NAT question

I am trying to make my NAT work on my Corp router in GNS3; however, it is not working. I could not ping any address in my real(home) network nor the internet. Even the IP add of my PC's NIC, the ping fails.
I also have tried to disable Norton's firewall, but no avail.
Here is my nat config:
interface fastethernet 0/0
ip nat outside
exit
interface fastethernet 0/1
ip nat inside
exit
access-list 1 permit 10.1.0.0 0.0.15.255 log
ip nat pool NAT 192.168.1.2 192.168.1.2 netmask 255.255.255.0
ip nat inside source list 1 pool NAT overload
ip route 0.0.0.0 0.0.0.0 fastethernet 0/0

The cloud with the name Internet is my PC's NIC that is connected to the FIOS router.
My PC NIC ip add is 192.168.1.6

The only IP that I can ping is the 10.1.10.1 R3's fa0/1 which is connected to SDM.

Thanks

EDIT:
Never mind I fixed already fix it.

topology.JPG

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

thehourman

Ok. So I manage to ping any addresses now from Corp router and from the ServerA(It's another router in GNS3). However, when I moved to R1 and tried to ping the internet it failed. So I configure PAT on R1 but it is still failing.

How am I going to make R1 to connect to the internet? or Do I need another cloud(loopback) for R1?

Jollycork

thehourman wrote: »

Ok. So I manage to ping any addresses now from Corp router and from the ServerA(It's another router in GNS3). However, when I moved to R1 and tried to ping the internet it failed. So I configure PAT on R1 but it is still failing.

How am I going to make R1 to connect to the internet? or Do I need another cloud(loopback) for R1?

Does your NAT still look like this?
access-list 1 permit 10.1.0.0 0.0.15.255 log
ip nat pool NAT 192.168.1.2 192.168.1.2 netmask 255.255.255.0
ip nat inside source list 1 pool NAT overload
ip route 0.0.0.0 0.0.0.0 fastethernet 0/0

this is what mine looks like on the stub router [3640] [stub to the Internet]

ip nat pool NATPOOL 192.168.16.112 192.168.16.117 netmask 255.255.255.0
ip nat inside source list 1 pool NATPOOL
!
access-list 1 permit 192.168.16.0 0.0.0.255

where I'm using 6 host addresses [the pool] in the subnet 192.168.16.0 as natted addresses
for hosts on the subnet 192.168.2.X

where:
ip http server
ip http secure-server
ip route 0.0.0.0 0.0.0.0 192.168.16.72 [next hop router]
ip route 192.168.2.0 255.255.255.0 Ethernet0/1 [inside interface]

nterface Ethernet0/0
ip address 192.168.16.111 255.255.255.0
ip nat outside
ip virtual-reassembly
full-duplex
!
interface Serial0/0
ip address 172.16.20.3 255.255.0.0
encapsulation frame-relay
no dce-terminal-timing-enable
frame-relay interface-dlci 321
frame-relay lmi-type cisco
!
interface Ethernet0/1
ip address 192.168.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly
full-duplex

which of course gets natted again [I know not a good idea] to the public address

so my 6 hosts on 192.168.2.X get to the internet by using one of the pool of NAT addresses in the 192.168.16.X NAT pool

[waiting for the boos]

thehourman

I changed it into:
access-list 1 permit 10.1.0.0 0.0.255.255
ip nat pool NAT 192.168.137.1 192.168.137.1 netmask 255.255.255.0
ip nat inside source list 1 pool NAT overload
ip route 0.0.0.0 0.0.0.0 192.168.137.1

My R1 is connected to the Corp router with serial cables. I can ping all the addresses that I have in my topology; but I can't ping the 192.168.137.1 which is the MS loopback address I setup. I can ping the 192.168.137.2 which is Corp's fa0/0.

Do I have to create another cloud for R1?
What I am trying to do is make the Corp router to provide internet to all routers that I have in my topology.

