NAT not translating 2

[pndb84]

Can someone please help me find the issue with following simple nat transtions. I can ping everywhere from router itself but can't get internet work from PCs.
What am I missing ?



Router#show run
Building configuration...

Current configuration : 1065 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
!
!
ip cef
ip name-server 68.1.xx.xx
ip name-server 68.1.xx.xx
no ip dhcp use vrf connected
!
ip dhcp pool dhcppool
network 10.0.0.0 255.255.0.0
default-router 10.0.0.1
dns-server 68.1.xx.xx 68.1.xx.xx
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Ethernet1/0
ip address 10.0.0.1 255.255.0.0
ip nat inside
ip virtual-reassembly
full-duplex
!
interface Ethernet1/1
ip address 192.168.15.2 255.255.255.0
ip nat outside
ip virtual-reassembly
full-duplex
!
ip default-gateway 192.168.15.1
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 192.168.15.1
!
!
ip nat pool natpool 192.168.15.2 192.168.15.2 netmask 255.255.255.0
ip nat source list 1 pool natpool overload
!
access-list 1 permit 10.0.0.0 0.0.255.255
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
login
!
!
end

Router#



Router#show ip nat st
Router#show ip nat statistics
Total active translations: 0 (0 static, 0 dynamic; 0 extended)
Outside interfaces:
Ethernet1/1
Inside interfaces:
Ethernet1/0
Hits: 0 Misses: 0
CEF Translated packets: 0, CEF Punted packets: 0
Expired translations: 0
Dynamic mappings:
-- Outside Destination
[Id: 1] access-list 1 pool natpool refcount 0
pool natpool: netmask 255.255.255.0
start 192.168.15.2 end 192.168.15.2
type generic, total addresses 1, allocated 0 (0%), misses 0
Queued Packets: 0
Router#

 

[ISPKing]

Remove this:ip nat pool natpool 192.168.15.2 192.168.15.2 netmask 255.255.255.0
ip nat source list 1 pool natpool overload

just type: ip nat inside source list 1 interface Ethernet1/1 overload

CCNP

 

[QuinceOcha]

You need to replace "ip nat source list 1 pool natpool overload" with "ip nat inside source list 1 pool natpool overload

 

[pndb84]

Thank you guys for your responces. I'll try both settings out this weekend and will post an update.

Again, Thank you for helping me out....

 

[pndb84]

Now getting input errors on WAN interface....I am guessing its hardware issue...anyone with suggestion ?
DUP is full though


Ethernet1/1 is up, line protocol is up
Hardware is AmdP2, address is 0050.7320.aa52 (bia 0050.7320.aa52)
Internet address is xx.xx.xx.xx/26
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,
reliability 253/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters 01:36:59
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 50000 bits/sec, 18 packets/sec
5 minute output rate 12000 bits/sec, 7 packets/sec
283325 packets input, 269566626 bytes, 0 no buffer
Received 65337 broadcasts, 0 runts, 0 giants, 0 throttles
9074 input errors, 9074 CRC, 4580 frame, 0 overrun, 0 ignored
0 input packets with dribble condition detected
165483 packets output, 26491393 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier

 

[Quadratic]

CRC's... It's a physical error. Confirm 100% that speed/duplex is consistent on both sides, then look at replacing the cable or either end ( swap interfaces, if spare ports are available) until the problem is isolated. Usually just a duplex mismatch though.

CCNP, CCDP

 

[pndb84]

I've changed port and cable but still getting input errors and slow bandwidth...speedtest shows only 1.7 mg down and 1.8 up....when connected to linksys, speedtest shows 15mb down and 5 up. Anything wrong with my config ?

Router#sh run
Building configuration...

