Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

CISCO 2811 - dynamic NAT problem

Status
Not open for further replies.
szukalabartosz

szukalabartosz

IS-IT--Management
May 19, 2007
46
PL
Hello
I have CISCO 2811 router with C2800NM-ADVSECURITYK9-M version 12.4(1a) software.
Few times a day i can not go outside my network and i have to "reload" NAT.
After "reload" everything work ok.
Any ideas what could be wrong?

Thanks for any help,

Regards,
Bartosz Szukala
 
Sort by date Sort by votes
What do you mean reload? Do the "no" form of the commands and re-enter them?

Burt
 
Upvote 0 Downvote
Yes, I have to do the "no" form of the command, and re-enter it.

Bartosz Szukala
 
Upvote 0 Downvote
I have just checked that if I use clear ip nat translations it also works.

Regards,
Bartosz Szukala
 
Upvote 0 Downvote
can you post the config so we can look at it a little closer?
 
Upvote 0 Downvote
my config:


Current configuration : 13423 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
no service password-encryption
!
hostname buk-wro
!
boot-start-marker
boot-end-marker
!
logging buffered 52000 debugging
enable secret 5 $1$nVBy$akzVSb6Tza
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
aaa session-id common
!
resource policy
!
ip subnet-zero
!
!
ip cef
no ip dhcp use vrf connected
!
!
no ip ips deny-action ips-interface
no ip bootp server
no ip domain lookup
ip ssh maxstartups 2
ip ssh authentication-retries 5
ip ssh rsa keypair-name sshkeys
ip ssh logging events
ip ssh version 2