Jollycork

thehourman wrote: »

I changed it into:
access-list 1 permit 10.1.0.0 0.0.255.255
ip nat pool NAT 192.168.137.1 192.168.137.1 netmask 255.255.255.0
ip nat inside source list 1 pool NAT overload
ip route 0.0.0.0 0.0.0.0 192.168.137.1

My R1 is connected to the Corp router with serial cables. I can ping all the addresses that I have in my topology; but I can't ping the 192.168.137.1 which is the MS loopback address I setup. I can ping the 192.168.137.2 which is Corp's fa0/0.

Do I have to create another cloud for R1?
What I am trying to do is make the Corp router to provide internet to all routers that I have in my topology.

On the Corp router, the Fa 0/0 [192.168.1.2] connects to what on the other end [Fa 0/1 [192.168.1.1] that gets you to the internet? The Fa 0/1 should be the next hop router [lan interface] address.... and that is your way out for any Pods [when in doubt send to gateway of last resort and let that router figure it out]

to get there, hosts have to get a local address on the Fa 0/0 subnet. That's where the inside NAT come in so that any packets from any other subnet get NAT addresses [192.168.1.X] to get out to the next hop router [the Fa 0/1 192.168.1.1]

Think I said that right...

added: your IP routing protocol RIP/EIGRP/OSPF have to let other routers know what the gateway of last resort is.

copy or RIP on my network.
Gateway of last resort is 192.168.16.72 to network 0.0.0.0
96.0.0.0/24 is subnetted, 1 subnets
R 96.229.105.0 [120/1] via 192.168.16.72, 00:00:07, Ethernet0/0
R 172.16.0.0/24 is subnetted, 3 subnets
R 172.16.40.0 [120/1] via 172.16.20.2, 00:00:15, Serial0/0
R 172.16.30.0 [120/1] via 172.16.20.1, 00:00:10, Serial0/0
C 172.16.20.0 is directly connected, Serial0/0
C 192.168.16.0/24 is directly connected, Ethernet0/0
C 192.168.2.0/24 is directly connected, Ethernet0/1
S* 0.0.0.0/0 [1/0] via 192.168.16.72

the 172.16.X.X is Frame Relay cloud routers [and host subnet connecting to them] all of which gets a NAT address from the 3640 when traffic reaches it.

Added: in my route table the 192.168.16.72 is the next hop router [route to the internet] where the 3640 acting as a NAT router (I call it stub router)] sends all other routers traffic [my frame relay routers] which are not destined for each of the frame relay router's local network.

think I said that right....

added: the route table shown is the route table on the 3640 which the serial interface is part of the frame-relay cloud. The 3640 uses one of it's ethernet interfaces which is directly connected to the gateway of last resort, the 192.168.16.72 router which is directly connected to the internet.

thehourman

I changed the ip address from 192.168.1.1/24 into 192.168.137.1/24, which is the loopback interface. And the Corp's fa0/0 from 192.168.1.2/24 into 192.168.137.2/24.
I can ping from Corp to any address on the internet because I have the loopback adapter shared to my wireless adapter.
I have OSPF running that is why from R1 I can ping the rest of the network, but not the internet. I can ping the Corp's fa0/0, though.

The Corp's fa0/1 is connected to another router(ServerA), which is can ping any addresses on the internet. However, all the routers, R1, R2, R3, R4, can't ping 4.2.2.2 (public DNS).
On the Corp router, I have the fa0/0 as outside, and the rest are inside interfaces.
Here is a weird thing, when I ping the 4.2.2.2 from Corp, and used the show ip nat translation, I got no result/output.
The debug ip nat shows nothing as well, on Corp router.

Am I missing something?

thehourman

Now, it seems like I fixed the problem. I can now ping with domain name instead of using ip add.
I went to OSPF configuration and used the default-information originate on Corp router. I had that command before, but at that time it did not work.