09-15-2015 06:57 AM - edited 03-08-2019 01:47 AM
Hello,
I wanted to know if anyone could help me with my address translation issue. I have a client machine that is not able to see beyond my Cisco 2911 router, which has NAT overload configured. The Cisco router is attached to a Comcast router where it's receiving an IP from its DHCP pool.
From the Cisco router, I'm able to reach everything. I can reach the client on the LAN and I can reach website IPs like Google and Yahoo. But the client on the LAN cannot ping beyond the outside interface of the Cisco router. The switch only has a switchport configured and a trunk to the router. No VLANs are specified. I am unable to provide the configurations for the Comcast router, but I can say I did not configure any filtering on the device. Our organization has a wireless device that is performing NAT/PAT by default and is also plugged into the Comcast device.
I attached the configs for the Cisco router and a quickly made layout of the network with Microsoft Paint (I'm no artist).
Sincerely,
Sam_I_Am.
Solved! Go to Solution.
09-15-2015 09:20 AM
09-15-2015 07:31 AM
hi,
try adding a default route:
ip route 0.0.0.0 0.0.0.0 dhcp
09-15-2015 07:46 AM
Good morning,
I just gave it a shot and still no luck. Early I also had a default route to the Comcast interface as well, but it gave the same result.
09-15-2015 08:02 AM
Hello
Looks like the comcast is doing NAT for you - so do you need to perform nat again?
How are your clients receiving their addressing?
can you post the config of the switch and ipconfig /all of a client?
res
Paul
09-15-2015 08:35 AM
Hello Paul,
You're right, the Comcast router is performing NAT, but we also wanted to PAT the LAN side interface so we can attach multiple devices. The initial plan is to set up a firewall to perform that PAT and have a WLC hand out IPs with its DHCP functionality...all on the LAN side. For just regular network testing, we have the Cisco router in place of the firewall and just a single client from the switch. Going forward, we want to replace that router with the firewall and hang the wireless controller off the switch.
I cannot post the ipconfig /all because of the DNS information, but I can give you some of the details:
IP: 192.168.10.5
SM: 255.255.255.0
GW: 192.168.10.1
DNS(s): 75.75.75.75 & 76.76.76.76
The switch is pretty blank after several different configuration attempts were scrapped. It's attached below. The switchport for the client machine is fa0/4. The trunk port in use to the Cisco router is fa0/48.
09-15-2015 09:20 AM
Remove the "log" keyword from the acl used for NAT.
Jon
09-15-2015 09:40 AM
That did the trick. After your response, I googled to find out why and a Cisco document stated this in a Q & A:
---When you configure Cisco IOS NAT for dynamic NAT translation, an ACL is used to identify packets that can be translated. The current NAT architecture does not support ACLs with a "log" keyword.---
Jon, thanks a bunch for your help.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide