200.1.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 200.1.1.0/24 is directly connected, Serial1/1
L 200.1.1.2/32 is directly connected, Serial1/1
201.1.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 201.1.1.0/24 is directly connected, GigabitEthernet0/0
L 201.1.1.1/32 is directly connected, GigabitEthernet0/0

4.configuration and routes on Outband(Internet):
!
interface GigabitEthernet0/0
ip address 201.1.1.2 255.255.255.0
duplex full
speed 1000
media-type gbic
negotiation auto
!
ip route 0.0.0.0 0.0.0.0 201.1.1.1
!

Internet#show ip route
...

S* 0.0.0.0/0 [1/0] via 201.1.1.1
201.1.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 201.1.1.0/24 is directly connected, GigabitEthernet0/0
L 201.1.1.2/32 is directly connected, GigabitEthernet0/0

angelyouyou · ‎02-28-2018

here is the topology.

angelyouyou · ‎03-04-2018

I have found themistake of NAT configuration.
"ip nat source list NAT interface Serial1/1 overload"
There is no inside key word.

DHCP on inside interface with NAT can not work fine(subnet of nat inside interface is different with dhcp client)