NATing issues

I am having some problems with recent configs that were posted here. I had tried doing it a different way before but that didnt work either. Basically I do not believe that NAT is translating the addresses.

I am unable to ping 24.141.***.1 when I am doing an extended ping with a source address of 10.0.0.1 ...Here are the configs, I am going to *** some of it.

INETROUTER#sh run
Building configuration...

Current configuration : 1596 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname INETROUTER
!
enable secret *******************
!
ip subnet-zero
ip name-server 24.226.10.***
ip name-server 24.226.1.***
!
!
!
!
interface FastEthernet0
 ip address dhcp
 ip nat outside
 speed auto
 no cdp enable
!
interface Serial0
 ip address 10.0.0.1 255.255.255.0
 ip nat inside
 clockrate 8000000
 no cdp enable
!
router eigrp 1
 network 10.0.0.0 0.0.0.255
 no auto-summary
 no eigrp log-neighbor-changes
!
ip nat inside source list 1 interface Serial0 overload
ip classless
no ip http server
access-list 1 permit 10.0.0.0 0.0.0.255
access-list 1 permit 10.0.1.0 0.0.0.255
!
!


INETROUTER#

Here is my extended ping and nat statistics:

INETROUTER#show ip nat statistics
Total active translations: 0 (0 static, 0 dynamic; 0 extended)
Outside interfaces:
  FastEthernet0
Inside interfaces:
  Serial0
Hits: 0  Misses: 200
Expired translations: 200
Dynamic mappings:
-- Inside Source
access-list 1 interface Serial0 refcount 0
INETROUTER#show ip nat tr
INETROUTER#show ip nat translations

INETROUTER#ping
Protocol [ip]:
Target IP address: 24.141.224.1
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 10.0.0.1
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 24.141.***.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
INETROUTER#

Now If I ping using the F0 (DHCP) interface it works fine. But when I try to ping using any local interface it does not.

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

mikej412

Do you really want to overload on your inside interface? The serial is your inside, and the ethernet is your outside, right?

Don't you want all your inside addresses to be translated to the IP of your outside interface (which you get by DHCP from a cable/dsl modem?)... which is why you have the interface option?

Do you need anymore hints? Or are you smacking your forehead already?

twiggy87

I dont think this is really relevant but if you want router output with passwords already ***'d out then just type

show tech-support

Humper

mikej412 wrote:

Do you really want to overload on your inside interface? The serial is your inside, and the ethernet is your outside, right?

Don't you want all your inside addresses to be translated to the IP of your outside interface (which you get by DHCP from a cable/dsl modem?)... which is why you have the interface option?

Do you need anymore hints? Or are you smacking your forehead already?

I believe I do not need anymore hints

feel free to bring out the paint stick and slap me silly. It is clear I should read more on NATing before my Exam this monday

Thank you mike, everything is working beautifully now

gabrielbtoledo

Also, is that clock rate right?
And another good command to troubleshoot NAT is: show ip nat translations

Good luck with your exam and post any more doubts.

mikej412

ModemHumper wrote:

feel free to bring out the paint stick and slap me silly.

Actually -- a lot of times it is the serial interface that is overloaded.... I just remembered your lab setup -- otherwise someone else may have told you your inside/outside interfaces were backwards.

DSL and Cable are being used more by businesses -- so ethernet/ethernet is showing up a lot more for NAT..... but your config still "feels backwards."

And I think I saw your dot 32 post -- and retraction 3 minutes later -- about 2 minutes after the 2nd post...... That 3 minutes would have been slow for the exam.... but I figured since you caught that and had to take time to post, you could work on your speed this week.... so I let that one slide.

You seem to be doing good...... so I'll save giving you a hard time for if you don't pass the exam