Announcement

Collapse
No announcement yet.

NAT help

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • NAT help

    Hello, I'm using some old cisco gear and at my wits end as to why this isn't working.

    Internet

    I

    2950 Switch<--192.168.3.0 /24----> 2600 Router ----->|| 192.168.0.0 /24 ----> Home Router Connected to Internet <-- 192.168.0.0 /24 --- 2811 Router <---Vlan 2 172.16.0.0 /20 <---2950


    <---Vlan 3 172.16.16.0 /21


    <---Vlan 4 192.168.1.0 /24

    The host on the left side of the diagram in the 192.168.3.0 /24 network can access the internet just fine. Also the hosts on all 3 Vlans can access the internet just fine. The hosts on the vlans can ping each other and can also ping the outside interfaces of the 2811 and the 2600 router on the 192.168.0.0 /24 network. However the host in the 192.168.3.0 network cannot ping the inside sub-interfaces of the vlans or the hosts in those vlans and vice versa.

    If I plug my laptop into the 192.168.0.0 /24 network and make the IP address of the outside interface of the 2811 my default gateway, I still cannot ping the inside interfaces. Same thing happens if I try doing it with the 2600.

    However I can ping any network just fine if I try pinging from any of the routers.

    The CCNA book that I have on NAT is rather short compared to the other chapters. I have tried looking online and their configuration seems to look the same as mine.

    Could someone please take a look at my configs and help a bro out.

    -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

    2600 Config

    !

    version 12.2

    service config

    service timestamps debug datetime msec

    service timestamps log datetime msec

    no service password-encryption

    !

    hostname RouterB

    !

    logging queue-limit 100

    enable secret 5 $1$yBym$E.oh055xRavtUR7WbMLxF1

    !

    ip subnet-zero

    !

    !

    ip domain lookup source-interface FastEthernet0/0

    ip dhcp excluded-address 172.17.0.1

    !

    ip dhcp pool Inside_DHCP_POOL

    network 172.17.0.0 255.255.240.0

    default-router 172.17.0.1

    dns-server 192.168.0.1

    !

    !

    !

    !

    !

    !

    interface FastEthernet0/0

    ip address dhcp

    ip nat outside

    duplex auto

    speed auto

    !

    interface FastEthernet0/1

    ip address 172.17.0.1 255.255.240.0

    ip nat inside

    duplex auto

    speed auto

    !

    ip nat inside source list 1 interface FastEthernet0/0 overload

    ip http server

    ip classless

    ip route 172.16.0.0 255.255.240.0 192.168.0.13

    ip route 172.16.16.0 255.255.248.0 192.168.0.13

    ip route 192.168.1.0 255.255.255.0 192.168.0.13

    ip route 192.168.3.0 255.255.255.0 192.168.0.13

    !

    !

    !

    access-list 1 permit 172.17.0.0 0.0.15.255

    !

    line con 0

    exec-timeout 0 0

    password cisco

    logging synchronous

    login

    line aux 0

    line vty 0 4

    password cisco

    login

    line vty 5 15

    password cisco

    login

    !

    !

    end

    -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

    2811 Router

    !

    version 12.4

    service timestamps debug datetime msec

    service timestamps log datetime msec

    no service password-encryption

    !

    hostname Corp

    !

    boot-start-marker

    boot-end-marker

    !

    enable secret 5 $1$1y4b$xYgZGfKXs9H2bqkEsJ/6k1

    !

    no aaa new-model

    !

    !

    ip cef

    no ip dhcp use vrf connected

    ip dhcp excluded-address 172.16.0.1

    ip dhcp excluded-address 172.16.16.1

    ip dhcp excluded-address 192.168.1.1

    !

    ip dhcp pool Vlan2

    network 172.16.0.0 255.255.240.0

    default-router 172.16.0.1

    dns-server 192.168.0.1

    !

    ip dhcp pool Vlan3

    network 172.16.16.0 255.255.248.0

    default-router 172.16.16.1

    dns-server 192.168.0.1
    !

    ip dhcp pool Vlan4

    network 192.168.1.0 255.255.255.0

    default-router 192.168.1.1

    dns-server 192.168.0.1

    !

