Solved: Nat on a 2600 Cisco Router

mark-hayward · ‎01-26-2013

Hello,

I have got a Cisco router connected to by broadband line and I receive a public IP address fine on 0/0 and I can ping external addresses as well. But for some reason internal clients cannot access the internet. I think I have set the NAT up correctly but I wondered if someone can help with it as I must have done something wrong...?

Thanks,

Mark

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Joe

!

boot-start-marker

boot-end-marker

!

enable secret 5 $1$xxxG8H/

enable password xxxxxx

!

no aaa new-model

no network-clock-participate slot 1

no network-clock-participate wic 0

no ip cef

!

ip auth-proxy max-nodata-conns 3

ip admission max-nodata-conns 3

!

interface FastEthernet0/0

ip dhcp client client-id hex 37633463613534363032383840736B7964736C7C36692F317035683933554477537775

ip dhcp client class-id hex 37633463613534363032383840736B7964736C7C36692F317035683933664477537775

ip dhcp client lease 365 0 0

ip address dhcp

ip nat outside

ip virtual-reassembly

no ip route-cache

speed 100

full-duplex

!

interface Serial0/0

no ip address

no ip route-cache

shutdown

!

interface FastEthernet1/0

ip address 192.168.80.200 255.255.255.0

ip nat inside

ip virtual-reassembly

no ip route-cache

speed auto

full-duplex

no mop enabled

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 FastEthernet0/0

!

ip http server

no ip http secure-server

!

access-list 1 permit 192.168.80.0 0.0.0.255

access-list 1 permit any

!

control-plane

!

line con 0

line aux 0

line vty 0 4

password xxxxx

login

!

end

Karsten Iwen · ‎01-26-2013

There is no nat rule. You can change that with the following commands:

ip access-list standard 1

no permit any

!

ip nat inside source list 1 int fast 0/0 overload

And in addition to that. You probably get a default-route with DHCP. So you should delete your manually configured route:

no ip route 0.0.0.0 0.0.0.0 fast 0/0

--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

View solution in original post

Karsten Iwen · ‎01-26-2013

There is no nat rule. You can change that with the following commands:

ip access-list standard 1

no permit any

!

ip nat inside source list 1 int fast 0/0 overload

And in addition to that. You probably get a default-route with DHCP. So you should delete your manually configured route:

no ip route 0.0.0.0 0.0.0.0 fast 0/0

--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

mark-hayward · ‎01-26-2013

When I removed the route the router could no longer access the internet even though it had a valid PtP connection. I then added in the route again with the ptp address as the gw and it all works now. great!

Thank you!

Karsten Iwen · ‎01-26-2013

Strange, I think you really should get a default-gateway through DHCP. There are some negative side-effects in pointing a default-route to a broadcast-interface. Try the following default-route instead of the one you configured:

no ip route 0.0.0.0 0.0.0.0 fast 0/0

ip route 0.0.0.0 0.0.0.0 dhcp

--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni