Options
NAT question
thehourman
Member Posts: 723
in CCNA & CCENT
I am trying to make my NAT work on my Corp router in GNS3; however, it is not working. I could not ping any address in my real(home) network nor the internet. Even the IP add of my PC's NIC, the ping fails.
I also have tried to disable Norton's firewall, but no avail.
Here is my nat config:
interface fastethernet 0/0
ip nat outside
exit
interface fastethernet 0/1
ip nat inside
exit
access-list 1 permit 10.1.0.0 0.0.15.255 log
ip nat pool NAT 192.168.1.2 192.168.1.2 netmask 255.255.255.0
ip nat inside source list 1 pool NAT overload
ip route 0.0.0.0 0.0.0.0 fastethernet 0/0
The cloud with the name Internet is my PC's NIC that is connected to the FIOS router.
My PC NIC ip add is 192.168.1.6
The only IP that I can ping is the 10.1.10.1 R3's fa0/1 which is connected to SDM.
Thanks
EDIT:
Never mind I fixed already fix it.
I also have tried to disable Norton's firewall, but no avail.
Here is my nat config:
interface fastethernet 0/0
ip nat outside
exit
interface fastethernet 0/1
ip nat inside
exit
access-list 1 permit 10.1.0.0 0.0.15.255 log
ip nat pool NAT 192.168.1.2 192.168.1.2 netmask 255.255.255.0
ip nat inside source list 1 pool NAT overload
ip route 0.0.0.0 0.0.0.0 fastethernet 0/0
The cloud with the name Internet is my PC's NIC that is connected to the FIOS router.
My PC NIC ip add is 192.168.1.6
The only IP that I can ping is the 10.1.10.1 R3's fa0/1 which is connected to SDM.
Thanks
EDIT:
Never mind I fixed already fix it.
Studying:
Working on CCNA: Security. Start date: 12.28.10
Microsoft 70-640 - on hold (This is not taking me anywhere. I started this in October, and it is December now, I am still on page 221. WTH!)
Reading:
Network Warrior - Currently at Part II
Reading IPv6 Essentials 2nd Edition - on hold
Working on CCNA: Security. Start date: 12.28.10
Microsoft 70-640 - on hold (This is not taking me anywhere. I started this in October, and it is December now, I am still on page 221. WTH!)
Reading:
Network Warrior - Currently at Part II
Reading IPv6 Essentials 2nd Edition - on hold
Comments
-
Optionsthehourman Member Posts: 723Ok. So I manage to ping any addresses now from Corp router and from the ServerA(It's another router in GNS3). However, when I moved to R1 and tried to ping the internet it failed. So I configure PAT on R1 but it is still failing.
How am I going to make R1 to connect to the internet? or Do I need another cloud(loopback) for R1?Studying:
Working on CCNA: Security. Start date: 12.28.10
Microsoft 70-640 - on hold (This is not taking me anywhere. I started this in October, and it is December now, I am still on page 221. WTH!)
Reading:
Network Warrior - Currently at Part II
Reading IPv6 Essentials 2nd Edition - on hold -
OptionsJollycork Member Posts: 149thehourman wrote: »Ok. So I manage to ping any addresses now from Corp router and from the ServerA(It's another router in GNS3). However, when I moved to R1 and tried to ping the internet it failed. So I configure PAT on R1 but it is still failing.
How am I going to make R1 to connect to the internet? or Do I need another cloud(loopback) for R1?
Does your NAT still look like this?
access-list 1 permit 10.1.0.0 0.0.15.255 log
ip nat pool NAT 192.168.1.2 192.168.1.2 netmask 255.255.255.0
ip nat inside source list 1 pool NAT overload
ip route 0.0.0.0 0.0.0.0 fastethernet 0/0
this is what mine looks like on the stub router [3640] [stub to the Internet]
ip nat pool NATPOOL 192.168.16.112 192.168.16.117 netmask 255.255.255.0
ip nat inside source list 1 pool NATPOOL
!
access-list 1 permit 192.168.16.0 0.0.0.255
where I'm using 6 host addresses [the pool] in the subnet 192.168.16.0 as natted addresses
for hosts on the subnet 192.168.2.X
where:
ip http server
ip http secure-server
ip route 0.0.0.0 0.0.0.0 192.168.16.72 [next hop router]
ip route 192.168.2.0 255.255.255.0 Ethernet0/1 [inside interface]
nterface Ethernet0/0
ip address 192.168.16.111 255.255.255.0
ip nat outside
ip virtual-reassembly
full-duplex
!
interface Serial0/0
ip address 172.16.20.3 255.255.0.0
encapsulation frame-relay
no dce-terminal-timing-enable
frame-relay interface-dlci 321
frame-relay lmi-type cisco
!
interface Ethernet0/1
ip address 192.168.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly
full-duplex
which of course gets natted again [I know not a good idea] to the public address
so my 6 hosts on 192.168.2.X get to the internet by using one of the pool of NAT addresses in the 192.168.16.X NAT pool
[waiting for the boos] -
Optionsthehourman Member Posts: 723I changed it into:
access-list 1 permit 10.1.0.0 0.0.255.255
ip nat pool NAT 192.168.137.1 192.168.137.1 netmask 255.255.255.0
ip nat inside source list 1 pool NAT overload
ip route 0.0.0.0 0.0.0.0 192.168.137.1
My R1 is connected to the Corp router with serial cables. I can ping all the addresses that I have in my topology; but I can't ping the 192.168.137.1 which is the MS loopback address I setup. I can ping the 192.168.137.2 which is Corp's fa0/0.
Do I have to create another cloud for R1?
What I am trying to do is make the Corp router to provide internet to all routers that I have in my topology.Studying:
Working on CCNA: Security. Start date: 12.28.10
Microsoft 70-640 - on hold (This is not taking me anywhere. I started this in October, and it is December now, I am still on page 221. WTH!)
Reading:
Network Warrior - Currently at Part II
Reading IPv6 Essentials 2nd Edition - on hold -
OptionsJollycork Member Posts: 149thehourman wrote: »I changed it into:
access-list 1 permit 10.1.0.0 0.0.255.255
ip nat pool NAT 192.168.137.1 192.168.137.1 netmask 255.255.255.0
ip nat inside source list 1 pool NAT overload
ip route 0.0.0.0 0.0.0.0 192.168.137.1
My R1 is connected to the Corp router with serial cables. I can ping all the addresses that I have in my topology; but I can't ping the 192.168.137.1 which is the MS loopback address I setup. I can ping the 192.168.137.2 which is Corp's fa0/0.
Do I have to create another cloud for R1?
What I am trying to do is make the Corp router to provide internet to all routers that I have in my topology.
On the Corp router, the Fa 0/0 [192.168.1.2] connects to what on the other end [Fa 0/1 [192.168.1.1] that gets you to the internet? The Fa 0/1 should be the next hop router [lan interface] address.... and that is your way out for any Pods [when in doubt send to gateway of last resort and let that router figure it out]
to get there, hosts have to get a local address on the Fa 0/0 subnet. That's where the inside NAT come in so that any packets from any other subnet get NAT addresses [192.168.1.X] to get out to the next hop router [the Fa 0/1 192.168.1.1]
Think I said that right...
added: your IP routing protocol RIP/EIGRP/OSPF have to let other routers know what the gateway of last resort is.
copy or RIP on my network.
Gateway of last resort is 192.168.16.72 to network 0.0.0.0
96.0.0.0/24 is subnetted, 1 subnets
R 96.229.105.0 [120/1] via 192.168.16.72, 00:00:07, Ethernet0/0
R 172.16.0.0/24 is subnetted, 3 subnets
R 172.16.40.0 [120/1] via 172.16.20.2, 00:00:15, Serial0/0
R 172.16.30.0 [120/1] via 172.16.20.1, 00:00:10, Serial0/0
C 172.16.20.0 is directly connected, Serial0/0
C 192.168.16.0/24 is directly connected, Ethernet0/0
C 192.168.2.0/24 is directly connected, Ethernet0/1
S* 0.0.0.0/0 [1/0] via 192.168.16.72
the 172.16.X.X is Frame Relay cloud routers [and host subnet connecting to them] all of which gets a NAT address from the 3640 when traffic reaches it.
Added: in my route table the 192.168.16.72 is the next hop router [route to the internet] where the 3640 acting as a NAT router (I call it stub router)] sends all other routers traffic [my frame relay routers] which are not destined for each of the frame relay router's local network.
think I said that right....
added: the route table shown is the route table on the 3640 which the serial interface is part of the frame-relay cloud. The 3640 uses one of it's ethernet interfaces which is directly connected to the gateway of last resort, the 192.168.16.72 router which is directly connected to the internet.
: -
Optionsthehourman Member Posts: 723I changed the ip address from 192.168.1.1/24 into 192.168.137.1/24, which is the loopback interface. And the Corp's fa0/0 from 192.168.1.2/24 into 192.168.137.2/24.
I can ping from Corp to any address on the internet because I have the loopback adapter shared to my wireless adapter.
I have OSPF running that is why from R1 I can ping the rest of the network, but not the internet. I can ping the Corp's fa0/0, though.
The Corp's fa0/1 is connected to another router(ServerA), which is can ping any addresses on the internet. However, all the routers, R1, R2, R3, R4, can't ping 4.2.2.2 (public DNS).
On the Corp router, I have the fa0/0 as outside, and the rest are inside interfaces.
Here is a weird thing, when I ping the 4.2.2.2 from Corp, and used the show ip nat translation, I got no result/output.
The debug ip nat shows nothing as well, on Corp router.
Am I missing something?Studying:
Working on CCNA: Security. Start date: 12.28.10
Microsoft 70-640 - on hold (This is not taking me anywhere. I started this in October, and it is December now, I am still on page 221. WTH!)
Reading:
Network Warrior - Currently at Part II
Reading IPv6 Essentials 2nd Edition - on hold -
Optionsthehourman Member Posts: 723Now, it seems like I fixed the problem. I can now ping with domain name instead of using ip add.
I went to OSPF configuration and used the default-information originate on Corp router. I had that command before, but at that time it did not work.Studying:
Working on CCNA: Security. Start date: 12.28.10
Microsoft 70-640 - on hold (This is not taking me anywhere. I started this in October, and it is December now, I am still on page 221. WTH!)
Reading:
Network Warrior - Currently at Part II
Reading IPv6 Essentials 2nd Edition - on hold