NAT configration - Page 3

nbnamp · ‎02-20-2017

Hello

Can you help me with an issue with my home setup?

Here is the setup:

Internet SP router <---> R2 Cisco 1841 <---> R3 WiFi :

R1 (192.168.2.1/24) <---> R2 (192.168.2.200/24) F0/0 <--> R2 (192.168.3.220/24) F0/1 <--> R2 (192.168.1.1/24)

no config change allowed on the SP R1

R2 has basic inside/ outside NAT attached config file

R3 simple config for wifi

Issue host C in the network diagram is not able to connect to any of the internal subnets 192.168.1.0 or 192.168.3.0

i think it is related to the NAT config on cisco router:

!
interface FastEthernet0/0
description ++++TOBELLRT-WAN++++
ip address 192.168.2.220 255.255.255.0
ip nat outside
duplex auto
speed auto
!
interface FastEthernet0/1
description ++++LAN++++
ip address 192.168.3.220 255.255.255.0
ip nat inside
duplex auto
speed auto

!

ip route 0.0.0.0 0.0.0.0 192.168.2.1

!
ip nat inside source list 100 interface FastEthernet0/0 overload
!
access-list 100 permit ip any any
!
!

full config file is attached

Please help

Thanks

ik

nbnamp · ‎02-24-2017

Hi Paul

Yes, the DG of the FS is pointing at the 1841

Thanks

ik

nbnamp · ‎02-24-2017

hi paul

any other thoughts?

thanks

ik

paul driver · ‎02-25-2017

Hello Nbnamp

We seem to be going around in circles here - Given the topology you provided both NAT options 1/2 supplied should work.

Did you follow the directions accordingly?
Has the static been removed from the FS?

I see your now using RiP but before you wasn't you using just static routing? - Does rip have a prefix for 192.168.1.0/24 subnet

Please post the current config of the 1841 and confirm that the FS is only using its DG and no additional static routes

Sh ip route
Show ip nat translations

res
Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

nbnamp · ‎02-25-2017

Hello Paul

I did follow your directions.

Here is the output of the FS route print

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.220 192.168.2.222 266
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.2.0 255.255.255.0 On-link 192.168.2.222 266
192.168.2.222 255.255.255.255 On-link 192.168.2.222 266
192.168.2.255 255.255.255.255 On-link 192.168.2.222 266
192.168.56.0 255.255.255.0 On-link 192.168.56.1 266
192.168.56.1 255.255.255.255 On-link 192.168.56.1 266
192.168.56.255 255.255.255.255 On-link 192.168.56.1 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.2.222 266
224.0.0.0 240.0.0.0 On-link 192.168.56.1 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.2.222 266
255.255.255.255 255.255.255.255 On-link 192.168.56.1 266
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 192.168.2.220 Default
===========================================================================

Output form Cisco 1841

mainrt#sh run
Building configuration...

Current configuration : 1541 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname mainrt
!
boot-start-marker
boot-end-marker
!
enable secret 5
!
no aaa new-model
ip cef
!
!
!
!
no ip domain lookup
!
!
!
!
!
!
interface FastEthernet0/0
description ++++TO BELL RT-WAN++++
ip address 192.168.2.220 255.255.255.0
ip nat outside
duplex auto
speed auto
!
interface FastEthernet0/1
description ++++LAN++++
ip address 192.168.3.220 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface FastEthernet0/0/0
!
interface FastEthernet0/0/1
!
interface FastEthernet0/0/2
!
interface FastEthernet0/0/3
!
interface Serial0/1/0
no ip address
shutdown
clock rate 2000000
!
interface Serial0/1/1
no ip address
shutdown
clock rate 2000000
!
interface Vlan1
no ip address
!
interface Vlan50
description +++LAN+++
no ip address
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.2.1
ip route 192.168.1.0 255.255.255.0 192.168.3.1
!
!
no ip http server
ip http authentication local
no ip http secure-server
ip nat inside source list 100 interface FastEthernet0/0 overload
ip nat outside source static 192.168.2.222 192.168.3.222 add-route
!
access-list 100 deny   ip host 192.168.3.222 any
access-list 100 permit ip 192.168.3.0 0.0.0.255 any
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line vty 0 4
login
!
scheduler allocate 20000 1000
end

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
mainrt#sh ip nat translations
Pro Inside global      Inside local       Outside local      Outside global
--- ---                ---                192.168.3.222      192.168.2.222
icmp 192.168.1.1:14    192.168.1.1:14     192.168.3.222:14   192.168.2.222:14
icmp 192.168.3.1:14    192.168.3.1:14     192.168.3.222:14   192.168.2.222:14
tcp 192.168.3.1:80     192.168.3.1:80     192.168.3.222:30562 192.168.2.222:30562
tcp 192.168.3.1:80     192.168.3.1:80     192.168.3.222:30573 192.168.2.222:30573
tcp 192.168.3.1:80     192.168.3.1:80     192.168.3.222:30589 192.168.2.222:30589
tcp 192.168.3.1:80     192.168.3.1:80     192.168.3.222:30608 192.168.2.222:30608
tcp 192.168.3.1:80     192.168.3.1:80     192.168.3.222:30624 192.168.2.222:30624
tcp 192.168.3.1:80     192.168.3.1:80     192.168.3.222:30657 192.168.2.222:30657
tcp 192.168.3.1:80     192.168.3.1:80     192.168.3.222:30676 192.168.2.222:30676
tcp 192.168.3.1:80     192.168.3.1:80     192.168.3.222:30690 192.168.2.222:30690
tcp 192.168.3.1:80     192.168.3.1:80     192.168.3.222:30705 192.168.2.222:30705
tcp 192.168.3.1:80     192.168.3.1:80     192.168.3.222:30721 192.168.2.222:30721
tcp 192.168.3.1:80     192.168.3.1:80     192.168.3.222:30737 192.168.2.222:30737
tcp 192.168.3.1:80     192.168.3.1:80     192.168.3.222:30751 192.168.2.222:30751
tcp 192.168.3.1:80     192.168.3.1:80     192.168.3.222:30763 192.168.2.222:30763
tcp 192.168.3.1:80     192.168.3.1:80     192.168.3.222:30774 192.168.2.222:30774
tcp 192.168.3.1:80     192.168.3.1:80     192.168.3.222:30784 192.168.2.222:30784
tcp 192.168.3.1:80     192.168.3.1:80     192.168.3.222:30812 192.168.2.222:30812
tcp 192.168.3.1:80     192.168.3.1:80     192.168.3.222:30825 192.168.2.222:30825
tcp 192.168.3.1:80     192.168.3.1:80     192.168.3.222:30835 192.168.2.222:30835
tcp 192.168.3.1:80     192.168.3.1:80     192.168.3.222:30856 192.168.2.222:30856
udp 192.168.2.220:4175 192.168.3.1:4175   8.8.8.8:53         8.8.8.8:53
udp 192.168.2.220:5628 192.168.3.1:5628   8.8.8.8:53         8.8.8.8:53
udp 192.168.2.220:5882 192.168.3.1:5882   8.8.8.8:53         8.8.8.8:53
udp 192.168.2.220:5886 192.168.3.1:5886   8.8.8.8:53         8.8.8.8:53
udp 192.168.2.220:5974 192.168.3.1:5974   8.8.8.8:53         8.8.8.8:53
udp 192.168.2.220:6954 192.168.3.1:6954   8.8.8.8:53         8.8.8.8:53
udp 192.168.2.220:7102 192.168.3.1:7102   8.8.8.8:53         8.8.8.8:53
udp 192.168.2.220:9357 192.168.3.1:9357   8.8.8.8:53         8.8.8.8:53
udp 192.168.2.220:11523 192.168.3.1:11523 8.8.4.4:53         8.8.4.4:53
udp 192.168.2.220:13438 192.168.3.1:13438 8.8.8.8:53         8.8.8.8:53
udp 192.168.2.220:14073 192.168.3.1:14073 8.8.8.8:53         8.8.8.8:53
udp 192.168.2.220:14687 192.168.3.1:14687 8.8.8.8:53         8.8.8.8:53
udp 192.168.2.220:14998 192.168.3.1:14998 8.8.8.8:53         8.8.8.8:53
udp 192.168.2.220:16005 192.168.3.1:16005 8.8.8.8:53         8.8.8.8:53
udp 192.168.2.220:17906 192.168.3.1:17906 8.8.8.8:53         8.8.8.8:53
udp 192.168.2.220:18212 192.168.3.1:18212 8.8.4.4:53         8.8.4.4:53
udp 192.168.2.220:18862 192.168.3.1:18862 8.8.8.8:53         8.8.8.8:53
udp 192.168.2.220:20911 192.168.3.1:20911 8.8.8.8:53         8.8.8.8:53
udp 192.168.2.220:20944 192.168.3.1:20944 8.8.8.8:53         8.8.8.8:53
udp 192.168.2.220:24450 192.168.3.1:24450 8.8.8.8:53         8.8.8.8:53
udp 192.168.2.220:25139 192.168.3.1:25139 8.8.8.8:53         8.8.8.8:53
udp 192.168.2.220:25370 192.168.3.1:25370 8.8.8.8:53         8.8.8.8:53
udp 192.168.2.220:26398 192.168.3.1:26398 8.8.8.8:53         8.8.8.8:53
udp 192.168.2.220:28431 192.168.3.1:28431 8.8.4.4:53         8.8.4.4:53
udp 192.168.2.220:29782 192.168.3.1:29782 8.8.8.8:53         8.8.8.8:53
udp 192.168.2.220:31268 192.168.3.1:31268 8.8.4.4:53         8.8.4.4:53
udp 192.168.2.220:32339 192.168.3.1:32339 8.8.8.8:53         8.8.8.8:53
udp 192.168.2.220:33607 192.168.3.1:33607 8.8.4.4:53         8.8.4.4:53
udp 192.168.2.220:33776 192.168.3.1:33776 8.8.8.8:53         8.8.8.8:53
udp 192.168.2.220:33915 192.168.3.1:33915 8.8.8.8:53         8.8.8.8:53
