Gns3 nat configuration not working?
jahaziel
Member Posts: 175 ■■■□□□□□□□
in CCNA & CCENT
Hey guys..
I installed gns3 and did a nat configuration but doesn't seem to work.. I'm pretty sure I did it correctly..
here is the configure
L2G-HQ-EDGE1#show running-config
Building configuration...
Current configuration : 1516 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname L2G-HQ-EDGE1
!
boot-start-marker
warm-reboot
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
no ip icmp rate-limit unreachable
ip cef
ip tcp synwait-time 5
!
!
!
!
no ip domain lookup
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 172.16.1.2 255.255.255.252
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.3.151 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet1/0
ip address 192.168.4.2 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
standby 1 ip 192.168.4.1
standby 1 priority 150
standby 1 preempt
!
interface FastEthernet1/1
no ip address
ip nat inside
ip virtual-reassembly
shutdown
duplex auto
speed auto
!
ip route 0.0.0.0 0.0.0.0 192.168.2.1
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
no ip http server
no ip http secure-server
!
!
ip nat inside source list 1 interface FastEthernet0/0 overload
!
logging alarm informational
access-list 1 permit any
no cdp log mismatch duplex
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
!
!
webvpn context Default_context
ssl authenticate verify all
!
no inservice
!
!
end
I installed gns3 and did a nat configuration but doesn't seem to work.. I'm pretty sure I did it correctly..
here is the configure
L2G-HQ-EDGE1#show running-config
Building configuration...
Current configuration : 1516 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname L2G-HQ-EDGE1
!
boot-start-marker
warm-reboot
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
no ip icmp rate-limit unreachable
ip cef
ip tcp synwait-time 5
!
!
!
!
no ip domain lookup
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 172.16.1.2 255.255.255.252
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.3.151 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet1/0
ip address 192.168.4.2 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
standby 1 ip 192.168.4.1
standby 1 priority 150
standby 1 preempt
!
interface FastEthernet1/1
no ip address
ip nat inside
ip virtual-reassembly
shutdown
duplex auto
speed auto
!
ip route 0.0.0.0 0.0.0.0 192.168.2.1
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
no ip http server
no ip http secure-server
!
!
ip nat inside source list 1 interface FastEthernet0/0 overload
!
logging alarm informational
access-list 1 permit any
no cdp log mismatch duplex
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
!
!
webvpn context Default_context
ssl authenticate verify all
!
no inservice
!
!
end
Comments
-
no!all!
Member Posts: 245 ■■■□□□□□□□
Someone correct me if I'm wrong, but I don't see any actual NAT configuration...it looks like you've placed source list 1 on fa0/0 but it doesn't appear that a source list has actually been created. If that makes sense...A+, N+, S+, CCNA:RS, CCNA:Sec
"In high society TCP is more welcome than UDP. At least it knows a proper handshake" - Ben Franklin
2019 Goals: CCNP:RS & relocate to St. Pete, FL! -
Dieg0M
Member Posts: 861
Are you sure it's not a routing problem? You have 2 default routes that seem to point to different places. If you are getting packet drops you might need to configure SNAT.Follow my CCDE journey at www.routingnull0.com -
Hondabuff
Member Posts: 667 ■■■□□□□□□□
Change the access-list to "access-list 1 permit 192.168.0.0 0.0.255.255" and default route to " ip route 0.0.0.0 0.0.0.0 172.16.1.1" assuming the 172.16.1.1 is the next hop router or gateway of ISP. I would also add NAT inside to fa0/1. Then do a ping to a outside address such as "ping 8.8.8.8 source 192.168.4.2" then do a show ip nat translation and see if its working.“The problem with quotes on the Internet is that you can’t always be sure of their authenticity.” ~Abraham Lincoln -
mikeybinec
Member Posts: 484 ■■■□□□□□□□
i did'nt see the NAT pool defined i.e.
ip nat pool jahaziel_nat 172.16.1.2 172.16.1.2 network 255.255.255.0Cisco NetAcad Cuyamaca College
A.S. LAN Management 2010 Grossmont College
B.S. I.T. Management 2013 National University -
jahaziel
Member Posts: 175 ■■■□□□□□□□
ip nat inside source list 1 interface FastEthernet0/0 overload is the nat pool defined. I'll try the things mentioned about in a bit. It has always worked for me till I set it up on my server.. no idea why.. but ill keep working on it
-
Hondabuff
Member Posts: 667 ■■■□□□□□□□
You don't need a Nat pool if you use the statement "Router(config)#ip nat inside source list 1 interface fastEthernet 0/0 overload " It will reference the Access list 1 for the permit or deny. Nat pools are mainly used in enterprise environments where you have multiple available IP addresses. I don't know where I picked it up but its much easier to use.mikeybinec wrote: »i did'nt see the NAT pool defined i.e.
ip nat pool jahaziel_nat 172.16.1.2 172.16.1.2 network 255.255.255.0“The problem with quotes on the Internet is that you can’t always be sure of their authenticity.” ~Abraham Lincoln -
mikeybinec
Member Posts: 484 ■■■□□□□□□□
Thanks HondabuffCisco NetAcad Cuyamaca College
A.S. LAN Management 2010 Grossmont College
B.S. I.T. Management 2013 National University
