IP Natting,Please help!!

[sogol]

I configured static natting in my router,to give a specific computer a registered IP address.
I see misses and Hits when I use sh ip nat statistics,but still I have no Internet in my computer,Is there any way that I can find out what is the problem.What it means when there are a lot of Hits and Misses??Is it right??

How should I solve this problem.

Thank you for your help.

 

[ntwrkrbkj]

Post your config, sogol.

 

[jeter]

Was NAT running prior? Like ntwrkrbkj advise post a config so we can review your programming....

Some people are like slinkies. Not really good for anything but they bring a smile to your face when pushed down the stairs.


Tek-TIP Member 19,650

 

[sogol]

The structure of my network is like this:

Modem ADSL--->RouterA--->LAN1--->RouterB--->LAN2

RouterA has registered IP address and Route my 2 other Registered ip to RouterB to be natted to 2 other devices in LAN2 which needs Internet.

Here is the configuration of RouterA:

Unauthorized Access Prohibited

User Access Verification

Password:
pstrouter>en
Password:
pstrouter#sh run
Building configuration...

Current configuration : 2068 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname pstrouter
!
enable secret 5 $1$cK9L$/UrPrByxPdhMkyPdQ354W1
enable password 7 071F205E5D1D1C09
!
no aaa new-model
ip subnet-zero
!
!
!
ip ssh break-string
mpls ldp logging neighbor-changes
!
!
!
no scripting tcl init
no scripting tcl encdir
!
!
!
!
!
!
!
!
!
no voice hpi capture buffer
no voice hpi capture destination
!
!
!
!
!
!
interface FastEthernet0/0
ip address 192.168.200.254 255.255.255.0
ip nat inside
speed auto
full-duplex
!
interface FastEthernet0/1
ip address 172.31.16.1 255.255.255.0 secondary
ip address 84.241.57.106 255.255.255.248
ip nat outside
duplex auto
speed auto
!
interface Serial2/0
no ip address
shutdown
clockrate 2000000
!
interface Serial2/1
ip address 192.168.1.1 255.255.255.252
!
interface Serial2/2
no ip address
shutdown
clockrate 2000000
!
interface Serial2/3
no ip address
shutdown
clockrate 2000000
!
interface Virtual-Template1
no ip address
no peer default ip address
no keepalive
ppp authentication pap chap ms-chap
!
ip http server
no ip http secure-server
ip classless
ip route 0.0.0.0 0.0.0.0 84.241.57.105
ip route 84.241.57.109 255.255.255.255 192.168.1.2
ip route 84.241.57.110 255.255.255.255 192.168.1.2
ip route 192.168.1.0 255.255.255.252 192.168.1.2
ip route 192.168.110.0 255.255.255.0 192.168.200.3
ip route 192.168.110.3 255.255.255.255 192.168.200.3
ip route 192.168.144.0 255.255.255.0 192.168.1.2
!
!
access-list 1 permit 192.168.200.0 0.0.0.255
access-list 30 permit 192.168.144.0 0.0.0.255
access-list 101 permit tcp 192.168.200.0 0.0.0.255 any eq www
access-list 101 permit ip any any
snmp-server community p@r$teld0m@in RO
snmp-server enable traps tty
!
route-map isa permit 30
match ip address 30
set ip next-hop 192.168.1.2
!

!
banner motd ^C Unouthorized Access Prohibited ^C
alias exec br show ip interface brief
alias exec route show ip route
!
line con 0
line aux 0
line vty 0 4
password 7 1446412B00242D232D
login
!
!
!
end



And just to mention that this configuration used to be working but after disconnecting of ADSL modem about a day,even with reconfiguration there is no success for Internet even though I have Misses and Hits in my SH IP NAT Statistics.
Can you please tell me what Misses and Hits means and why the number of each of them is so high.