    !

    ip auth-proxy max-nodata-conns 3

    ip admission max-nodata-conns 3

    !

    multilink bundle-name authenticated

    !

    !

    !

    !

    !

    archive

    log config

    hidekeys

    !

    !

    !

    !

    !

    !

    !

    interface FastEthernet0/0

    ip address dhcp

    ip nat outside

    ip virtual-reassembly

    duplex auto

    speed auto

    !

    interface FastEthernet0/1

    ip address 192.168.3.1 255.255.255.0

    ip nat inside

    ip virtual-reassembly

    duplex auto

    speed auto

    !

    interface FastEthernet0/1.2

    encapsulation dot1Q 2

    ip address 172.16.0.1 255.255.240.0

    ip nat inside

    ip virtual-reassembly

    !

    interface FastEthernet0/1.3

    encapsulation dot1Q 3

    ip address 172.16.16.1 255.255.248.0

    ip nat inside

    ip virtual-reassembly

    !

    interface FastEthernet0/1.4

    encapsulation dot1Q 4

    ip address 192.168.1.1 255.255.255.0

    ip nat inside

    ip virtual-reassembly

    !

    ip forward-protocol nd

    ip route 172.17.0.0 255.255.240.0 FastEthernet0/0

    !

    !

    ip http server

    no ip http secure-server

    ip nat inside source list 1 interface FastEthernet0/0 overload

    !

    access-list 1 permit 172.16.0.0 0.0.15.255

    access-list 1 permit 172.16.16.0 0.0.7.255

    access-list 1 permit 192.168.1.0 0.0.0.255

    !

    !

    !

    !

    control-plane

    !

    !

    line con 0

    exec-timeout 0 0

    password cisco

    logging synchronous

    login

    line aux 0

    line vty 0 4

    exec-timeout 0 0

    password cisco

    logging synchronous

    login

    line vty 5 988

    exec-timeout 0 0

    password cisco

    logging synchronous

    login

    !

    scheduler allocate 20000 1000

    !

    end

    -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

    Core Switch

    !

    version 12.0

    no service pad

    service timestamps debug uptime

    service timestamps log uptime

    no service password-encryption

    !

    hostname Core_Switch

    !

    enable secret 5 $1$L0Pe$5HT1Y2mC6nJB5sPUxgm7E.

    !

    !

    !

    !

    !

    !

    ip subnet-zero

    !

    !

    !

    interface FastEthernet0/1

    switchport access vlan 2

    !

    interface FastEthernet0/2

    switchport access vlan 3

    !

    interface FastEthernet0/3

    switchport access vlan 4

    !

    interface FastEthernet0/4

    !

    interface FastEthernet0/5

    switchport mode trunk

    !

    interface FastEthernet0/6

    !

    interface FastEthernet0/7

    !

    interface FastEthernet0/8

    !

    interface FastEthernet0/9

    !

    interface FastEthernet0/10

    !

    interface FastEthernet0/11

    !

    interface FastEthernet0/12

    !

    interface VLAN1

    ip address 192.168.3.2 255.255.255.0

    no ip directed-broadcast

    no ip route-cache

    !

    ip default-gateway 192.168.3.1

    !

    line con 0

    exec-timeout 0 0

    password cisco

    logging synchronous

    login

    transport input none

    stopbits 1

    line vty 0 4

    exec-timeout 0 0

    password cisco

    logging synchronous

    login

    line vty 5 15

    exec-timeout 0 0

    password cisco

    logging synchronous

    login

    !

    end

    -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

    Could someone also explain to me why hosts can't access the internet if I use a pool rather than interface FastEthernet0/0 overload. My book explains to me create a NAT pool but then internet connectivity is lost for the hosts.

  • #2
    Re: NAT help

    Please show your connections in a diagram. Is the 2600 and 2800 directly connected to the home router? You mention an internet connection at the home router? Is there some kind of vpn happening here?
    CCNA, CCNA-Security, CCNP
    CCIE Security (In Progress)

    Comment

    Working...
    X