NAT config not working

losing my mind over this one, I just can't see what is wrong.

Config pasted below. Connection works, as I can ping from the router out, and my client can ping the router, but can't ping out from the client. Nothing shows in a 'show ip nat trans' or 'show ip nat stat'

What am I missing?!?!

sh run
Building configuration...

!
no aaa new-model
ip source-route
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.254.91.0 10.254.91.10
!
ip dhcp pool Basic-Internet-Lan
network 10.254.91.0 255.255.255.0
default-router 10.254.91.4
dns-server 4.2.2.2
!
!
!
bba-group pppoe 1
!
bba-group pppoe 2
!
bba-group pppoe 6
!
bba-group pppoe 12
!
!
interface GigabitEthernet0/0
description Dsl3-f1/0-1014-Dlr6
bandwidth 6000
no ip address
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
media-type rj45
pppoe enable group 1
pppoe-client dial-pool-number 1
!
interface GigabitEthernet0/1
ip address 10.254.91.4 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1300
duplex auto
speed auto
media-type rj45
!
interface Dialer1
description Dialer1
bandwidth 6000
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp pap sent-username theusername password 0 thepassword

!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1
!
!
ip nat source list test interface Dialer1 overload

ip access-list extended forInternet
permit ip 10.254.93.0 0.0.0.255 any
permit ip 10.254.91.0 0.0.0.255 any

ip access-list extended test
permit ip any any

route-map dialer1 permit 10
match ip address forInternet

scheduler allocate 20000 1000
end

rts020#

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

Monkerz

removed "ip nat outside" from GigabitEthernet0/0

hermeszdata

GT-Rob wrote: »

losing my mind over this one, I just can't see what is wrong.

What am I missing?!?!

sh run
Building configuration...

!
ip nat source list test interface Dialer1 overload

ip access-list extended forInternet
permit ip 10.254.93.0 0.0.0.255 any
permit ip 10.254.91.0 0.0.0.255 any

ip access-list extended test
permit ip any any

rts020#

It appears that you did not define how the source list should be used.

Try this!

ip nat inside source list test interface Dialer1 overload

Monkerz

I didn't even see that. Sucks when eyes assume.

hermeszdata

Monkerz wrote: »

I didn't even see that. Sucks when eyes assume.

'Twill be interesting to see if my suggestion resolved the OP's problem!

When I first looked at the topic question, I also looked at the OP's stated credentials (certs) before scanning the config and presumed a more complex issue looking for application of the ACL(s) to interfaces. I actually missed the lack of the inside as part of the ip nat source CLI input on the first couple of scans of the config.

It is usually the simplest things we ofter overlook that give us the greatest headaches!

Brain Farts! A simple, unavoidable, fact of life! If I do not have at least 10 every day, I am concerned that I am not living in reality!

chmorin

hermeszdata wrote: »

'

Brain Farts! A simple, unavoidable, fact of life! If I do not have at least 10 every day, I am concerned that I am not living in reality!

Is this a dream? HOW DEEP AM I!?!?

Anyway, I'm with yah. I'm sure the OP is in this situation too, its those stupid stupid stupid little things you learned years ago but didnt touch again that will get yah from time to time.

GT-Rob

oh. my. god.

That was it! I can't believe I missed that, I even looked at a config from another site and glanced over the word 'inside' over and over. I even changed that config a few times, and missed the inside word each time. I even pulled up a nat config guide on Cisco, and missed it.

Booking an eye appointment to have my eyes checked!

Anyway, thanks for saving me another day of frustration haha. I owe you one!

hermeszdata

GT-Rob wrote: »

oh. my. god.

That was it! I can't believe I missed that, I even looked at a config from another site and glanced over the word 'inside' over and over. I even changed that config a few times, and missed the inside word each time. I even pulled up a nat config guide on Cisco, and missed it.

Booking an eye appointment to have my eyes checked!

Anyway, thanks for saving me another day of frustration haha. I owe you one!

Funny, isn't it, how the simplest of things bite us in the butt!