Current configuration : 3608 bytes
!
! Last configuration change at 18:03:25 SUMMER_ Sat Aug 14 2010
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime
service password-encryption
service udp-small-servers
service tcp-small-servers
service sequence-numbers
!
hostname Router
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 10 log
security passwords min-length 6
logging buffered 4096 debugging
logging console critical
enable secret 5 $xxxxx9xxxcdB/xxxxxeP0
enable password 7 xxxxxxxx
!
aaa new-model
!
!
aaa authentication login local_auth local
!
aaa session-id common
!
resource policy
!
clock timezone EST -5
clock summer-time SUMMER_TIME recurring 2 Sun Mar 2:00 2 Sun Nov 2:00
no ip source-route
no ip gratuitous-arps
!
!
ip cef
ip name-server xxx.xxx.xx.xx
ip name-server xx.xx.xxx.xx
no ip dhcp use vrf connected
!
ip dhcp pool LAB
network 10.1.0.0 255.255.0.0
default-router 10.1.0.1
dns-server xx.xx.xx.xx
lease 365
!
!
no ip bootp server
ip inspect audit-trail
ip inspect udp idle-time 1800
ip inspect dns-timeout 7
ip inspect tcp idle-time 14400
ip inspect name autosec_inspect cuseeme timeout 3600
ip inspect name autosec_inspect ftp timeout 3600
ip inspect name autosec_inspect http timeout 3600
ip inspect name autosec_inspect rcmd timeout 3600
ip inspect name autosec_inspect realaudio timeout 3600
ip inspect name autosec_inspect smtp timeout 3600
ip inspect name autosec_inspect tftp timeout 30
ip inspect name autosec_inspect udp timeout 15
ip inspect name autosec_inspect tcp timeout 3600
login block-for 1 attempts 10 within 1
!
!
username test password 7 11234679
archive
log config
logging enable
!
!
interface Ethernet1/0
bandwidth 10000000
ip address 10.1.0.1 255.255.0.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
full-duplex
no mop enabled
!
interface Ethernet1/1
bandwidth 10000000
shutdown
full-duplex
no mop enabled
!
interface Ethernet3/0
ip address xx.xx.xxx.x31 255.255.255.224
ip nat outside
ip virtual-reassembly
full-duplex
!
interface Ethernet3/1
ip address dhcp
shutdown
full-duplex
!
interface Ethernet3/2
ip address dhcp
shutdown
full-duplex
!
interface Ethernet3/3
ip address dhcp
shutdown
full-duplex
!
ip default-gateway xx.xx.xxx.xx
ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 xx.xx.xx.xx
!
!
ip nat inside source list 1 interface Ethernet3/0 overload
!
!
ip access-list extended autosec_firewall_acl
permit udp any any eq bootpc
permit ip any any
logging trap emergencies
logging facility local2
logging 10.1.0.7
logging 10.1.0.26
access-list 1 permit 10.1.0.0 0.0.255.255
access-list 100 permit udp any any eq bootpc
no cdp run
!

control-plane
!

banner motd ^C This router is property of test U
nauthorized person will be prosecuted. ^C
!
line con 0
exec-timeout 5 0
login authentication local_auth
transport output telnet
line aux 0
login authentication local_auth
transport output telnet
line vty 0 4
login authentication local_auth
transport input telnet
line vty 5 871
login authentication local_auth
transport input telnet
!
ntp clock-period 17179850
ntp server xx.xx.xx.xx
!
end

Router#




Ethernet3/0 is up, line protocol is up
Hardware is AmdP2, address is 0050.7320.aa70 (bia 0050.7320.aa70)
Internet address is xx.xx.xx.xx/27
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,
reliability 252/255, txload 1/255, rxload 4/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters 00:16:21
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 157000 bits/sec, 37 packets/sec
5 minute output rate 37000 bits/sec, 22 packets/sec
30065 packets input, 16710760 bytes, 0 no buffer
Received 14641 broadcasts, 0 runts, 0 giants, 0 throttles
719 input errors, 719 CRC, 379 frame, 0 overrun, 0 ignored
0 input packets with dribble condition detected
12886 packets output, 3408369 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
Router#

 

[Quadratic]

719 input errors, 719 CRC, 379 frame, 0 overrun, 0 ignored

Looks like a physical error. Are those errors incrementing with usage? Have you verified duplex settings between this router and the device beyond E3/0?

CCNP, CCDP

 

[Quadratic]

Sorry, just missed the top of your post.

It definitely does sound like a duplex error, though. E3/0 is hard-coded for full, but if the other side is a 10/100 port and set to autonegotiate, it'll go down to half duplex by default.

CCNP, CCDP

 

[pndb84]

Yes, it increases with usage. Other side is ISP though cable modem. confirmed with ISP, they are using full dup and mtu 1500.

 

[pndb84]

If I change dup to Half, input errors stop increasing BUT collision and deferred counters go up....

 

[Quadratic]

What are your speed tests like at half duplex? This will test a theory.

CCNP, CCDP

 

[pndb84]

changed dup to half but speed test (of 2 diff sites) shows only 3.5 down and 5.1 up. Upload showing fine but down is still much lower than bought....

 

[Quadratic]

If speeds increase when switching to half, and CRCs show up at full, these are both really good reasons to think the ISP has duplex at half or auto. With an E interface, you'll never get speeds over 10M, but I'm thinking if both sides go to full you should be able to do 10 down and 5 up. 15 down is impossible with that interface type, though, if that's the goal here.

CCNP, CCDP