Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
530
Views
0
Helpful
3
Replies

help debugging a simple nat setup

benlemasurier
Level 1
Level 1

‎02-21-2011 11:25 AM - edited ‎03-06-2019 03:40 PM

I'm having touble setting up NAT translations in what appears to be a simple senario. From the router I'm able to ping to the outside world, though clients behind ge0/1 are not.

[Internal LAN 10.10.10.0/26] -> [ ge 0/1 10.10.10.1] ( cisco 2911) -> [ ge 0/0 external.ip.address] -> [internet]

Attached is the router config, any thoughts?

Labels:
81913-datacenter-config.txt.zip
0 Helpful
3 Replies 3

Yudong Wu
Level 7
Level 7

‎02-21-2011 12:17 PM

I don't see any thing wrong in your configuration.

Can you try to move "ip nat inside" command and then apply it back to see if it can fix it?

If not, maybe run some debug like "debug ip nat" and "debug ip packet" .

0 Helpful

benlemasurier
Level 1
Level 1
In response to Yudong Wu

‎02-21-2011 03:20 PM

Thanks Yudong,

Still no luck, here's the 'debug ip packet' output from a host pinging to the outside world:

Feb 21 23:15:40.903: IP: s=10.10.10.60 (GigabitEthernet0/1), d=8.8.8.8, len 84, input feature, Virtual Fragment Reassembly After IPSec Decryption(34), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE

Feb 21 23:15:40.903: IP: s=10.10.10.60 (GigabitEthernet0/1), d=8.8.8.8, len 84, input feature, MCI Check(66), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE

Feb 21 23:15:40.919: IP: s=10.10.10.60 (GigabitEthernet0/1), d=8.8.8.8, len 84, input feature, Stateful Inspection(4), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE

Feb 21 23:15:40.919: IP: s=10.10.10.60 (GigabitEthernet0/1), d=8.8.8.8, len 84, input feature, Virtual Fragment Reassembly(22), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE

Feb 21 23:15:40.919: IP: s=10.10.10.60 (GigabitEthernet0/1), d=8.8.8.8, len 84, input feature, Virtual Fragment Reassembly After IPSec Decryption(34), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE

Feb 21 23:15:40.919: IP: s=10.10.10.60 (GigabitEthernet0/1), d=8.8.8.8, len 84, input feature, MCI Check(66), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE

Feb 21 23:15:40.931: IP: s=10.10.10.60 (GigabitEthernet0/1), d=8.8.8.8, len 84, input feature, Stateful Inspection(4), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE

Feb 21 23:15:40.931: IP: s=10.10.10.60 (GigabitEthernet0/1), d=8.8.8.8, len 84, input feature, Virtual Fragment Reassembly(22), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE

'debug ip nat' has no output

0 Helpful

Yudong Wu
Level 7
Level 7
In response to benlemasurier

‎02-21-2011 09:00 PM

If removing/reapplying "ip nat" command could not fix the issue and there is no "debug ip nat" output, it is most likely a bug. I would suggest you to try a latest code.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card