Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1187
Views
0
Helpful
17
Replies

NAT is not working on 2811

Gideon Chong
Level 1
Level 1

‎09-27-2013 12:35 AM - edited ‎03-07-2019 03:42 PM

Hi,

I'm trying to configure a 2811 with IOS 15.1 for NATTING. I have searched and read a lot and I don't see what I'm doing wrong. If anyone could give me some advice or show me what I'm missing or doing wrong.

I have checked if my ACL is getting hit -> none

When I'm doing static 1-to-1 NATTING it works.

Thanks in advance.

Here is my config:

Current configuration : 1456 bytes

!

! Last configuration change at 09:21:22 UTC Fri Sep 27 2013

version 15.1

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname flgw-utrecht

!

boot-start-marker

boot-end-marker

!

!

!

no aaa new-model

!

!

dot11 syslog

ip source-route

!

!

ip cef

!

!

!

ip domain name xxxxxxxxxx

no ipv6 cef

!

multilink bundle-name authenticated

!

!

!

!

!

!

!

!

!

!

!

voice-card 0

!

crypto pki token default removal timeout 0

!

!

!

!

license udi pid CISCO2811 sn xxxxxxxxx

vtp domain xxxxxxx

vtp mode transparent

!

redundancy

!

!

!

!

!

!

!

!

!

!

interface Loopback0 - for testing purposes

ip address 1.1.1.1 255.255.255.255

!

interface FastEthernet0/0 - LAN

ip address 192.168.40.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

duplex auto

speed auto

!

interface FastEthernet0/1 - INTERNET - My host can ping up to here

ip address xx.xx.xx.130 255.255.255.248

ip nat outside

ip virtual-reassembly in

duplex full

speed 100

!

!

router eigrp 1

network 192.168.0.0 0.0.255.255

network 192.168.40.1 0.0.0.0

!

ip forward-protocol nd

no ip http server

no ip http secure-server

!

!

ip nat inside source list 100 interface FastEthernet0/1 overload

ip route 0.0.0.0 0.0.0.0 xx.xx.xx.129 - IP on provider router

!

access-list 100 permit ip 192.168.100.0 0.0.0.255 any log - My host subnet

!

!

!

!

!

!

control-plane

!

!

!

!

mgcp profile default

!

!

!

!

!

!

line con 0

line aux 0

line vty 0 4

login

transport input all

!

scheduler allocate 20000 1000

end

Labels:
0 Helpful
17 Replies 17

Gideon Chong
Level 1
Level 1
In response to shine pothen

‎09-27-2013 02:07 AM

I removed eigrp and put in static routes instead.

On the NAT router:

ip route 192.168.0.0 255.255.0.0 192.168.40.2 - this point to switch interface

On the switch similar command which points to NAT router interface

Still no change. I can still ping xx.xx.xx.130 but xx.xx.xx.129 still doesn't work and I'm not getting hit on the ACL.

0 Helpful

Gideon Chong
Level 1
Level 1
In response to Gideon Chong

‎09-27-2013 02:42 AM

I got it to work. I removed the extended ACL and used a standard ACL permitting 192.168.0.0 0.0.255.255

debug ip nat started to show nat translation.

I don't really understand, it should also work with extended ACL.

I will keep testing.

0 Helpful

shine pothen
Level 3
Level 3
In response to Gideon Chong

‎09-27-2013 04:09 AM

Good to hear that standard Acl and NAT  started to work for you.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card