udp 192.168.2.220:34022 192.168.3.1:34022 8.8.8.8:53         8.8.8.8:53
udp 192.168.2.220:34339 192.168.3.1:34339 8.8.4.4:53         8.8.4.4:53
udp 192.168.2.220:34339 192.168.3.1:34339 8.8.8.8:53         8.8.8.8:53
udp 192.168.2.220:34703 192.168.3.1:34703 8.8.8.8:53         8.8.8.8:53
udp 192.168.2.220:35447 192.168.3.1:35447 8.8.4.4:53         8.8.4.4:53
tcp 192.168.2.220:36269 192.168.3.1:36269 209.85.201.188:5228 209.85.201.188:5228
udp 192.168.2.220:37359 192.168.3.1:37359 8.8.8.8:53         8.8.8.8:53
udp 192.168.2.220:37692 192.168.3.1:37692 192.168.2.222:514 192.168.2.222:514
udp 192.168.2.220:38079 192.168.3.1:38079 8.8.8.8:53         8.8.8.8:53
udp 192.168.2.220:38506 192.168.3.1:38506 24.220.236.2:64949 24.220.236.2:64949
udp 192.168.2.220:38506 192.168.3.1:38506 50.98.61.178:18021 50.98.61.178:18021
udp 192.168.2.220:38506 192.168.3.1:38506 101.190.230.56:17775 101.190.230.56:17775
udp 192.168.2.220:38506 192.168.3.1:38506 151.250.187.241:26581 151.250.187.241:26581
udp 192.168.2.220:38853 192.168.3.1:38853 8.8.4.4:53         8.8.4.4:53
udp 192.168.2.220:42104 192.168.3.1:42104 8.8.8.8:53         8.8.8.8:53
udp 192.168.2.220:42558 192.168.3.1:42558 8.8.8.8:53         8.8.8.8:53
udp 192.168.2.220:43839 192.168.3.1:43839 8.8.8.8:53         8.8.8.8:53
udp 192.168.2.220:45747 192.168.3.1:45747 8.8.8.8:53         8.8.8.8:53
udp 192.168.2.220:47947 192.168.3.1:47947 8.8.8.8:53         8.8.8.8:53
udp 192.168.2.220:49569 192.168.3.1:49569 8.8.4.4:53         8.8.4.4:53
udp 192.168.2.220:49569 192.168.3.1:49569 8.8.8.8:53         8.8.8.8:53
udp 192.168.2.220:49578 192.168.3.1:49578 8.8.8.8:53         8.8.8.8:53
udp 192.168.2.220:50832 192.168.3.1:50832 8.8.8.8:53         8.8.8.8:53
tcp 192.168.2.220:52606 192.168.3.1:52606 173.194.68.108:993 173.194.68.108:993
udp 192.168.2.220:52683 192.168.3.1:52683 8.8.8.8:53         8.8.8.8:53
tcp 192.168.2.220:52732 192.168.3.1:52732 172.229.232.191:443 172.229.232.191:443
tcp 192.168.2.220:52733 192.168.3.1:52733 172.229.235.151:443 172.229.235.151:443
tcp 192.168.2.220:52734 192.168.3.1:52734 17.154.65.2:443    17.154.65.2:443
tcp 192.168.2.220:52735 192.168.3.1:52735 17.253.15.205:80   17.253.15.205:80
udp 192.168.2.220:53177 192.168.3.1:53177 173.194.204.155:443 173.194.204.155:443
udp 192.168.2.220:53178 192.168.3.1:53178 142.176.121.226:443 142.176.121.226:443
udp 192.168.2.220:53179 192.168.3.1:53179 172.217.4.67:443   172.217.4.67:443
tcp 192.168.2.220:55640 192.168.3.1:55640 101.190.230.56:17775 101.190.230.56:17775
tcp 192.168.2.220:55661 192.168.3.1:55661 143.127.93.102:80 143.127.93.102:80
tcp 192.168.2.220:55725 192.168.3.1:55725 216.58.219.206:443 216.58.219.206:443
tcp 192.168.2.220:55726 192.168.3.1:55726 173.194.204.155:443 173.194.204.155:443
tcp 192.168.2.220:55727 192.168.3.1:55727 23.66.204.30:80    23.66.204.30:80
tcp 192.168.2.220:55728 192.168.3.1:55728 23.66.204.30:80    23.66.204.30:80
tcp 192.168.2.220:55729 192.168.3.1:55729 23.66.204.30:80    23.66.204.30:80
tcp 192.168.2.220:55730 192.168.3.1:55730 23.66.204.30:80    23.66.204.30:80
tcp 192.168.2.220:55731 192.168.3.1:55731 23.66.204.30:80    23.66.204.30:80
tcp 192.168.2.220:55732 192.168.3.1:55732 23.66.204.30:80    23.66.204.30:80
tcp 192.168.2.220:55733 192.168.3.1:55733 172.217.6.200:80   172.217.6.200:80
tcp 192.168.2.220:55734 192.168.3.1:55734 23.66.204.30:443   23.66.204.30:443
udp 192.168.2.220:57250 192.168.3.1:57250 216.58.219.206:443 216.58.219.206:443
udp 192.168.2.220:58604 192.168.3.1:58604 8.8.8.8:53         8.8.8.8:53
udp 192.168.2.220:58672 192.168.3.1:58672 8.8.8.8:53         8.8.8.8:53
udp 192.168.2.220:59560 192.168.3.1:59560 8.8.8.8:53         8.8.8.8:53
udp 192.168.2.220:59932 192.168.3.1:59932 8.8.8.8:53         8.8.8.8:53
udp 192.168.2.220:60860 192.168.3.1:60860 8.8.8.8:53         8.8.8.8:53
udp 192.168.2.220:61780 192.168.3.1:61780 8.8.8.8:53         8.8.8.8:53
udp 192.168.2.220:62142 192.168.3.1:62142 8.8.8.8:53         8.8.8.8:53
udp 192.168.2.220:62545 192.168.3.1:62545 8.8.8.8:53         8.8.8.8:53
udp 192.168.2.220:64379 192.168.3.1:64379 8.8.4.4:53         8.8.4.4:53
icmp 192.168.3.220:14 192.168.3.220:14   192.168.3.222:14   192.168.2.222:14

