NAT Problem!

I have a 2600 router. The topology is like:

Pc===========Router2600=========Dlink Switch=========router2=====Internet

Pc IP: 192.168.100.2/24
Router Inside: 192.168.100.1/24
Router outside:192.168.44.64/24

Router(2) inside: 192.168.44.1/24
DNS: 202.125.148.204

Now, I am trying to implement NAT on the 2600 router. The configuration is as following:

Current configuration : 989 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname test
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$IBy2$G5/IpqWTsKf3Zy.Ygq5/g/
enable password 123456
!
no network-clock-participate slot 1
no network-clock-participate wic 0
no aaa new-model
ip subnet-zero
no ip routing
no ip cef
!
interface FastEthernet0/0
ip address 192.168.44.64 255.255.255.0
ip nat outside
no ip route-cache
speed auto
full-duplex!
interface FastEthernet0/1
ip address 192.168.100.1 255.255.255.0
ip nat inside
no ip route-cache
speed auto
full-duplex
!
ip nat inside source list 1 interface FastEthernet0/1 overload
ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.44.1
!
!
access-list 1 permit 192.168.100.0 0.0.0.255
!
snmp-server community test RO
snmp-server enable traps tty
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
password 123456
login
!
!
!
end

test#

Now, after this configuration, from the pc i can ping the router's outside interface(192.168.44.64). But, i cant not reach to the second router's inside interface (192.168.44.1) and so the DNS (internet). From the router's console, i can reach to the DNS.

Now, what else should I do to get the nat running.

Thank you.

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

dtlokee

Looks liek your nat rule is translating the addresses to the inside interface and that isn't going to work, change your rule to use the fastethernet0/0 instead of fa0/1

dipok

thanks.

I am gonna try this tomorrow. Well, do you think that my rest of the configuration are ok and complete? Or I have to add something to get it going?

dipok

I changed it according to this. However, result is the same. Still I cant ping my router2 inside interface which is my current gateway for my network.

ip nat inside source list 1 interface FastEthernet0/0 overload

dtlokee

Did you remove the old one?

APA

Dude....

You have not enabled ip routing!!!!

Have a look at your config... 'no ip routing' this command will prevent the router from doing any sort of routing......

dipok wrote:

enable secret 5 $1$IBy2$G5/IpqWTsKf3Zy.Ygq5/g/
enable password 123456
!
no network-clock-participate slot 1
no network-clock-participate wic 0
no aaa new-model
ip subnet-zero
no ip routing
no ip cef

In global config mode please type 'ip routing' then try ping the gateway from the PC

Remember to save the config once you have successfully entered the command....

Odd to see the no ip routing command on a 2600 series router... I don't believe I have seen that before normally only on Multi-Layer switches...

Let me know how you go

BTW... Ensure you fix up your NAT statement as well and as dtlokee said ensure you removed the old NAT statement that was incorrect

hectorjhrdz

nice observation

I just did look at the nat config but the other lines.

cheers

dipok

Thanks everyone, my nat is working now. The mistake i did was i did not enable IP Routing. After enable, its working just fine.

By the way, when I faced problem then I went trough a lot of Tutorials including the cisco one on the net. I found one thing strange, that is this important command is missing everywhere. For someone new like me its not good.

Anyway, thanks for all your comments which guided me a lot.

joshgibson82

Can I just ask why you would want to NAT on Router 1 and not on Router 2? Router 2 has your public facing IP address correct? Why not just route between R1 and R2 instead of doing the NAT? Is this just a "see if i can do it" type thing?

Thanks!

dipok

joshgibson82 wrote:

Is this just a "see if i can do it" type thing?

Thanks!

not only for that. This is a more private (!) issue. Infact, i need one more network inside, where the already nated ip need further nating. Yes, indeed i need it.

I just have one ip, but i need several devices to play within a network owned by me.

However, thanks everyone.