Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

NAT Problem? What am I missing? 1

Status
Not open for further replies.

Volz

Technical User
Nov 12, 2010
12
US
I'm helping a friend with his new small office network. Replacing linksys home router with Cisco 2801. He has x2 bonded T1''s to a Cisco 1700(csu/dsu)216.37.xx.37 not config. for router. This is the ISP's equipment. 1700, currently connects to the linksys (216.37.xx.38). The 2801 will simply replace the linksys. so I have just given the 2801 all the static info from the linksys WAN & LAN interfaceS. I've config's NAT and when I hooked up the 2801 I could ping all the way to the 1700 (csu/dsu) and I see translations via the ip nat translations command, but I cannot ping the dns servers or get onto the internet. Can someone please look at the current running config.Also, when the 2801 (216.37.xx.38)connected to the csu/dsu (216.37.xx.37) an error message comes up on the 2801 for a double 216.37.xx.37 addy, the 1700 csu/dsu is the only .37 address config'd!! Any help is much appreciated. Thx

Current configuration : 2128 bytes
!
version 12.4
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname TrueWirelessR1
!
boot-start-marker
boot-end-marker
!
enable secret 5 $xxxxxxxxxxx
enable password 7 xxxxxxxxxx
!
no aaa new-model
clock timezone CST -6
clock summer-time CDT recurring
dot11 syslog
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1 192.168.1.10
!
ip dhcp pool TrueWirelessNetwork
default-router 192.168.1.1
!
ip dhcp pool TrueWirelessLAN
network 192.168.1.0 255.255.255.0
dns-server 216.37.64.2 216.37.64.3
default-router 192.168.1.1
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
voice-card 0
!


archive
log config
hidekeys
!

!
!
interface FastEthernet0/0
description Fa 0/0 to TrueWireless LAN
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
description Fa0/1 to WAN T1
ip address 216.37.xx.38 255.255.255.252
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
ip default-gateway 216.37.xx.37
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 216.37.xx.37
!
!
ip http server
no ip http secure-server
ip nat inside source list 1 interface FastEthernet0/1 overload
ip nat inside source static tcp 192.168.1.5 80 216.37.xx.37 80 extendable
ip nat inside source static tcp 192.168.1.5 110 216.37.xx.38 110 extendable
!
access-list 1 permit 192.168.1.0 0.0.0.255
!
!
!
!
!
!
control-plane
!
!
!
gateway
timer receive-rtp 1200
!
!

line con 0
exec-timeout 0 0
password 7
logging synchronous
login
line aux 0
line vty 0 4
password 7
login
!
scheduler allocate 20000 1000
end


 
Hey, you're causing the IP conflict with this line
ip nat inside source static tcp 192.168.1.5 80 216.37.xx.37 80 extendable


216.37.xx.37 is virtualized in the arp table and exist twice on the segment between you and the ISP.

maybe your intention is to port map both 80 and 110 to 192.168.1.5.

use this
216.37.xx.38 is virtualized in the arp table and exist twice on the segment between you and the ISP.


 
my paste error

Hey, you're causing the IP conflict with this line
ip nat inside source static tcp 192.168.1.5 80 216.37.xx.37 80 extendable


216.37.xx.37 is virtualized in the arp table and exist twice on the segment between you and the ISP.

maybe your intention is to port map both 80 and 110 to 192.168.1.5.

use this
ip nat inside source static tcp 192.168.1.5 80 216.38.xx.37 80 extendable
 
Yea, I thought I needed that command for remote access to the server.
 
The 216.37.xx.37 is the addy for the csu/dsu and .38 is the WAN side on 2801. I didn't see a difference between the line I had for the static NAT and the one you just gave. Am I missing something? Other than that, do you see anything else wrong with my config? I excluded dhcp addys .1-.10 so that dhcp wouldn't assign those addresses to any other host. .1 is the LAN side of the 2801 .3 is a VLAN on a Cisco switch, .5 for a server, and the rest for another switch and some other things. They are going to have a VOIP sever for Cisco IP phones, but I have no idea how to hook that stuff up and I just recently began to get into networking. Thanks for your help.
 
Anyone else? I'm getting ready to go to the office to
implement "Ru55ell" solution and would appreciate other suggestions or confirmations. BTW,Ru55ell thank you and will let you know if it worked. I'm thinking about bringing it home and just change the address info and see if it works on my home network.
 
ip nat inside source static tcp 192.168.1.5 80 216.38.xx.38 80 extendable

me thinks his copy/pasta failed again ...



We must go always forward, not backward
always up, not down and always twirling twirling towards infinity.
 
Ru55ell, did a no ip virtual-reassembly command and it works great now. Thx!
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top