Cisco 1800 NAT configuration

Question

I have Cisco 1812 router which I would like to setup as our office internet gateway. Although I followed guides on Cisco web site, I cannot get NAT to work.

My problem is that NAT is not happening, and I cannot get why.

When I connect to router, I get IP address from DHCP, and I can ping both local interface IP (192.168.210.254) and public IP (212.94.196.71 slightly changed), but I cannot get pass to internet. I cannot ping default gateway from machine connected to local interface, but I can ping it from the router itself, as well as any site on the internet.

Lastly, show ip nat translations is showing empty list.

What am I doing wrong?

Here is my configuration

Current configuration : 2022 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname router
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$FXW9$XXXXXXXXXXXXXXXXXXX.
!
no aaa new-model
!
resource policy
!
no ip routing
!
!
no ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.210.240 192.168.210.254
ip dhcp excluded-address 192.168.210.1 192.168.210.4
!
ip dhcp pool lan1
   network 192.168.210.0 255.255.255.0
   dns-server 192.168.210.100
   default-router 192.168.210.254
   domain-name mydomain.com
!
ip name-server 210.127.96.3
ip name-server 210.127.96.4
!
interface FastEthernet0
 ip address 192.168.210.254 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 no ip route-cache
 speed auto
 full-duplex
!
interface FastEthernet1
 ip address 212.94.196.71 255.255.255.240
 ip nat outside
 ip virtual-reassembly
 no ip route-cache
 duplex auto
 speed auto
!
interface BRI0
 no ip address
 encapsulation hdlc
 no ip route-cache
 shutdown
!
interface FastEthernet2
 shutdown
!
interface FastEthernet3
 shutdown
!
interface FastEthernet4
 shutdown
!
interface FastEthernet5
 shutdown
!
interface FastEthernet6
 shutdown
!
interface FastEthernet7
 shutdown
!
interface FastEthernet8
 shutdown
!
interface FastEthernet9
 shutdown
!
interface Vlan1
 ip address 192.168.1.254 255.255.255.0
 no ip route-cache
!
interface Vlan10
 ip address 10.28.10.254 255.255.255.0
 no ip route-cache
!
interface Vlan11
 ip address 10.1.11.254 255.255.255.0
 no ip route-cache
!
interface Vlan55
 ip address 10.28.55.254 255.255.255.0
 no ip route-cache
!
ip default-gateway 212.94.196.65
!
!
no ip http server
no ip http secure-server
ip nat pool ovrld 212.94.196.71 212.94.196.71 prefix-length 28
!
access-list 7 permit 192.168.210.0 0.0.0.31
snmp-server community public RO
!
control-plane
!
line con 0
line aux 0
line vty 0 4
 login
!
!
webvpn context Default_context
 ssl authenticate verify all
 !
 no inservice
!
end

This seems like more of a http://serverfault.com/ question since it is about network engineering and not about software... — voidlogic, Nov 12 '13 at 20:10
You are right. Is there a way to move question serverfault ? — Marko, Nov 13 '13 at 08:48

score 0 · Accepted Answer · edited Nov 13 '13 at 21:29

0

You forgot enable translation of inside source addresses.

ip nat inside source { list <acl> pool <name> [overload] |
static <local-ip><global-ip> }

I see you already have an access-list so (according to your private addressing) in global config add:

ip nat inside source list 7 pool ovrld

Additional Edit: With IP routing enabled ip routing it works

edited Nov 13 '13 at 21:29

Marko

115
4

answered Nov 12 '13 at 20:06

kozooh

2,035
1
21
31

Thanks, I don't know how I lost the statement, since in one of the tries I did had it. Still the problem remains, I cannot ping except to public interface IP, and I don't see the nat translation with command `show ip nat translations` – Marko Nov 13 '13 at 08:47
Probably, because of one public IP address you got, you have to deploy PAT (Port Address Translation). Delete "ip nat pool ovrld 212.94.196.71 212.94.196.71 prefix-length 28" and put "ip nat inside source list 7 interface FastEthernet1 overload" instead. – kozooh Nov 13 '13 at 17:05
Thanks for the advice. I tried it but still no results. It's so frustrating - I thought it will be a simple thing to do. I must be missing some simple clause, but I cannot get to it. One thing that puzzles me is why am I able to reach public interface at all? Is it normal that router is allowing traffic by default from Fe0 to Fe1? – Marko Nov 13 '13 at 17:34
Why do you have routing disabled? Reenable it ("ip routing) and it should works. You can also reenable cef ("ip cef"). – kozooh Nov 13 '13 at 20:40

score 0 · Answer 2 · answered Jan 31 '16 at 01:22

0

Your DHCP is for the lower subnet and your gateway is in another subnet the top .224-254

your nat list is for the .0 subnet

answered Jan 31 '16 at 01:22

BrianB

133
1
12

Cisco 1800 NAT configuration

2 Answers2