Gns3 nat configuration not working?

jahazieljahaziel Member Posts: 175 ■■■□□□□□□□
Hey guys..
I installed gns3 and did a nat configuration but doesn't seem to work.. I'm pretty sure I did it correctly..

here is the configure


L2G-HQ-EDGE1#show running-config
Building configuration...


Current configuration : 1516 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname L2G-HQ-EDGE1
!
boot-start-marker
warm-reboot
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
no ip icmp rate-limit unreachable
ip cef
ip tcp synwait-time 5
!
!
!
!
no ip domain lookup
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 172.16.1.2 255.255.255.252
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.3.151 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet1/0
ip address 192.168.4.2 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
standby 1 ip 192.168.4.1
standby 1 priority 150
standby 1 preempt
!
interface FastEthernet1/1
no ip address
ip nat inside
ip virtual-reassembly
shutdown
duplex auto
speed auto
!
ip route 0.0.0.0 0.0.0.0 192.168.2.1
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
no ip http server
no ip http secure-server
!
!
ip nat inside source list 1 interface FastEthernet0/0 overload
!
logging alarm informational
access-list 1 permit any
no cdp log mismatch duplex
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
!
!
webvpn context Default_context
ssl authenticate verify all
!
no inservice
!
!
end

Comments

  • no!all!no!all! Member Posts: 245 ■■■□□□□□□□
    Someone correct me if I'm wrong, but I don't see any actual NAT configuration...it looks like you've placed source list 1 on fa0/0 but it doesn't appear that a source list has actually been created. If that makes sense...
    A+, N+, S+, CCNA:RS, CCNA:Sec

    "In high society TCP is more welcome than UDP. At least it knows a proper handshake" - Ben Franklin

    2019 Goals: CCNP:RS & relocate to St. Pete, FL!
  • Dieg0MDieg0M Member Posts: 861
    Are you sure it's not a routing problem? You have 2 default routes that seem to point to different places. If you are getting packet drops you might need to configure SNAT.
    Follow my CCDE journey at www.routingnull0.com
  • HondabuffHondabuff Member Posts: 667 ■■■□□□□□□□
    Change the access-list to "access-list 1 permit 192.168.0.0 0.0.255.255" and default route to " ip route 0.0.0.0 0.0.0.0 172.16.1.1" assuming the 172.16.1.1 is the next hop router or gateway of ISP. I would also add NAT inside to fa0/1. Then do a ping to a outside address such as "ping 8.8.8.8 source 192.168.4.2" then do a show ip nat translation and see if its working.
    “The problem with quotes on the Internet is that you can’t always be sure of their authenticity.” ~Abraham Lincoln
  • mikeybinecmikeybinec Member Posts: 484 ■■■□□□□□□□
    i did'nt see the NAT pool defined i.e.

    ip nat pool jahaziel_nat 172.16.1.2 172.16.1.2 network 255.255.255.0
    Cisco NetAcad Cuyamaca College
    A.S. LAN Management 2010 Grossmont College
    B.S. I.T. Management 2013 National University
  • jahazieljahaziel Member Posts: 175 ■■■□□□□□□□
    ip nat inside source list 1 interface FastEthernet0/0 overload is the nat pool defined. I'll try the things mentioned about in a bit. It has always worked for me till I set it up on my server.. no idea why.. but ill keep working on it
  • HondabuffHondabuff Member Posts: 667 ■■■□□□□□□□
    mikeybinec wrote: »
    i did'nt see the NAT pool defined i.e.

    ip nat pool jahaziel_nat 172.16.1.2 172.16.1.2 network 255.255.255.0
    You don't need a Nat pool if you use the statement "Router(config)#ip nat inside source list 1 interface fastEthernet 0/0 overload " It will reference the Access list 1 for the permit or deny. Nat pools are mainly used in enterprise environments where you have multiple available IP addresses. I don't know where I picked it up but its much easier to use.
    “The problem with quotes on the Internet is that you can’t always be sure of their authenticity.” ~Abraham Lincoln
  • jahazieljahaziel Member Posts: 175 ■■■□□□□□□□
    It was an routing issue.
  • mikeybinecmikeybinec Member Posts: 484 ■■■□□□□□□□
    Thanks Hondabuff
    Cisco NetAcad Cuyamaca College
    A.S. LAN Management 2010 Grossmont College
    B.S. I.T. Management 2013 National University
Sign In or Register to comment.