1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

NAT problem with Cisco 877

Discussion in 'Networks' started by BrizoH, Aug 17, 2009.

  1. BrizoH

    BrizoH Byte Poster

    243
    6
    25
    Hi everyone

    I'm having a bit of a problem with a Cisco 877 router - I can't seem to get NAT working at all.

    The router is connected to ADSL fine, I can ping IP addresses from the router itself with no problem - however I'm having no joy trying to ping external IP's using an internal address

    We're replacing our current 837 routers with 877 - but the config I'm using on 837's won't play nice.

    I'm sure there's something obvious I'm missing but if any one can offer advice it would be appreciated - config below

    Current configuration : 2954 bytes
    !
    version 12.4
    no service pad
    service tcp-keepalives-in
    service tcp-keepalives-out
    service timestamps debug datetime msec localtime show-timezone
    service timestamps log datetime msec localtime show-timezone
    service password-encryption
    service sequence-numbers
    !
    hostname ROUTER
    !
    boot-start-marker
    boot-end-marker
    !
    logging buffered 51200
    logging console critical
    enable secret 5 $1$fx3I$1M5hOFMj7MwQDWR1dobNc.
    !
    no aaa new-model
    memory-size iomem 25
    clock timezone PCTime 0
    clock summer-time PCTime date Mar 30 2003 1:00 Oct 26 2003 2:00
    !
    !
    dot11 syslog
    no ip source-route
    ip cef
    no ip dhcp use vrf connected
    ip dhcp excluded-address 192.168.5.1 192.168.5.149
    ip dhcp excluded-address 192.168.5.201 192.168.5.254
    !
    ip dhcp pool sdm-pool1
    import all
    network 192.168.5.0 255.255.255.0
    dns-server 192.168.5.101
    default-router 192.168.5.254
    domain-name testdomain.co.uk
    !
    !
    no ip bootp server
    ip domain name testdomain.co.uk
    ip name-server 192.168.5.101
    !
    !
    !
    username username privilege 15 secret 5

    $1$OqdQ$gJyTNfIieCWBpcvXr2qAI/
    !
    !
    archive
    log config
    hidekeys
    !
    !
    ip tcp synwait-time 10
    ip ssh time-out 60
    ip ssh authentication-retries 2
    !
    !
    !
    interface ATM0
    no ip address
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip route-cache flow
    no atm ilmi-keepalive
    dsl operating-mode auto
    !
    interface ATM0.1 point-to-point
    description $ES_WAN$$FW_OUTSIDE$
    ip nat outside
    ip virtual-reassembly
    pvc 0/38
    oam-pvc manage
    pppoe-client dial-pool-number 1
    !
    !
    interface FastEthernet0
    !
    interface FastEthernet1
    !
    interface FastEthernet2
    !
    interface FastEthernet3
    !
    interface Vlan1
    description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
    ip address 192.168.5.254 255.255.255.0
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip nat inside
    ip virtual-reassembly
    ip route-cache flow
    ip tcp adjust-mss 1412
    !
    interface Dialer0
    ip address 1.2.3.4 255.255.255.248
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip mtu 1452
    ip nat outside
    ip virtual-reassembly
    encapsulation ppp
    ip route-cache flow
    dialer pool 1
    dialer-group 1
    no cdp enable
    ppp authentication chap callin
    ppp chap hostname pppuser@pppdomain
    ppp chap password 7 ppppassword
    !
    ip forward-protocol nd
    ip route 0.0.0.0 0.0.0.0 Dialer0
    !
    ip http server
    ip http access-class 23
    ip http authentication local
    ip http secure-server
    ip http timeout-policy idle 60 life 86400 requests 10000
    ip nat inside source list 101 interface Dialer0 overload
    !
    logging trap debugging
    access-list 101 permit ip 192.168.5.0 0.0.0.255 any
    dialer-list 1 protocol ip permit
    no cdp run
    !
    !
    !
    control-plane
    !
    !
    line con 0
    login local
    no modem enable
    transport output telnet
    line aux 0
    login local
    transport output telnet
    line vty 0 4
    privilege level 15
    login local
    transport input telnet ssh
    !
    scheduler max-task-time 5000
    scheduler allocate 4000 1000
    scheduler interval 500
    end
     
    Certifications: CCNA, CCNA Security
    WIP: CCNP
  2. danielno8

    danielno8 Gigabyte Poster

    1,305
    48
    92
    access-list 101 permit ip 192.168.5.0 0.0.0.255 any

    This is your command for traffic which should be NAT'd? it only includes IP traffic?
     
    Certifications: CCENT, CCNA
    WIP: CCNP
  3. BrizoH

    BrizoH Byte Poster

    243
    6
    25
    I thought that would allow all traffic out (bit of a cisco noob :oops:)

    I've changed the acl to read:

    access-list 101 permit icmp 192.168.5.0 0.0.0.255 any
    access-list 101 permit ip 192.168.5.0 0.0.0.255 any

    but still no luck when using an extended ping, source ip 192.168.5.254

    works fine when I enter ping x.x.x.x

    Thanks again
     
    Certifications: CCNA, CCNA Security
    WIP: CCNP
  4. craigie

    craigie Terabyte Poster

    3,020
    173
    155
    I have only done NAT using the SDM, but think this guide should help.
     
    Certifications: CCA | CCENT | CCNA | CCNA:S | HP APC | HP ASE | ITILv3 | MCP | MCDST | MCITP: EA | MCTS:Vista | MCTS:Exch '07 | MCSA 2003 | MCSA:M 2003 | MCSA 2008 | MCSE | VCP5-DT | VCP4-DCV | VCP5-DCV | VCAP5-DCA | VCAP5-DCD | VMTSP | VTSP 4 | VTSP 5
  5. danielno8

    danielno8 Gigabyte Poster

    1,305
    48
    92
    i would just put:

    access-list 101 permit 192.168.5.0 0.0.0.255 any
     
    Certifications: CCENT, CCNA
    WIP: CCNP

Share This Page

Loading...