How to Configure NAT?

[jmsabatini]

I've been at this all day and have gotten nowhere. We have a new Cisco 1711 router, and all I want to do is be able to access our internal LAN and the Internet through this router from the single laptop I have connected to the first port. The router is able to obtain DHCP info from our internal network through FastEthernet0. I can ping to any address from the SDM software. However, from the laptop, I've only been able to get to a point where I can ping to addresses on the Internet and to the FastEthernet0 interface address; I can't ping our internal network or browse the web (or anything else).

Can someone please tell me exactly what I need to do in order to make this work?

My internal network (on the WAN side of the router) is 10.0.0.X. I have the local side of the router set to 20.0.0.X. The VLAN1 address is 20.0.0.1. My laptop is 20.0.0.2.

Thanks very much!

 

[gconnect]

post the config and more than likely someone on this board will solve your problem. i am about to leave from where i am now, but if nobody else gets you going tonight, i'll take a look at it in the morning and see what i can determine

good luck
-gC-

 

[jmsabatini]

Thanks! Here it is:


!This is the running config of the router: 20.0.0.1
!----------------------------------------------------------------------------
!version 12.2
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname CISCO1711
!
security authentication failure rate 3 log
security passwords min-length 6
logging queue-limit 100
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$Vc/G$mduOJ2eVTNYeW8saL.j7c1
!
username admin privilege 15 password 7 0478155A5E731097DB
clock timezone PCTimeZone -5
ip subnet-zero
no ip source-route
!
!
ip tcp synwait-time 10
no ip domain lookup
ip domain name crinj.com
!
!
no ip bootp server
ip cef
ip audit notify log
ip audit po max-events 100
ip ssh time-out 60
ip ssh authentication-retries 2
no ftp-server write-enable
!
!
!
!
!
!
!
!
interface FastEthernet0
description $FW_OUTSIDE$$ETH-WAN$
ip address dhcp client-id FastEthernet0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip route-cache flow
duplex auto
speed auto
no cdp enable
!
interface FastEthernet1
no ip address
no cdp enable
!
interface FastEthernet2
no ip address
no cdp enable
!
interface FastEthernet3
no ip address
no cdp enable
!
interface FastEthernet4
no ip address
no cdp enable
!
interface Async1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
shutdown
!
interface Vlan1
description $FW_INSIDE$$ETH-SW-LAUNCH$
ip address 20.0.0.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip route-cache flow
ip tcp adjust-mss 1452
!
ip nat pool test 10.0.0.191 10.0.0.194 netmask 255.255.255.0
ip classless
ip http server
ip http authentication local
ip http secure-server
!
!
!
ip access-list extended PermitAll
remark SDM_ACL Category=2
permit ip 20.0.0.0 0.0.0.255 any
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 20.0.0.0 0.0.0.255
no cdp run
!
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
transport output telnet
line 1
flush-at-activation
stopbits 1
speed 115200
flowcontrol hardware
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet ssh
line vty 5 15
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 4000 1000
scheduler interval 500
!
end

 

[pmesjar]

First thing I have noticed why you are not able to connect to Internet with you notebook is that you NAT config is incomplete. Finish it using:

Router(config)# ip nat inside source list 1 interface FastEthernet0 overload

or because you have NAT pool created you can use:

Router(config)# ip nat inside source list 1 pool test overload

Peter Mesjar
CCNP, A+ certified
pmesjar@centrum.sk

"The only true wisdom is in knowing you know nothing.

 

[gconnect]

you have ..........

interface Vlan1
description $FW_INSIDE$$ETH-SW-LAUNCH$
ip address 20.0.0.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip route-cache flow
ip tcp adjust-mss 1452

this needs to be on an actual interface..





try this...............

interface FastEthernet1
ip address 20.0.0.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip route-cache flow
ip tcp adjust-mss 1452

hook your laptop up to a switch or hub connected to this port.

you say you are getting a dhcp address from the internal network..........why?

you say that you want to get on the Internet using this router, but you do not have an external/Internet interface configured....... will you be getting a dhcp (or pppoe) address from the Internet?


you need to set up your Internet interface and configure NAT in order to get on the Internet. I suggest that you use private internal addressing instead of 20.x.x.x on the inside. believe me it will come back to haunt you if you don't.
10.0.0.0/8 - break it down however you want
172.16.0.0/12 - break it down however you want
192.168.0.0/16 - break it down however you want

leave SDM alone and start here.......

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094e77.shtml#topic4

-gC-

 

[jmsabatini]

I was on the phone with a Cisco tech for about 2 hours. You know what the problem finally turned out to be? Proxy ARP had to be turned on for both interfaces. Once that was done, everything worked perfectly. I don't pretend to understand why this setting is necessary.

Thanks again for your responses.