cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1379
Views
0
Helpful
2
Replies

NAT is not working on a 1812 router

Bjorntimmer
Level 1
Level 1

Hi,

I'm currently working on an expansion of our network. The situation now is that we have one ADSL modem for the users in het network and 1 BDSL for our servers. Both have a seperate gateway and now I want to reduce that to one gateway, because we are going to work with vlan's.

Now we have a cisco 817 (Managed by ISP) that is connected to the outside port of our cisco pix. The router has xxx.xxx.xxx.1/29 address and the outside interface of the firewall has the xxx.xxx.xxx.2/29 address. At this moment I make PAT with xxx.xxx.xxx.2 till xxx.xxx.xxx.6 and everything is working fine.

In the new situation I'm testing the cisco 817 is connect to a cisco 1812 fa0/0 and the ADSL modem is connected to the same cisco 1812 on the fa0/1 int. After that the fa0/2 from the 1812 is connected with vlan 1 to the outside interface of the firewall. I've made policy based routing for the outgoing traffic and that's all working fine. I also need to the PAT on the cisco 1812 and here is the problem. On the fa0/0 int is the ip address xxx.xxx.xxx.2/29 configured and when I do a PAT on that address everything goes to the firewall, but when I use .2 of .3 for example I don't get any traffic on my firewall. I'm pretty new to the cisco routers, maybe I've made a fault in the configuration. Maybe you guys can see what I'm doing wrong or have some debugging tips.

Here is the configuration:
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname nldhrtroutside
!
boot-start-marker
boot-end-marker
!
logging buffered 4096 debugging
!
aaa new-model
!
!
!
aaa session-id common
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
!
!
ip cef
!
!
ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh version 2
!
interface FastEthernet0
description xs4all_bdsl
ip address xxx.xxx.xxx.2 255.255.255.248
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet1
description xs4all_adsl
ip address 192.168.20.2 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet2
description outside_netwrok
!
interface FastEthernet3
!
interface FastEthernet4
shutdown
!
interface FastEthernet5
shutdown
!
interface FastEthernet6
shutdown
!
interface FastEthernet7
shutdown
!
interface FastEthernet8
shutdown
!
interface FastEthernet9
shutdown
!
interface Vlan1
description outside_network
ip address 10.10.20.1 255.255.255.248
ip nat inside
ip virtual-reassembly
ip policy route-map PBR
!
interface Async1
no ip address
encapsulation slip
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.20.1
ip route 192.168.1.0 255.255.255.0 10.10.20.3
!
!
no ip http server
no ip http secure-server
ip nat inside source route-map ADSL interface FastEthernet1 overload
ip nat inside source route-map BDSL interface FastEthernet0 overload
ip nat inside source static tcp 192.168.1.21 80 xxx.xxx.xxx.2 80 extendable
p nat inside source static tcp 192.168.1.21 80 xxx.xxx.xxx.3 80 extendable
!
access-list 10 permit 192.168.1.21
access-list 10 permit 192.168.1.22
access-list 20 permit 192.168.1.0 0.0.0.255
snmp-server community public RO
!
route-map BDSL permit 10
match ip address 10
match interface FastEthernet0
!
route-map ADSL permit 20
match ip address 20
match interface FastEthernet1
!
route-map PBR permit 10
match ip address 10
set interface FastEthernet0
set ip next-hop xxx.xxx.xxx.1
!
route-map PBR permit 20
match ip address 20
set interface FastEthernet1
set ip next-hop 192.168.20.1
!
!
!
!
control-plane
!
!
line con 0
line 1
modem InOut
stopbits 1
speed 115200
flowcontrol hardware
line aux 0
line vty 0 4
password *
transport input ssh
!
no scheduler allocate
end

2 Replies 2

Bjorntimmer
Level 1
Level 1

Nobody has an idea?

Sent from Cisco Technical Support iPad App

I've solved this problem my self. The last test I did the rest of the addresses didn't come through, so I thought lets reboot the 817 router. After the reboot of the Cisco 817 router all the address were forwarded to my firewall

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco