Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1400
Views
0
Helpful
2
Replies

NAT is not working on a 1812 router

Bjorntimmer
Level 1
Level 1

‎01-27-2013 12:50 PM - edited ‎03-07-2019 11:20 AM

Hi,

I'm currently working on an expansion of our network. The situation now is that we have one ADSL modem for the users in het network and 1 BDSL for our servers. Both have a seperate gateway and now I want to reduce that to one gateway, because we are going to work with vlan's.

Now we have a cisco 817 (Managed by ISP) that is connected to the outside port of our cisco pix. The router has xxx.xxx.xxx.1/29 address and the outside interface of the firewall has the xxx.xxx.xxx.2/29 address. At this moment I make PAT with xxx.xxx.xxx.2 till xxx.xxx.xxx.6 and everything is working fine.

In the new situation I'm testing the cisco 817 is connect to a cisco 1812 fa0/0 and the ADSL modem is connected to the same cisco 1812 on the fa0/1 int. After that the fa0/2 from the 1812 is connected with vlan 1 to the outside interface of the firewall. I've made policy based routing for the outgoing traffic and that's all working fine. I also need to the PAT on the cisco 1812 and here is the problem. On the fa0/0 int is the ip address xxx.xxx.xxx.2/29 configured and when I do a PAT on that address everything goes to the firewall, but when I use .2 of .3 for example I don't get any traffic on my firewall. I'm pretty new to the cisco routers, maybe I've made a fault in the configuration. Maybe you guys can see what I'm doing wrong or have some debugging tips.

Here is the configuration:
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname nldhrtroutside
!
boot-start-marker
boot-end-marker
!
logging buffered 4096 debugging
!
aaa new-model
!
!
!
aaa session-id common
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
!
!
ip cef
!
!
ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh version 2
!
interface FastEthernet0
description xs4all_bdsl
ip address xxx.xxx.xxx.2 255.255.255.248
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet1
description xs4all_adsl
ip address 192.168.20.2 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet2
description outside_netwrok
!
interface FastEthernet3
!
interface FastEthernet4
shutdown
!
interface FastEthernet5
shutdown
!
interface FastEthernet6
shutdown
!
interface FastEthernet7
shutdown
!
interface FastEthernet8
shutdown
!
interface FastEthernet9
shutdown
!
interface Vlan1
description outside_network
ip address 10.10.20.1 255.255.255.248
ip nat inside
ip virtual-reassembly
ip policy route-map PBR
!
interface Async1
no ip address
encapsulation slip
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.20.1
ip route 192.168.1.0 255.255.255.0 10.10.20.3
!
!
no ip http server
no ip http secure-server
ip nat inside source route-map ADSL interface FastEthernet1 overload
ip nat inside source route-map BDSL interface FastEthernet0 overload
ip nat inside source static tcp 192.168.1.21 80 xxx.xxx.xxx.2 80 extendable
p nat inside source static tcp 192.168.1.21 80 xxx.xxx.xxx.3 80 extendable
!
access-list 10 permit 192.168.1.21
access-list 10 permit 192.168.1.22
access-list 20 permit 192.168.1.0 0.0.0.255
snmp-server community public RO
!
route-map BDSL permit 10
match ip address 10
match interface FastEthernet0
!
route-map ADSL permit 20
match ip address 20
match interface FastEthernet1
!
route-map PBR permit 10
match ip address 10
set interface FastEthernet0
set ip next-hop xxx.xxx.xxx.1
!
route-map PBR permit 20
match ip address 20
set interface FastEthernet1
set ip next-hop 192.168.20.1
!
!
!
!
control-plane
!
!
line con 0
line 1
modem InOut
stopbits 1
speed 115200
flowcontrol hardware
line aux 0
line vty 0 4
password *
transport input ssh
!
no scheduler allocate
end

Labels:
0 Helpful
2 Replies 2

Bjorntimmer
Level 1
Level 1

‎01-29-2013 11:50 AM

Nobody has an idea?

Sent from Cisco Technical Support iPad App

0 Helpful

Bjorntimmer
Level 1
Level 1
In response to Bjorntimmer

‎02-01-2013 12:05 AM

I've solved this problem my self. The last test I did the rest of the addresses didn't come through, so I thought lets reboot the 817 router. After the reboot of the Cisco 817 router all the address were forwarded to my firewall

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card