Options
NAt Failed: but why? - I found the issue but might be helpful for someone...
Deathmage
Banned Posts: 2,496
in CCNA & CCENT
Ok,
So I ran into a problem today with my NAT lab I made at lunch and I configured it in like 20 minutes and then it didn't work and I was like WTF!!! ...I had it all planned in my head and then I got it all done and I was like why is it not working....
can anyone see what I did wrong?
took me forever to look at the config until I found it.... I was like ooo you dumb moron!
NAT-CORE# NAT-CORE#show ru
NAT-CORE#show running-config
Building configuration...
Current configuration : 1895 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname NAT-CORE
!
!
!
enable secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0
!
!
!
!
!
!
no ip cef
no ipv6 cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
no ip address
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
shutdown
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Serial0/0
ip address 192.168.150.1 255.255.255.252
ip access-group Allow-IP-Access out
ip nat outside
clock rate 64000
!
interface Serial0/1
ip address 172.16.30.2 255.255.255.252
ip nat inside
!
interface Ethernet1/0
no ip address
duplex auto
speed auto
shutdown
!
interface Ethernet1/1
no ip address
duplex auto
speed auto
shutdown
!
interface Serial1/0
ip address 172.16.20.2 255.255.255.252
ip nat inside
clock rate 64000
!
router eigrp 300
network 192.168.150.0
network 192.168.102.0
network 192.168.104.0
network 172.16.0.0
auto-summary
!
ip nat pool NAT-TEST-Pool 192.168.150.1 192.168.150.1 netmask 255.255.255.252
ip nat inside source list 2 pool NAT-TEST-POOL overload
ip nat inside source list 4 pool NAT-TEST-POOL overload
ip classless
ip route 192.168.102.0 255.255.255.0 172.16.30.1 150
ip route 192.168.104.0 255.255.255.0 172.16.20.1 150
ip route 192.168.120.0 255.255.255.0 192.168.150.2 150
ip route 0.0.0.0 0.0.0.0 192.168.150.2
!
ip flow-export version 9
!
!
access-list 2 permit 192.168.102.0 0.0.0.255
access-list 4 permit 192.168.104.0 0.0.0.255
ip access-list extended Allow-IP-Access
permit ip any any
!
!
!
!
!
line con 0
history size 50
exec-timeout 0 0
password cisco
logging synchronous
!
line aux 0
!
line vty 0 4
exec-timeout 0 0
password cisco
logging synchronous
login
line vty 5 15
exec-timeout 0 0
password cisco
logging synchronous
login
!
!
!
end
NAT-CORE#
NAT-CORE#
So I ran into a problem today with my NAT lab I made at lunch and I configured it in like 20 minutes and then it didn't work and I was like WTF!!! ...I had it all planned in my head and then I got it all done and I was like why is it not working....
can anyone see what I did wrong?
took me forever to look at the config until I found it.... I was like ooo you dumb moron!
NAT-CORE# NAT-CORE#show ru
NAT-CORE#show running-config
Building configuration...
Current configuration : 1895 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname NAT-CORE
!
!
!
enable secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0
!
!
!
!
!
!
no ip cef
no ipv6 cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
no ip address
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
shutdown
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Serial0/0
ip address 192.168.150.1 255.255.255.252
ip access-group Allow-IP-Access out
ip nat outside
clock rate 64000
!
interface Serial0/1
ip address 172.16.30.2 255.255.255.252
ip nat inside
!
interface Ethernet1/0
no ip address
duplex auto
speed auto
shutdown
!
interface Ethernet1/1
no ip address
duplex auto
speed auto
shutdown
!
interface Serial1/0
ip address 172.16.20.2 255.255.255.252
ip nat inside
clock rate 64000
!
router eigrp 300
network 192.168.150.0
network 192.168.102.0
network 192.168.104.0
network 172.16.0.0
auto-summary
!
ip nat pool NAT-TEST-Pool 192.168.150.1 192.168.150.1 netmask 255.255.255.252
ip nat inside source list 2 pool NAT-TEST-POOL overload
ip nat inside source list 4 pool NAT-TEST-POOL overload
ip classless
ip route 192.168.102.0 255.255.255.0 172.16.30.1 150
ip route 192.168.104.0 255.255.255.0 172.16.20.1 150
ip route 192.168.120.0 255.255.255.0 192.168.150.2 150
ip route 0.0.0.0 0.0.0.0 192.168.150.2
!
ip flow-export version 9
!
!
access-list 2 permit 192.168.102.0 0.0.0.255
access-list 4 permit 192.168.104.0 0.0.0.255
ip access-list extended Allow-IP-Access
permit ip any any
!
!
!
!
!
line con 0
history size 50
exec-timeout 0 0
password cisco
logging synchronous
!
line aux 0
!
line vty 0 4
exec-timeout 0 0
password cisco
logging synchronous
login
line vty 5 15
exec-timeout 0 0
password cisco
logging synchronous
login
!
!
!
end
NAT-CORE#
NAT-CORE#
Comments
-
Options
Hondabuff
Member Posts: 667 ■■■□□□□□□□
I would leave "Attention to details" off of the resume for now.
“The problem with quotes on the Internet is that you can’t always be sure of their authenticity.” ~Abraham Lincoln -
OptionsDeathmage
Banned Posts: 2,496
Ya I wrote it quickly for all of lab, took me 20 minutes to do them all and then I went to compile and I was like well **** it can ping to the center router and the center router can ping all of the routers connected to it so why can't the exterior switches ping the WAN network..... I was like wtf it has to be the core and then I was looking at it closely and I was like, omg you moron, case-sensitive!!!!!
a few 'no' in front of those commands and re-doing them and it worked great. I was really testing my troubleshooting skills out.
...be my luck it will be a exam question.
-
Options
Alceo
Member Posts: 80 ■■□□□□□□□□
Why did you put this?
ip access-list extended Allow-IP-Access
permit ip any any
Just to try the commands or there is a reason? -
Options
mikeybinec
Member Posts: 484 ■■■□□□□□□□
pool--POOL??Cisco NetAcad Cuyamaca College
A.S. LAN Management 2010 Grossmont College
B.S. I.T. Management 2013 National University -
OptionsDeathmage
Banned Posts: 2,496
mikeybinec wrote: »pool--POOL??
Indeed, it's case-sensitive, but with packet tracer I didn't see it at 1st. -
OptionsDeathmage
Banned Posts: 2,496
Why did you put this?
ip access-list extended Allow-IP-Access
permit ip any any
Just to try the commands or there is a reason?
it was more for troubleshooting, it helped me find the syntax with the case-sensitive error. Wanted to make sure traffic was allowed to pass, such as a ping. -
Optionssatishtech
Member Posts: 243
pool --- POOL
ok ok , thank you for such questions
kindly keep posting
---much to learn you still have , young apprentice... -
Optionsjames43026
Member Posts: 303 ■■□□□□□□□□
On a side note, you can actually condense your IP NAT Inside statements and your ACL's into one IP NAT statement and one ACL, less processing required on the CPU. And makes the sh run output a little cleaner. This mainly applies to later on down the line when you have a lot more configs on the router.
