NATing issues

HumperHumper Member Posts: 647
in CCNA & CCENT
I am having some problems with recent configs that were posted here. I had tried doing it a different way before but that didnt work either. Basically I do not believe that NAT is translating the addresses.

I am unable to ping 24.141.***.1 when I am doing an extended ping with a source address of 10.0.0.1 ...Here are the configs, I am going to *** some of it.
INETROUTER#sh run
Building configuration...

Current configuration : 1596 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname INETROUTER
!
enable secret *******************
!
ip subnet-zero
ip name-server 24.226.10.***
ip name-server 24.226.1.***
!
!
!
!
interface FastEthernet0
 ip address dhcp
 ip nat outside
 speed auto
 no cdp enable
!
interface Serial0
 ip address 10.0.0.1 255.255.255.0
 ip nat inside
 clockrate 8000000
 no cdp enable
!
router eigrp 1
 network 10.0.0.0 0.0.0.255
 no auto-summary
 no eigrp log-neighbor-changes
!
ip nat inside source list 1 interface Serial0 overload
ip classless
no ip http server
access-list 1 permit 10.0.0.0 0.0.0.255
access-list 1 permit 10.0.1.0 0.0.0.255
!
!


INETROUTER#

Here is my extended ping and nat statistics:
INETROUTER#show ip nat statistics
Total active translations: 0 (0 static, 0 dynamic; 0 extended)
Outside interfaces:
  FastEthernet0
Inside interfaces:
  Serial0
Hits: 0  Misses: 200
Expired translations: 200
Dynamic mappings:
-- Inside Source
access-list 1 interface Serial0 refcount 0
INETROUTER#show ip nat tr
INETROUTER#show ip nat translations

INETROUTER#ping
Protocol [ip]:
Target IP address: 24.141.224.1
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 10.0.0.1
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 24.141.***.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
INETROUTER#


Now If I ping using the F0 (DHCP) interface it works fine. But when I try to ping using any local interface it does not.
Now working full time!
· Share on FacebookShare on Twitter

Comments

  • mikej412mikej412 Member Posts: 10,086 ■■■■■■■■■■
    Do you really want to overload on your inside interface? The serial is your inside, and the ethernet is your outside, right?

    Don't you want all your inside addresses to be translated to the IP of your outside interface (which you get by DHCP from a cable/dsl modem?)... which is why you have the interface option?

    Do you need anymore hints? Or are you smacking your forehead already?
    :mike: Cisco Certifications -- Collect the Entire Set!
    · Share on FacebookShare on Twitter
  • twiggy87twiggy87 Inactive Imported Users Posts: 43 ■■□□□□□□□□
    I dont think this is really relevant but if you want router output with passwords already ***'d out then just type

    show tech-support

    icon_smile.gif
    If my answers frighten you then you should cease asking scary questions.
    · Share on FacebookShare on Twitter
  • HumperHumper Member Posts: 647
    mikej412 wrote:
    Do you really want to overload on your inside interface? The serial is your inside, and the ethernet is your outside, right?

    Don't you want all your inside addresses to be translated to the IP of your outside interface (which you get by DHCP from a cable/dsl modem?)... which is why you have the interface option?

    Do you need anymore hints? Or are you smacking your forehead already?

    I believe I do not need anymore hints icon_lol.gif feel free to bring out the paint stick and slap me silly. It is clear I should read more on NATing before my Exam this monday icon_eek.gificon_cool.gif


    Thank you mike, everything is working beautifully now :)
    Now working full time!
    · Share on FacebookShare on Twitter
  • gabrielbtoledogabrielbtoledo Member Posts: 217
    Also, is that clock rate right?
    And another good command to troubleshoot NAT is: show ip nat translations

    Good luck with your exam and post any more doubts.
    A+ Certified - Network+ - MCP (70-290)
    MCSA - CCNA - Security+ (soon)
    · Share on FacebookShare on Twitter
  • mikej412mikej412 Member Posts: 10,086 ■■■■■■■■■■
    ModemHumper wrote:
    feel free to bring out the paint stick and slap me silly.
    Actually -- a lot of times it is the serial interface that is overloaded.... I just remembered your lab setup -- otherwise someone else may have told you your inside/outside interfaces were backwards. icon_lol.gif DSL and Cable are being used more by businesses -- so ethernet/ethernet is showing up a lot more for NAT..... but your config still "feels backwards."

    And I think I saw your dot 32 post -- and retraction 3 minutes later -- about 2 minutes after the 2nd post...... That 3 minutes would have been slow for the exam.... but I figured since you caught that and had to take time to post, you could work on your speed this week.... so I let that one slide. icon_lol.gif

    You seem to be doing good...... so I'll save giving you a hard time for if you don't pass the exam icon_twisted.gif
    :mike: Cisco Certifications -- Collect the Entire Set!
    · Share on FacebookShare on Twitter
Sign In or Register to comment.