Cisco NAT with a strange config.
agustinchernitsky
Member Posts: 299
in Off-Topic
Hi everyone,
So, my customer has this configuration in his cisco 828:
ATM0: private IP connected to the WAN (yes, private IP)
E0: public IP
I need to setup a VPN connection to another Cisco, and the ISP suggested using Loopback 0 for that. So, my idea is as following:
1.- put all public IPs in L0
2.- Put private 192.168.1.1 on E0
3.- enable NAT for E0
4.- Once everything works, configure ezvpn client on the router.
problem: can't get passed step 3.
I issued these commands:
result: private IPs can't browse the internet... if I run a sh ip nat translation I get nothing.
The funny thing is that "somewhere in time" it worked... but then it stopped.
Logging: I get packets from the private net with destination to the same public IP configured on L0. I mean: if someone pings 66.10.xx.xxx in the router the log shows: 201.229.xxx.xxx.
Tell me what I am missing here... I don't like the idea of using L0 as an outside nat interface... maybe is that.
Saludos amigos!
So, my customer has this configuration in his cisco 828:
ATM0: private IP connected to the WAN (yes, private IP)
E0: public IP
I need to setup a VPN connection to another Cisco, and the ISP suggested using Loopback 0 for that. So, my idea is as following:
1.- put all public IPs in L0
2.- Put private 192.168.1.1 on E0
3.- enable NAT for E0
4.- Once everything works, configure ezvpn client on the router.
problem: can't get passed step 3.
I issued these commands:
#ip nat pool nldo 201.229.xxx.xxx 201.229.xxx.xxx netmask 255.255.255.248 # ip nat inside source list 1 pool nldo overload in E0 # ip nat inside in L0 # ip nat outside then # access-list 1 permit 192.168.1.0 0.0.0.255
result: private IPs can't browse the internet... if I run a sh ip nat translation I get nothing.
The funny thing is that "somewhere in time" it worked... but then it stopped.
Logging: I get packets from the private net with destination to the same public IP configured on L0. I mean: if someone pings 66.10.xx.xxx in the router the log shows: 201.229.xxx.xxx.
Tell me what I am missing here... I don't like the idea of using L0 as an outside nat interface... maybe is that.
Saludos amigos!