cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1148
Views
0
Helpful
17
Replies

NAT is not working on 2811

Gideon Chong
Level 1
Level 1

Hi,

I'm trying to configure a 2811 with IOS 15.1 for NATTING. I have searched and read a lot and I don't see what I'm doing wrong. If anyone could give me some advice or show me what I'm missing or doing wrong.

I have checked if my ACL is getting hit -> none

When I'm doing static 1-to-1 NATTING it works.

Thanks in advance.

Here is my config:

Current configuration : 1456 bytes

!

! Last configuration change at 09:21:22 UTC Fri Sep 27 2013

version 15.1

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname flgw-utrecht

!

boot-start-marker

boot-end-marker

!

!

!

no aaa new-model

!

!

dot11 syslog

ip source-route

!

!

ip cef

!

!

!

ip domain name xxxxxxxxxx

no ipv6 cef

!

multilink bundle-name authenticated

!

!

!

!

!

!

!

!

!

!

!

voice-card 0

!

crypto pki token default removal timeout 0

!

!

!

!

license udi pid CISCO2811 sn xxxxxxxxx

vtp domain xxxxxxx

vtp mode transparent

!

redundancy

!

!

!

!

!

!

!

!

!

!

interface Loopback0 - for testing purposes

ip address 1.1.1.1 255.255.255.255

!

interface FastEthernet0/0 - LAN

ip address 192.168.40.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

duplex auto

speed auto

!

interface FastEthernet0/1 - INTERNET - My host can ping up to here

ip address xx.xx.xx.130 255.255.255.248

ip nat outside

ip virtual-reassembly in

duplex full

speed 100

!

!

router eigrp 1

network 192.168.0.0 0.0.255.255

network 192.168.40.1 0.0.0.0

!

ip forward-protocol nd

no ip http server

no ip http secure-server

!

!

ip nat inside source list 100 interface FastEthernet0/1 overload

ip route 0.0.0.0 0.0.0.0 xx.xx.xx.129 - IP on provider router

!

access-list 100 permit ip 192.168.100.0 0.0.0.255 any log - My host subnet

!

!

!

!

!

!

control-plane

!

!

!

!

mgcp profile default

!

!

!

!

!

!

line con 0

line aux 0

line vty 0 4

login

transport input all

!

scheduler allocate 20000 1000

end

17 Replies 17

I removed eigrp and put in static routes instead.

On the NAT router:

ip route 192.168.0.0 255.255.0.0 192.168.40.2 - this point to switch interface

On the switch similar command which points to NAT router interface

Still no change. I can still ping xx.xx.xx.130 but xx.xx.xx.129 still doesn't work and I'm not getting hit on the ACL.

I got it to work. I removed the extended ACL and used a standard ACL permitting 192.168.0.0 0.0.255.255

debug ip nat started to show nat translation.

I don't really understand, it should also work with extended ACL.

I will keep testing.

Good to hear that standard Acl and NAT  started to work for you.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: