Cisco 1800 NAT configuration

StackOverflow https://stackoverflow.com/questions/19936183

Question

I have Cisco 1812 router which I would like to setup as our office internet gateway. Although I followed guides on Cisco web site, I cannot get NAT to work.

My problem is that NAT is not happening, and I cannot get why.

When I connect to router, I get IP address from DHCP, and I can ping both local interface IP (192.168.210.254) and public IP (212.94.196.71 slightly changed), but I cannot get pass to internet. I cannot ping default gateway from machine connected to local interface, but I can ping it from the router itself, as well as any site on the internet.

Lastly, show ip nat translations is showing empty list.

What am I doing wrong?

Here is my configuration

Current configuration : 2022 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname router
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$FXW9$XXXXXXXXXXXXXXXXXXX.
!
no aaa new-model
!
resource policy
!
no ip routing
!
!
no ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.210.240 192.168.210.254
ip dhcp excluded-address 192.168.210.1 192.168.210.4
!
ip dhcp pool lan1
   network 192.168.210.0 255.255.255.0
   dns-server 192.168.210.100
   default-router 192.168.210.254
   domain-name mydomain.com
!
ip name-server 210.127.96.3
ip name-server 210.127.96.4
!
interface FastEthernet0
 ip address 192.168.210.254 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 no ip route-cache
 speed auto
 full-duplex
!
interface FastEthernet1
 ip address 212.94.196.71 255.255.255.240
 ip nat outside
 ip virtual-reassembly
 no ip route-cache
 duplex auto
 speed auto
!
interface BRI0
 no ip address
 encapsulation hdlc
 no ip route-cache
 shutdown
!
interface FastEthernet2
 shutdown
!
interface FastEthernet3
 shutdown
!
interface FastEthernet4
 shutdown
!
interface FastEthernet5
 shutdown
!
interface FastEthernet6
 shutdown
!
interface FastEthernet7
 shutdown
!
interface FastEthernet8
 shutdown
!
interface FastEthernet9
 shutdown
!
interface Vlan1
 ip address 192.168.1.254 255.255.255.0
 no ip route-cache
!
interface Vlan10
 ip address 10.28.10.254 255.255.255.0
 no ip route-cache
!
interface Vlan11
 ip address 10.1.11.254 255.255.255.0
 no ip route-cache
!
interface Vlan55
 ip address 10.28.55.254 255.255.255.0
 no ip route-cache
!
ip default-gateway 212.94.196.65
!
!
no ip http server
no ip http secure-server
ip nat pool ovrld 212.94.196.71 212.94.196.71 prefix-length 28
!
access-list 7 permit 192.168.210.0 0.0.0.31
snmp-server community public RO
!
control-plane
!
line con 0
line aux 0
line vty 0 4
 login
!
!
webvpn context Default_context
 ssl authenticate verify all
 !
 no inservice
!
end
Was it helpful?

Solution

You forgot enable translation of inside source addresses.

ip nat inside source { list <acl> pool <name> [overload] |
static <local-ip><global-ip> }

I see you already have an access-list so (according to your private addressing) in global config add:

ip nat inside source list 7 pool ovrld

Additional Edit: With IP routing enabled ip routing it works

OTHER TIPS

Your DHCP is for the lower subnet and your gateway is in another subnet the top .224-254

your nat list is for the .0 subnet

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top