NAT problem

tube · September 2007

Hi,

I am very new to networking. I am trying to learn a bit about NAT but having a problem and really need your helps after hours can't figure it out.

Suppose I have a single public IP address 200.1.1.6/30. And I go and configure a NAT router R1.

---[ R1 Router Configuration ]

interface FastEthernet0/0
ip address 172.16.32.1 255.255.240.0
ip nat inside

interface Serial0/0
ip address 200.1.1.6 255.255.255.252
ip nat outside

ip nat pool mypool 200.1.1.6 200.1.1.6 netmask 255.255.255.252
ip nat inside source list 1 pool mypool overload

access-list 1 permit any

ip route 0.0.0.0 0.0.0.0 Serial0/0

---[ ISP Router Configuration ]

interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0

interface Serial0/0
ip address 200.1.1.5 255.255.255.252
clock rate 56000

ip route 200.1.1.4 255.255.255.252 Serial0/0

A PC from LAN 172.16.32.0 can PING 192.168.1.2 web server (on ISP side) successfully, but cannot access the web site.

The tracert command shows this output:

PC>tracert 192.168.1.2

Tracing route to 192.168.1.2 over a maximum of 30 hops:

1 78 ms 68 ms 65 ms 172.16.32.1
2 * * * Request timed out.
3 222 ms 250 ms 175 ms 192.168.1.2

Trace complete.

Did I miss something? Please help!

Netstudent · September 2007

ip route 200.1.1.4 255.255.255.252 Serial0/0 needs to be ip route 172.16.32.0 255.255.240.0 Serial0/0.
Still doesn't explain how you can ping the web server though. what is the output of show ip nat translations on R1?

tube · September 2007

Hi Netstudent, thanks for your reply.

On LAN 172.16.32.0, I configure a PC with this IP address 172.16.32.2 and then from this PC I try to ping a web server 192.168.1.2

PC>ping 192.168.1.2

Pinging 192.168.1.2 with 32 bytes of data:

Reply from 192.168.1.2: bytes=32 time=214ms TTL=126
Reply from 192.168.1.2: bytes=32 time=236ms TTL=126
Reply from 192.168.1.2: bytes=32 time=200ms TTL=126
Reply from 192.168.1.2: bytes=32 time=181ms TTL=126

Ping statistics for 192.168.1.2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 181ms, Maximum = 236ms, Average = 207ms

--- NAT output on R1 router

R1#show ip nat trans

Pro Inside global Inside local Outside local Outside global
icmp 200.1.1.6:66 172.16.32.2:66 192.168.1.2:66 192.168.1.2:66
icmp 200.1.1.6:67 172.16.32.2:67 192.168.1.2:67 192.168.1.2:67
icmp 200.1.1.6:68 172.16.32.2:68 192.168.1.2:68 192.168.1.2:68
icmp 200.1.1.6:69 172.16.32.2:69 192.168.1.2:69 192.168.1.2:69

Netstudent · September 2007

if this is a real network and you can ping the webserver, then you should be able to access it via http as well. If you have an access-list blocking http on port 80, thats is a different story.

tube · September 2007

I am using Cisco PacketTracer 4.1 (latest version), and also NetSimK. I have problem with both of these simulators.

networker050184 · September 2007

Sims have too many bugs. They are good for intial configuration and such, but trying to implement networks such as you are tend to have unrealistic outcomes some of the time. My advice would be get your hands on some real gear.

tube · September 2007

Hi, thank you for your great advice. I am going to buy some used Cisco routers and Catalyst to setup a home lab. Just can't wait to use the real one

Thank you and wish you have a great weekend!

NAT problem

Comments