[Lab Problem] IP NAT on 3640 routers

Hey gang,

I'm attempting this lab on IP NAT via Cisco Learning. I'm having trouble with something very basic and for some reason, I can't seem to figure it out. Probably something simple, but would appreciate another set of eyes on the issue.

I setup both routers as per the pdf, running-configs (interesting stuff only) below:

Gateway:

version 12.4
no service password-encryption
!
hostname Gateway
!
enable secret 5 $1$547r$Ie6vnl7DwlvdMphtaoB0Y/
enable password cisco
!
interface FastEthernet0/0
 ip address 10.10.10.1 255.255.255.0
 speed 100
 full-duplex
!         
interface Serial0/0
 ip address 200.2.2.18 255.255.255.252
 clock rate 64000
!         
interface TokenRing0/0
 no ip address
 shutdown 
 ring-speed 16
!         
interface Serial0/1
 no ip address
 shutdown 
!         
ip default-gateway 200.2.2.17
!
ip route 0.0.0.0 0.0.0.0 200.2.2.17
!
line con 0
 password cisco
 logging synchronous
 login    
line aux 0
line vty 0 4
 password cisco
 login
!
end

ISP:

version 12.4
no service password-encryption
!
hostname ISP
!
enable secret 5 $1$EsId$25IJ3FekNDR.SdGcQV4/l0
enable password cisco
!
interface Loopback0
 ip address 172.16.1.1 255.255.255.255
!         
interface FastEthernet0/0
 no ip address
 speed 100
 full-duplex
!
interface Serial0/0
 ip address 200.2.2.17 255.255.255.252
!
interface TokenRing0/0
 no ip address
 shutdown
 ring-speed 16
!
interface Serial0/1
 no ip address
 shutdown
!
ip route 199.99.9.32 255.255.255.224 200.2.2.18
!         
line con 0
 password cisco
 logging synchronous
 login
line aux 0
line vty 0 4
 password cisco
 login
!
end

Now I am unable to ping from the 10.10.10.0/24 network to the ISP router or vice versa. I've attempted a few things, but I'm getting annoyed and most likely overlooking something very basic.

Am I dumb?

Find more posts tagged with

Comments

mella060

For NAT, you need to configure NAT statements to NAT or translate your private addresses to the public address. You would also need an access list to map to your NAT statement.

Heres some config that might be useful...

Create an access list for your internal private network...

ip access-list standard NAT_ADDRESSES
permit 10.10.10.0 0.0.0.255

Create a NAT statement to include the access list you created

ip nat inside source list NAT_ADDRESSES interface serial0/0 overload

Set your inside and outside interfaces...

interface FastEthernet0/0
ip nat inside

interface Serial0/0
ip nat outside

SteveThing

I am aware of the NAT commands I need. I was commenting on not being able to ping from the 10.10.10.0 network to the ISP router. Later it dawned on me and I face palmed. Of course it won't ping. Routers drop private IPs instead of routing them (unless explicitly told not to). DOH!

More to come as I attempt this lab.

networker050184

A Cisco router drops a packet it doesn't have a destination for. It has nothing to do with private/public addressing.