Solved: Problems with NAT/PAT with Cisco and Comcast

Sam_I_Am. · ‎09-15-2015

Hello,

I wanted to know if anyone could help me with my address translation issue. I have a client machine that is not able to see beyond my Cisco 2911 router, which has NAT overload configured. The Cisco router is attached to a Comcast router where it's receiving an IP from its DHCP pool.

From the Cisco router, I'm able to reach everything. I can reach the client on the LAN and I can reach website IPs like Google and Yahoo. But the client on the LAN cannot ping beyond the outside interface of the Cisco router. The switch only has a switchport configured and a trunk to the router. No VLANs are specified. I am unable to provide the configurations for the Comcast router, but I can say I did not configure any filtering on the device. Our organization has a wireless device that is performing NAT/PAT by default and is also plugged into the Comcast device.

I attached the configs for the Cisco router and a quickly made layout of the network with Microsoft Paint (I'm no artist).

Sincerely,

Sam_I_Am.

Jon Marshall · ‎09-15-2015

Remove the "log" keyword from the acl used for NAT.

Jon

View solution in original post

johnlloyd_13 · ‎09-15-2015

hi,

try adding a default route:

ip route 0.0.0.0 0.0.0.0 dhcp

Sam_I_Am. · ‎09-15-2015

Good morning,

I just gave it a shot and still no luck. Early I also had a default route to the Comcast interface as well, but it gave the same result.

paul driver · ‎09-15-2015

Hello

Looks like the comcast is doing NAT for you - so do you need to perform nat again?
How are your clients receiving their addressing?

can you post the config of the switch and ipconfig /all of a client?

res

Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Sam_I_Am. · ‎09-15-2015

Hello Paul,

You're right, the Comcast router is performing NAT, but we also wanted to PAT the LAN side interface so we can attach multiple devices. The initial plan is to set up a firewall to perform that PAT and have a WLC hand out IPs with its DHCP functionality...all on the LAN side. For just regular network testing, we have the Cisco router in place of the firewall and just a single client from the switch. Going forward, we want to replace that router with the firewall and hang the wireless controller off the switch.

I cannot post the ipconfig /all because of the DNS information, but I can give you some of the details:

IP: 192.168.10.5

SM: 255.255.255.0

GW: 192.168.10.1

DNS(s): 75.75.75.75 & 76.76.76.76

The switch is pretty blank after several different configuration attempts were scrapped. It's attached below. The switchport for the client machine is fa0/4. The trunk port in use to the Cisco router is fa0/48.

Jon Marshall · ‎09-15-2015

Remove the "log" keyword from the acl used for NAT.

Jon

Sam_I_Am. · ‎09-15-2015

That did the trick. After your response, I googled to find out why and a Cisco document stated this in a Q & A:

---When you configure Cisco IOS NAT for dynamic NAT translation, an ACL is used to identify packets that can be translated. The current NAT architecture does not support ACLs with a "log" keyword.---

Jon, thanks a bunch for your help.