Re: No traffic thru NAT

markgramlich · ‎04-15-2005

We have a 1700 router running v12.3. The router has one 1ENET interface card. This connection is going to a wireless ISP. From the router, we can ping to the inside addresses and to the outside addresses. From our inside addresses, we cannot ping past the router. The SHOW IP NAT TRANS has no information. The DEBUG IP NAT also shows no traffic. Below are portions of our config.

!

interface Ethernet0

ip address 65.246.29.210 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat outside

half-duplex

no cdp enable

!

interface FastEthernet0

ip address 192.168.1.8 255.255.255.0 secondary

ip address 192.168.0.8 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

speed auto

half-duplex

no cdp enable

!

ip nat pool ovrld 65.246.29.210 65.246.29.210 prefix-length 24

ip nat inside source list 102 pool ovrld overload

ip classless

ip route 0.0.0.0 0.0.0.0 Ethernet0

ip route 0.0.0.0 0.0.0.0 65.246.29.1

no ip http server

!

<snip>

!

logging trap debugging

logging facility local2

access-list 100 permit udp any any eq bootpc

access-list 102 permit ip any any

dialer-list 1 protocol ip permit

no cdp run

banner motd ^C UNAUTHORISED ACCESS IS PROHIBITED ^C

!

mhussein · ‎04-15-2005

Hello,

I think the outside interface overload should be configured:

ip nat inside source list 102 interface e0 overload

No need for "ip nat pool". ACL 102 should be modified (optionally) to

access-list 102 permit ip 192.168.0.0 255.255.254.0 any

HTH,

Mustafa

markgramlich · ‎04-29-2005

That worked!

Here's a new question...

What was wrong with the original config?

spremkumar · ‎04-30-2005

hi

i feel the ACL change would hve done the trick,coz we did face the same kinda issues in past and got it corrected by specifying the particular/specifi network in ACL which has to get natted out ..

regds