Options
NAT config not working
GT-Rob
Member Posts: 1,090
in CCNA & CCENT
losing my mind over this one, I just can't see what is wrong.
Config pasted below. Connection works, as I can ping from the router out, and my client can ping the router, but can't ping out from the client. Nothing shows in a 'show ip nat trans' or 'show ip nat stat'
What am I missing?!?!
sh run
Building configuration...
!
no aaa new-model
ip source-route
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.254.91.0 10.254.91.10
!
ip dhcp pool Basic-Internet-Lan
network 10.254.91.0 255.255.255.0
default-router 10.254.91.4
dns-server 4.2.2.2
!
!
!
bba-group pppoe 1
!
bba-group pppoe 2
!
bba-group pppoe 6
!
bba-group pppoe 12
!
!
interface GigabitEthernet0/0
description Dsl3-f1/0-1014-Dlr6
bandwidth 6000
no ip address
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
media-type rj45
pppoe enable group 1
pppoe-client dial-pool-number 1
!
interface GigabitEthernet0/1
ip address 10.254.91.4 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1300
duplex auto
speed auto
media-type rj45
!
interface Dialer1
description Dialer1
bandwidth 6000
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp pap sent-username theusername password 0 thepassword
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1
!
!
ip nat source list test interface Dialer1 overload
ip access-list extended forInternet
permit ip 10.254.93.0 0.0.0.255 any
permit ip 10.254.91.0 0.0.0.255 any
ip access-list extended test
permit ip any any
route-map dialer1 permit 10
match ip address forInternet
scheduler allocate 20000 1000
end
rts020#
Config pasted below. Connection works, as I can ping from the router out, and my client can ping the router, but can't ping out from the client. Nothing shows in a 'show ip nat trans' or 'show ip nat stat'
What am I missing?!?!
sh run
Building configuration...
!
no aaa new-model
ip source-route
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.254.91.0 10.254.91.10
!
ip dhcp pool Basic-Internet-Lan
network 10.254.91.0 255.255.255.0
default-router 10.254.91.4
dns-server 4.2.2.2
!
!
!
bba-group pppoe 1
!
bba-group pppoe 2
!
bba-group pppoe 6
!
bba-group pppoe 12
!
!
interface GigabitEthernet0/0
description Dsl3-f1/0-1014-Dlr6
bandwidth 6000
no ip address
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
media-type rj45
pppoe enable group 1
pppoe-client dial-pool-number 1
!
interface GigabitEthernet0/1
ip address 10.254.91.4 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1300
duplex auto
speed auto
media-type rj45
!
interface Dialer1
description Dialer1
bandwidth 6000
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp pap sent-username theusername password 0 thepassword
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1
!
!
ip nat source list test interface Dialer1 overload
ip access-list extended forInternet
permit ip 10.254.93.0 0.0.0.255 any
permit ip 10.254.91.0 0.0.0.255 any
ip access-list extended test
permit ip any any
route-map dialer1 permit 10
match ip address forInternet
scheduler allocate 20000 1000
end
rts020#
Comments
-
Optionshermeszdata Member Posts: 225losing my mind over this one, I just can't see what is wrong.
What am I missing?!?!
sh run
Building configuration...
!
ip nat source list test interface Dialer1 overload
ip access-list extended forInternet
permit ip 10.254.93.0 0.0.0.255 any
permit ip 10.254.91.0 0.0.0.255 any
ip access-list extended test
permit ip any any
rts020#
Try this!
ip nat inside source list test interface Dialer1 overloadJohnCurrent Progress:
Studying:CCNA Security - 60%, CCNA Wireless - 80%, ROUTE - 10% (Way behind due to major Wireless Project)Exams Passed:
CCNA - 640-802 - 17 Jan 2011 -- CVOICE v6 - 642-436 - 28 Feb 2011
2011 Goals
CCNP/CCNP:Voice -
Optionshermeszdata Member Posts: 225I didn't even see that. Sucks when eyes assume.
'Twill be interesting to see if my suggestion resolved the OP's problem!
When I first looked at the topic question, I also looked at the OP's stated credentials (certs) before scanning the config and presumed a more complex issue looking for application of the ACL(s) to interfaces. I actually missed the lack of the inside as part of the ip nat source CLI input on the first couple of scans of the config.
It is usually the simplest things we ofter overlook that give us the greatest headaches!
Brain Farts! A simple, unavoidable, fact of life! If I do not have at least 10 every day, I am concerned that I am not living in reality!JohnCurrent Progress:
Studying:CCNA Security - 60%, CCNA Wireless - 80%, ROUTE - 10% (Way behind due to major Wireless Project)Exams Passed:
CCNA - 640-802 - 17 Jan 2011 -- CVOICE v6 - 642-436 - 28 Feb 2011
2011 Goals
CCNP/CCNP:Voice -
Optionschmorin Member Posts: 1,446 ■■■■■□□□□□hermeszdata wrote: »'
Brain Farts! A simple, unavoidable, fact of life! If I do not have at least 10 every day, I am concerned that I am not living in reality!
Is this a dream? HOW DEEP AM I!?!?
Anyway, I'm with yah. I'm sure the OP is in this situation too, its those stupid stupid stupid little things you learned years ago but didnt touch again that will get yah from time to time.Currently PursuingWGU (BS in IT Network Administration) - 52%| CCIE:Voice Written - 0% (0/200 Hours)mikej412 wrote:Cisco Networking isn't just a job, it's a Lifestyle. -
OptionsGT-Rob Member Posts: 1,090oh. my. god.
That was it! I can't believe I missed that, I even looked at a config from another site and glanced over the word 'inside' over and over. I even changed that config a few times, and missed the inside word each time. I even pulled up a nat config guide on Cisco, and missed it.
Booking an eye appointment to have my eyes checked!
Anyway, thanks for saving me another day of frustration haha. I owe you one! -
Optionshermeszdata Member Posts: 225oh. my. god.
That was it! I can't believe I missed that, I even looked at a config from another site and glanced over the word 'inside' over and over. I even changed that config a few times, and missed the inside word each time. I even pulled up a nat config guide on Cisco, and missed it.
Booking an eye appointment to have my eyes checked!
Anyway, thanks for saving me another day of frustration haha. I owe you one!JohnCurrent Progress:
Studying:CCNA Security - 60%, CCNA Wireless - 80%, ROUTE - 10% (Way behind due to major Wireless Project)Exams Passed:
CCNA - 640-802 - 17 Jan 2011 -- CVOICE v6 - 642-436 - 28 Feb 2011
2011 Goals
CCNP/CCNP:Voice