!
!
crypto pki trustpoint KRUK_CA
enrollment terminal
!
!
crypto pki certificate chain KRUK_CA
certificate 296173280000000000EE
3082063F 30820527 A0030201 02020A29 61732800 00000000 EE300D06 092A8648
username dcba view SDM_Monitor secret 5 $1$CqDC$
username abcde secret 5 $1$TN
!
!
!
crypto isakmp policy 1
authentication pre-share
group 2
crypto isakmp key xyz address A.B.C.D
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set tunel ah-sha-hmac esp-3des esp-sha-hmac comp-lzs
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel toA.B.C.D
set peer A.B.C.D
set transform-set tunel
match address 102
!
!
!
interface Tunnel0
ip address 10.0.30.1 255.255.255.252
ip mtu 1416
tunnel source FastEthernet0/0.1
tunnel destination A.B.C.D
tunnel path-mtu-discovery
interface FastEthernet0/0
description outcoming$ETH-WAN$$FW_INSIDE$
no ip address
duplex auto
speed auto
no cdp enable
!
interface FastEthernet0/0.1
encapsulation dot1Q 1 native
ip address E.F.G.H 255.255.255.0
ip nat outside
ip virtual-reassembly
no snmp trap link-status
no cdp enable
crypto map SDM_CMAP_1
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
!
interface FastEthernet0/1.2
ip address 192.168.12.30 255.255.255.224
ip nat inside
ip virtual-reassembly
no snmp trap link-status
no cdp enable
!
interface FastEthernet0/1.7
no cdp enable
!
interface FastEthernet0/1.107
encapsulation dot1Q 107 native
ip address 10.0.8.1 255.255.255.252
ip nat inside
ip virtual-reassembly
no snmp trap link-status
no cdp enable
!
interface Serial0/2/0
no ip address
shutdown
clockrate 2000000
!
no ip address
shutdown
clockrate 2000000
!
ip classless
ip route 0.0.0.0 0.0.0.0 82.76.163.1
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0.1 82.76.163.1
ip route 172.16.0.0 255.255.252.0 A.B.C.D
ip route 172.16.8.0 255.255.252.0 10.0.8.2
ip route 192.168.0.0 255.255.252.0 A.B.C.D
ip route 192.168.8.0 255.255.252.0 10.0.8.2
!
no ip http server
ip http secure-server
ip nat inside source route-map SDM_RMAP_5 interface FastEthernet0/0.1 overload
ip dns server
!
logging facility local0
logging 10.0.8.2
access-list 9 permit 10.0.8.2
access-list 9 permit A.B.C.D
access-list 9 deny any log
access-list 15 permit 10.0.8.0 0.0.0.255
access-list 100 remark SDM_ACL Category=4
access-list 100 permit gre host G.H.I.J host A.B.C.D
access-list 101 remark SDM_ACL Category=2
access-list 101 remark IPSec Rule
access-list 101 deny ip 172.16.8.0 0.0.3.255 172.16.0.0 0.0.3.255
access-list 101 remark IPSec Rule
access-list 101 deny ip 192.168.8.0 0.0.3.255 192.168.0.0 0.0.3.255
access-list 101 permit ip 10.0.8.0 0.0.0.255 any
access-list 101 permit ip host 192.168.12.1 any
access-list 102 remark SDM_ACL Category=4
access-list 102 remark IPSec Rule
access-list 102 permit ip 192.168.8.0 0.0.3.255 192.168.0.0 0.0.3.255
access-list 102 remark IPSec Rule
access-list 102 permit ip 172.16.8.0 0.0.3.255 172.16.0.0 0.0.3.255
access-list 103 remark SDM_ACL Category=2
access-list 103 remark IPSec Rule
access-list 103 deny ip 172.16.8.0 0.0.3.255 172.16.0.0 0.0.3.255
access-list 103 remark IPSec Rule
access-list 103 deny ip 192.168.8.0 0.0.3.255 192.168.0.0 0.0.3.255
access-list 103 permit ip 192.168.12.0 0.0.0.31 any
access-list 103 permit ip 10.0.8.0 0.0.0.3 any
access-list 104 remark SDM_ACL Category=2
access-list 104 remark IPSec Rule
access-list 104 deny ip 172.16.8.0 0.0.3.255 172.16.0.0 0.0.3.255
access-list 104 remark IPSec Rule
access-list 104 deny ip 192.168.8.0 0.0.3.255 192.168.0.0 0.0.3.255
access-list 104 permit ip 192.168.12.0 0.0.0.31 any
access-list 104 permit ip 10.0.8.0 0.0.0.3 any
access-list 105 remark SDM_ACL Category=2
access-list 105 remark IPSec Rule
access-list 105 deny ip 172.16.8.0 0.0.3.255 172.16.0.0 0.0.3.255
access-list 105 remark IPSec Rule
access-list 105 deny ip 192.168.8.0 0.0.3.255 192.168.0.0 0.0.3.255
access-list 105 permit ip 192.168.12.0 0.0.0.31 any
access-list 105 permit ip 10.0.8.0 0.0.0.3 any
access-list 106 remark SDM_ACL Category=2
access-list 106 remark IPSec Rule
access-list 106 deny ip 172.16.8.0 0.0.3.255 172.16.0.0 0.0.3.255
access-list 106 remark IPSec Rule
access-list 106 deny ip 192.168.8.0 0.0.3.255 192.168.0.0 0.0.3.255
access-list 106 permit ip 192.168.12.0 0.0.0.31 any
access-list 106 permit ip 10.0.8.0 0.0.0.3 any
no cdp run
route-map SDM_RMAP_4 permit 1
match ip address 105
!
route-map SDM_RMAP_5 permit 1
match ip address 106
!
route-map SDM_RMAP_1 permit 1
match ip address 101
!
route-map SDM_RMAP_2 permit 1
match ip address 103
!
route-map SDM_RMAP_3 permit 1
match ip address 104
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line vty 0 3
access-class 9 in
exec-timeout 240 0
transport input ssh
transport output ssh
line vty 4
access-class 9 in
transport input ssh
transport output ssh
parser view SDM_Monitor
secret 5 $1$UCj
commands configure include end
commands configure include all interface
commands exec include dir all-filesystems
commands exec include dir
commands exec include all crypto ipsec client ezvpn
commands exec include crypto ipsec client
commands exec include crypto ipsec
commands exec include crypto
commands exec include all ping ip
commands exec include ping
commands exec include configure terminal
commands exec include configure
commands exec include all show
commands exec include all debug appfw
commands exec include debug
commands exec include all clear
!
!
scheduler allocate 20000 1000
!
end


Bartosz Szukala
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

B
  • Locked
  • Question
Cisco IP phone 7841 8851 unable to forward all to external number
Replies
0
Views
167
badwolf1686
B
pbxcomm
  • Locked
  • Question
CISCO VG450
Replies
1
Views
505
nt8d09
nt8d09
Skip Rango
  • Locked
  • Question
how to backup cisco sg500-52p switch
Replies
1
Views
490
madwok
madwok
Jared R
  • Locked
  • Question
Cisco UC320W Paging Help
Replies
0
Views
485
Jared R
Jared R
Hayden09
  • Locked
  • Question
Cisco Sg-300 Flapping?
Replies
0
Views
437
Hayden09
Hayden09

Part and Inventory Search

Sponsor

Back
Top