NAT problem with Cisco 877

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Hi everyone

I'm having a bit of a problem with a Cisco 877 router - I can't seem to get NAT working at all.

The router is connected to ADSL fine, I can ping IP addresses from the router itself with no problem - however I'm having no joy trying to ping external IP's using an internal address

We're replacing our current 837 routers with 877 - but the config I'm using on 837's won't play nice.

I'm sure there's something obvious I'm missing but if any one can offer advice it would be appreciated - config below

Current configuration : 2954 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname ROUTER
!
boot-start-marker
boot-end-marker
!
logging buffered 51200
logging console critical
enable secret 5 $1$fx3I$1M5hOFMj7MwQDWR1dobNc.
!
no aaa new-model
memory-size iomem 25
clock timezone PCTime 0
clock summer-time PCTime date Mar 30 2003 1:00 Oct 26 2003 2:00
!
!
dot11 syslog
no ip source-route
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.5.1 192.168.5.149
ip dhcp excluded-address 192.168.5.201 192.168.5.254
!
ip dhcp pool sdm-pool1
import all
network 192.168.5.0 255.255.255.0
dns-server 192.168.5.101
default-router 192.168.5.254
domain-name testdomain.co.uk
!
!
no ip bootp server
ip domain name testdomain.co.uk
ip name-server 192.168.5.101
!
!
!
username username privilege 15 secret 5

$1$OqdQ$gJyTNfIieCWBpcvXr2qAI/
!
!
archive
log config
hidekeys
!
!
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
description $ES_WAN$$FW_OUTSIDE$
ip nat outside
ip virtual-reassembly
pvc 0/38
oam-pvc manage
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
ip address 192.168.5.254 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1412
!
interface Dialer0
ip address 1.2.3.4 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1452
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap callin
ppp chap hostname pppuser@pppdomain
ppp chap password 7 ppppassword
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 101 interface Dialer0 overload
!
logging trap debugging
access-list 101 permit ip 192.168.5.0 0.0.0.255 any
dialer-list 1 protocol ip permit
no cdp run
!
!
!
control-plane
!
!
line con 0
login local
no modem enable
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

access-list 101 permit ip 192.168.5.0 0.0.0.255 any

This is your command for traffic which should be NAT'd? it only includes IP traffic?

 

I thought that would allow all traffic out (bit of a cisco noob )

I've changed the acl to read:

access-list 101 permit icmp 192.168.5.0 0.0.0.255 any
access-list 101 permit ip 192.168.5.0 0.0.0.255 any

but still no luck when using an extended ping, source ip 192.168.5.254

works fine when I enter ping x.x.x.x

Thanks again

 

I have only done NAT using the SDM, but think this guide should help.

 

i would just put:

access-list 101 permit 192.168.5.0 0.0.0.255 any