The configuration of RouterB is as follows:

pstrouter#192.168.1.2
Trying 192.168.1.2 ... Open


User Access Verification

Username: golpayegani
Password:

Jordan>8369754
Trying 8369754...
% Destination unreachable; gateway or host down
% Unknown command or computer name, or unable to find computer address
Jordan>en
Password:
Jordan#sh run
Building configuration...

Current configuration : 2793 bytes
!
version 12.3
service timestamps debug uptime
service timestamps log datetime msec localtime
service password-encryption
!
hostname Jordan
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$S4Io$G.xsDKDoSNPnlFlQPdw1A.
enable password 7 1518041E002B25
!
username golpayegani password 7 0501091D254D40
clock timezone IR 3 30
no network-clock-participate slot 1
no network-clock-participate wic 0
aaa new-model
!
!
aaa session-id common
ip subnet-zero
ip cef
!
!
!
ip flow-cache timeout active 1
vpdn-group 1
!
no ftp-server write-enable
!
!
!
!
interface Loopback0
no ip address
shutdown
!
interface FastEthernet0/0
ip address 192.168.144.10 255.255.255.0
ip nat inside
ip route-cache flow
speed auto
full-duplex
no cdp enable
no mop enabled
!
interface Serial0/0
ip address 192.168.1.2 255.255.255.252
ip nat outside
ip route-cache flow
no cdp enable
!
interface Serial0/1
no ip address
shutdown
no cdp enable
!
interface Virtual-Template1
no ip address
no peer default ip address
no keepalive
ppp authentication pap chap ms-chap
!
ip nat inside source static 192.168.144.5 84.241.57.109
ip nat inside source static 192.168.144.200 84.241.57.110
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0
ip route 192.168.110.0 255.255.255.0 192.168.144.2
ip route 192.168.200.0 255.255.255.0 Serial0/0
ip flow-export source FastEthernet0/0
ip flow-export version 5
ip flow-export destination 192.168.144.39 9996
no ip http server
!
no logging trap
access-list 101 deny 55 any any
access-list 101 deny 77 any any
access-list 101 deny udp any any eq tftp
access-list 101 deny udp any any eq 135
access-list 101 deny tcp any any eq 135
access-list 101 deny tcp any any eq 137
access-list 101 deny udp any any eq netbios-ns
access-list 101 deny udp any any eq netbios-dgm
access-list 101 deny tcp any any eq 138
access-list 101 deny tcp any any eq 139
access-list 101 deny udp any any eq netbios-ss
access-list 101 deny udp any any eq 136
access-list 101 deny tcp any any eq 136
access-list 101 deny tcp any any eq 445
access-list 101 deny tcp any any eq 593
access-list 101 deny udp any any eq 593
access-list 101 deny udp any any eq 445
access-list 101 deny udp any any range 990 1000
access-list 101 deny udp any any eq 8998
access-list 101 deny udp any any eq 4444
access-list 101 deny tcp any any eq 4444
access-list 101 deny tcp any any eq 1434
access-list 101 deny udp any any eq 1434
access-list 101 deny tcp any any range 3127 3198
access-list 101 permit ip any any
dialer-list 1 protocol ip permit
no cdp run
snmp-server community public RW
snmp-server ifindex persist
snmp-server enable traps tty
alias exec ct config term
alias exec sr show run
alias exec ver sh version
!
line con 0
line aux 0
line vty 0 4
!
!
!
end


I really appreciate any help and solution.

 

[plshlpme]

i would set it up to do all the natting on router1..
the natting on router2 is kinda sketchy.. you have the /29 on a physical interface but you are routing to /32s from that /29 over a different interface.

that may work as its a longer prefix but it really seems wrong to me.

so on router 1 i would do this:

conf t
no ip route 84.241.57.109 255.255.255.255 192.168.1.2
no ip route 84.241.57.110 255.255.255.255 192.168.1.2
ip nat inside source static 192.168.144.5 84.241.57.109
ip nat inside source static 192.168.144.200 84.241.57.110

on router 2
conf t
ip nat inside source static 192.168.144.5 84.241.57.109
ip nat inside source static 192.168.144.200 84.241.57.110