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
mainrt#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is 192.168.2.1 to network 0.0.0.0

S    192.168.1.0/24 [1/0] via 192.168.3.1
C    192.168.2.0/24 is directly connected, FastEthernet0/0
     192.168.3.0/24 is variably subnetted, 2 subnets, 2 masks
C       192.168.3.0/24 is directly connected, FastEthernet0/1
S       192.168.3.222/32 [1/0] via 192.168.2.222
S*   0.0.0.0/0 [1/0] via 192.168.2.1
mainrt#

Rip config was for testing only, i removed and added a static route

Everything else seems to be working except

not able to ping any ip from 192.168.2.0 to 192.168.1.0

pings from 192.168.1.0 to 192.168.2.0 is working

not able to ping F0/1 ( 192.168.3.220) of cisco 1841 from 192.168.2.0

Thank you

ik

paul driver · ‎02-27-2017

Hello

pings from 192.168.1.0 to 192.168.2.0 is working

This is correct as PAT is working accordingly.

not able to ping any ip from 192.168.2.0 to 192.168.1.0

not able to ping F0/1 ( 192.168.3.220) of cisco 1841 from 192.168.2.0

You should ONLY be able to from the specific natted outside address 192.168.2.222 (192.168.3.222) you've applied but NOT any other outside host from 192.168.2.0/24

Dont forget you are hiding the inside addressing from the outside, So from any other outside address if you wish to connect to an inside host then additional static nat translation would be applicable like above.

It does look like the existing nat config is working as it should with this nat translation output you posted:
icmp 192.168.1.1:14    192.168.1.1:14     192.168.3.222:14   192.168.2.222:14
icmp 192.168.3.1:14    192.168.3.1:14     192.168.3.222:14   192.168.2.222:14

tcp 192.168.3.1:80     192.168.3.1:80     192.168.3.222:30751 192.168.2.222:30751
tcp 192.168.3.1:80     192.168.3.1:80     192.168.3.222:30763 192.168.2.222:30763
tcp 192.168.3.1:80     192.168.3.1:80     192.168.3.222:30774 192.168.2.222:30774

Can you confirm this?

res
Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul