Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
698
Views
0
Helpful
2
Replies

NAT is not working in 3825

hxmengmetro
Level 1
Level 1

‎01-27-2011 10:31 AM - edited ‎03-06-2019 03:14 PM

Hi All,

As usual I config the router with NAT to reach the internet. I have one ethernet card in 3825 connected to internet through DSL. It has the static IP on it. I configured the NAT as below:

ip nat inside source route-map nonat interface FastEthernet0/1/0 overload

route-map nonat permit 10
match ip address outside

ip access-list extended outside

remark deny the internal traffic to NAT
deny   ip 10.20.60.0 0.0.0.255 10.0.0.0 0.255.255.255
deny   ip 10.21.60.0 0.0.0.255 10.0.0.0 0.255.255.255
permit ip 10.20.60.0 0.0.0.255 any
permit ip 10.21.60.0 0.0.0.255 any

interface FastEthernet0/1/0
description DSL
ip address 99.126.132.25 255.255.255.248
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
no cdp enable

The configuration seems good to me. But the computer inside the LAN just can't go outside. I changed the interface overload to pool overload by setting up one nat pool. Same issue.

Is there anything I'm missing here?

Thanks for the help.

Lou

Labels:
0 Helpful
2 Replies 2

cadet alain
VIP Alumni
VIP Alumni

‎01-27-2011 10:54 AM

Hi,

Can you show us complete running config.

on the router do debug ip nat while you  try pinging 4.2.2.2 from host and post output

Regards.

Alain.

Don't forget to rate helpful posts.
0 Helpful

hxmengmetro
Level 1
Level 1
In response to cadet alain

‎01-27-2011 11:46 AM

Thanks Alain for your quick help. I just tried debug and ping from the router's subinterface which supposes to be routed through the fa0/1/0. It did ping successfully and debug shows correct NAT happening. The wierd thing is when I tried to ping from the computer which connect through one switch and then to this router. It just doesn't work. I also tried to ping from the management vlan interface in the switch. It doesn't work either. No NAT debug log for the ping in the router. It seems like the traffic hasn't arrived at NAT phase and then just get dropped somewhere.

Checked the computer IP setting. No issue. The default gateway is 10.20.60.254 which is the subinterface's IP in the router. I used router on the stick configure mulitple vlans to talk to each other.

Here is my ip route table:

S*    0.0.0.0/0 [1/0] via 99.126.132.30
      10.0.0.0/8 is variably subnetted, 16 subnets, 4 masks
S        10.0.0.0/8 [1/0] via 10.99.15.13
C        10.22.10.0/24 is directly connected, GigabitEthernet0/1
L        10.22.10.254/32 is directly connected, GigabitEthernet0/1
C        10.99.15.12/30 is directly connected, GigabitEthernet0/0
L        10.99.15.14/32 is directly connected, GigabitEthernet0/0
C        10.102.110.0/24 is directly connected, GigabitEthernet0/1.2
L        10.102.110.254/32 is directly connected, GigabitEthernet0/1.2
S        10.201.20.0/24 [1/0] via 99.116.131.30
S        10.201.20.11/32 [1/0] via 12.23.107.68, Virtual-Access2
S        10.201.20.12/32 [1/0] via 12.23.107.68, Virtual-Access2
S        10.201.20.13/32 [1/0] via 174.154.36.153, Virtual-Access2
S        10.201.20.16/32 [1/0] via 174.154.36.153, Virtual-Access2
C        10.20.60.0/24 is directly connected, GigabitEthernet0/1.3
L        10.20.60.254/32 is directly connected, GigabitEthernet0/1.3
C        10.21.60.0/24 is directly connected, GigabitEthernet0/1.4
L        10.21.60.254/32 is directly connected, GigabitEthernet0/1.4
      99.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        99.126.131.24/29 is directly connected, FastEthernet0/1/0
L        99.126.131.25/32 is directly connected, FastEthernet0/1/0


Thanks for the help!

Lou

0 Helpful
Customers Also Viewed These Support Documents