NAt Failed: but why? - I found the issue but might be helpful for someone...

DeathmageDeathmage Banned Posts: 2,496
Ok,

So I ran into a problem today with my NAT lab I made at lunch and I configured it in like 20 minutes and then it didn't work and I was like WTF!!! ...I had it all planned in my head and then I got it all done and I was like why is it not working....

can anyone see what I did wrong?

took me forever to look at the config until I found it.... I was like ooo you dumb moron!








NAT-CORE# NAT-CORE#show ru
NAT-CORE#show running-config
Building configuration...


Current configuration : 1895 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname NAT-CORE
!
!
!
enable secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0
!
!
!
!
!
!
no ip cef
no ipv6 cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
no ip address
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
shutdown
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Serial0/0
ip address 192.168.150.1 255.255.255.252
ip access-group Allow-IP-Access out
ip nat outside
clock rate 64000
!
interface Serial0/1
ip address 172.16.30.2 255.255.255.252
ip nat inside
!
interface Ethernet1/0
no ip address
duplex auto
speed auto
shutdown
!
interface Ethernet1/1
no ip address
duplex auto
speed auto
shutdown
!
interface Serial1/0
ip address 172.16.20.2 255.255.255.252
ip nat inside
clock rate 64000
!
router eigrp 300
network 192.168.150.0
network 192.168.102.0
network 192.168.104.0
network 172.16.0.0
auto-summary
!
ip nat pool NAT-TEST-Pool 192.168.150.1 192.168.150.1 netmask 255.255.255.252
ip nat inside source list 2 pool NAT-TEST-POOL overload
ip nat inside source list 4 pool NAT-TEST-POOL overload
ip classless
ip route 192.168.102.0 255.255.255.0 172.16.30.1 150
ip route 192.168.104.0 255.255.255.0 172.16.20.1 150
ip route 192.168.120.0 255.255.255.0 192.168.150.2 150
ip route 0.0.0.0 0.0.0.0 192.168.150.2
!
ip flow-export version 9
!
!
access-list 2 permit 192.168.102.0 0.0.0.255
access-list 4 permit 192.168.104.0 0.0.0.255
ip access-list extended Allow-IP-Access
permit ip any any
!
!
!
!
!
line con 0
history size 50
exec-timeout 0 0
password cisco
logging synchronous
!
line aux 0
!
line vty 0 4
exec-timeout 0 0
password cisco
logging synchronous
login
line vty 5 15
exec-timeout 0 0
password cisco
logging synchronous
login
!
!
!
end




NAT-CORE#
NAT-CORE#

Comments

  • d4nz1gd4nz1g Member Posts: 464
    Hahahaha I got it. Took me a while too.
  • HondabuffHondabuff Member Posts: 667 ■■■□□□□□□□
    I would leave "Attention to details" off of the resume for now. :D
    “The problem with quotes on the Internet is that you can’t always be sure of their authenticity.” ~Abraham Lincoln
  • DeathmageDeathmage Banned Posts: 2,496
    Ya I wrote it quickly for all of lab, took me 20 minutes to do them all and then I went to compile and I was like well **** it can ping to the center router and the center router can ping all of the routers connected to it so why can't the exterior switches ping the WAN network..... I was like wtf it has to be the core and then I was looking at it closely and I was like, omg you moron, case-sensitive!!!!!

    a few 'no' in front of those commands and re-doing them and it worked great. I was really testing my troubleshooting skills out.

    ...be my luck it will be a exam question. icon_wink.gif
  • AlceoAlceo Member Posts: 80 ■■□□□□□□□□
    Why did you put this?

    ip access-list extended Allow-IP-Access
    permit ip any any

    Just to try the commands or there is a reason?
  • satishtechsatishtech Member Posts: 243
    looks complicated ...
    what is wrong , the ACL ?
  • mikeybinecmikeybinec Member Posts: 484 ■■■□□□□□□□
    pool--POOL??
    Cisco NetAcad Cuyamaca College
    A.S. LAN Management 2010 Grossmont College
    B.S. I.T. Management 2013 National University
  • DeathmageDeathmage Banned Posts: 2,496
    mikeybinec wrote: »
    pool--POOL??


    Indeed, it's case-sensitive, but with packet tracer I didn't see it at 1st.
  • DeathmageDeathmage Banned Posts: 2,496
    Alceo wrote: »
    Why did you put this?

    ip access-list extended Allow-IP-Access
    permit ip any any

    Just to try the commands or there is a reason?

    it was more for troubleshooting, it helped me find the syntax with the case-sensitive error. Wanted to make sure traffic was allowed to pass, such as a ping.
  • satishtechsatishtech Member Posts: 243
    pool --- POOL
    ok ok , thank you for such questions
    kindly keep posting

    ---much to learn you still have , young apprentice...
  • james43026james43026 Member Posts: 303 ■■□□□□□□□□
    On a side note, you can actually condense your IP NAT Inside statements and your ACL's into one IP NAT statement and one ACL, less processing required on the CPU. And makes the sh run output a little cleaner. This mainly applies to later on down the line when you have a lot more configs on the router.
  • DeathmageDeathmage Banned Posts: 2,496
    True, I did it just this way for aesthetics.
Sign In or Register to comment.