1. Home
  2. Cisco Systems
  3. PAT not working

PAT not working

Hi. I have a 1800 series router and a provider modem connected through a crossover cable and netmask of 255.255.255.252. I am given only one IP address that I will use in my router and also for PAT overloading. My configuration looks correct but it doesn't work. I will paste my full router config below, for sure I missed something and I hope you could figure out what is that. The access list 3 hit count is incrementing. Thanks.

! boot-start-marker boot-end-marker ! enable secret 5 enable password ! no aaa new-model ! resource policy ! mmi polling-interval 60 no mmi auto-configure no mmi pvc mmi snmp-timeout 180 ip subnet-zero no ip source-route ip cef ! ! no ip dhcp use vrf connected ! interface FastEthernet0/0 ip address 209.1.1.2 255.255.255.252 ( this is not my real ip!!) no ip proxy-arp ip nat outside speed 100 full-duplex no cdp enable no mop enabled ! interface FastEthernet0/1 ip address 10.0.0.1 255.255.255.0 no ip proxy-arp ip nat inside speed 100 full-duplex no cdp enable ! ip classless ip route 0.0.0.0 0.0.0.0 209.1.1.1 ! no ip http server ip nat inside source list 3 interface FastEthernet0/0 overload ! access-list 3 permit 10.0.0.0 0.0.0.255 log ! control-plane ! ! line con 0 line aux 0 line vty 0 4 password login ! no process cpu extended no process cpu autoprofile hog end

Reply to
Spider007
Loading thread data ...

Can you ping the internet from the router? try 4.2.2.2 Config looks fine. 99% of the time the cable modem needs to be powered off for 2 minutes before patching another device such as a new router in to clear the arp table.

Reply to
Brian V

Yes I can ping the net. When I connect a computer instead of the router and take the same global id, I can go anywhere. Now I am using a Wingate proxy and it's ok and all users are getting through it, but I don't want this setup.

Could my provider be blocking PAT ports? or do I have a software bug or insuffiecient router memory? My IOS is version 12.4

Reply to
Spider007

When you connected your computer to the modem did you use the

255.255.255.252 subnet? Have you tried setting it to 255.255.255.0?
Reply to
Matt nickerson

(snip)

What ports are you redirecting? There's no PAT statement's in the configuration. You need something like:

ip nat inside source static tcp (address) (port a) int fa0/0 (port b)

to tell IOS that you want to redirect (port b) from the internet to (port a) on (address) on the internal network.

Just the statement you're using above will only give you outbound NAT - i.e from the internal network you can browse the internet, but it will not bring the internet to your network

Reply to
Jonathan Wright

Thanks Jonathan. Actually we only need at the moment to browse the net which we can't do. Later on we will start hosting a couple of servers.

Reply to
Spider007

When you said you can ping the next, was that from the LAN or from the Router?

Reply to
Jonathan Wright

I meant that I could ping from the router using as a source the outside interface (209.1.1.2). From the inside network strangely only the name resolutions seems to work for few minutes after reloading the router. When I ping from the LAN, I will get the IP address but the ping times out, at such times when I issue the command "show ip nat trans" I get the following result, (I replaced my real DNS server with

66.218.71.63), 10.0.0.2 is the computer at my LAN configured as 10.0.0.2/24 gateway 10.0.0.1 DNS 66.218.71.63. After two or three mins when I ping from the LAN, name will no longer be resolved.

Router#show ip nat translations Pro Inside global Inside local Outside local Outside global udp 209.1.1.2:1233 10.0.0.2:1233 66.218.71.63:53

66.218.71.63:53
Reply to
Spider007

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.