Configuration Assistance Needed

peanutnoggin

Hi TE Forums,

I unfortunately do not have my config to post at this time, but any assistance or guidance is greatly appreciated.

I'm currently practicing for my CCNA with a lab at my job. I have 4 routers connected via PVC to a central Frame Relay Switch. Each router serves as their own network.

On one network I have a router with a FastEthernet 0/0 port with 5 subinterfaces. Each subif is properly encapsulated with dot1q and they correspond to the vlans on a connected switch. I can currently hit all networks that are being advertised from the other routers via OSPF with any client in any VLAN. I setup NAT and then my problems begin.

From the Router's FE interface, I created an additional subif with an ip of 192.168.100.1 to act as my inside nat interface using: ip nat inside. I then setup a standard access list:
access-list 1 permit 192.168.100.0
access-list 1 permit any

I first setup my: ip nat pool PUBLIC_IP 123.123.123.5 123.123.123.5 netmask 255.255.255.0

I next setup my: ip nat inside source list 1 pool PUBLIC_IP overload

On my serial interface connecting to the Frame Relay Cloud, my ip is: 123.123.123.5. I set that interface as my outside using: ip nat outside

If I perform an extended ping and change my source address to the router's subif (192.168.100.1) I can ping any network that is seen in OSPF. I can also perform a:
sh ip nat translation and see the translation take place. I also have debug ip nat running to see the translations as they take place.

If I plug a client into the vlan that is being routed by subif with 192.168.100.1 address, I can only ping local networks to the router but not outside of the router. It also will not even attempt to translate the ip address into a public one.

I tried adding in a default route on the router sending all traffic that was unknown to the Serial interface connecting to the Frame Relay Cloud. Any assistance would be greatly appreciated. When I get a chance, I will post the configs & routing table.

Thanks.

Peanut Head

jmc012

peanutnoggin wrote: »

Hi TE Forums,

I unfortunately do not have my config to post at this time, but any assistance or guidance is greatly appreciated.

I'm currently practicing for my CCNA with a lab at my job. I have 4 routers connected via PVC to a central Frame Relay Switch. Each router serves as their own network.

On one network I have a router with a FastEthernet 0/0 port with 5 subinterfaces. Each subif is properly encapsulated with dot1q and they correspond to the vlans on a connected switch. I can currently hit all networks that are being advertised from the other routers via OSPF with any client in any VLAN. I setup NAT and then my problems begin.

From the Router's FE interface, I created an additional subif with an ip of 192.168.100.1 to act as my inside nat interface using: ip nat inside. I then setup a standard access list:
access-list 1 permit 192.168.100.0
access-list 1 permit any

I first setup my: ip nat pool PUBLIC_IP 123.123.123.5 123.123.123.5 netmask 255.255.255.0

I next setup my: ip nat inside source list 1 pool PUBLIC_IP overload

On my serial interface connecting to the Frame Relay Cloud, my ip is: 123.123.123.5. I set that interface as my outside using: ip nat outside

If I perform an extended ping and change my source address to the router's subif (192.168.100.1) I can ping any network that is seen in OSPF. I can also perform a:
sh ip nat translation and see the translation take place. I also have debug ip nat running to see the translations as they take place.

If I plug a client into the vlan that is being routed by subif with 192.168.100.1 address, I can only ping local networks to the router but not outside of the router. It also will not even attempt to translate the ip address into a public one.

I tried adding in a default route on the router sending all traffic that was unknown to the Serial interface connecting to the Frame Relay Cloud. Any assistance would be greatly appreciated. When I get a chance, I will post the configs & routing table.

Thanks.

Peanut Head

A couple things that come to mind, why would you set up a pool when you are using the ip address of the serial interface? I would do something more like this
ip nat inside source list 1 interface serial0/1 overload, also your access list is permitting everything, I wouldn't use the "permit any" statement.
I'm just learning also so I'm no expert.