Trouble with Cisco 1600 doing NAT overload

I'm having a bit of trouble. Could someone look over my config and tell me what I have wrong?

Here is the scenario:

I can ping any ip address on the net. I can telnet, do DNS lookups, etc from the router itself. When I do a show ip nat trans I get lots of translations listed. (port 53 as expected when I do DNS lookups). According to the ISP, they see my packets go out, and come back, but they don't get back to the workstation. When I try to do a DNS lookup from any internal workstation, however, it fails. I can ping, but anything else doesn't come back to the workstation. It appears that ICMP packets come back fine, but UDP and TCP packets have trouble, but I don't see why. I don't see anything wrong with my config. I've tried several combinations with the access list and access group, but it doesn't seem to help. I've also tried different DNS servers to no avail. I have exactly the same problem when I setup a static NAT. I'm almost to the point of trying to find a different router and try it.

Anyway, here is my current config:

Current configuration : 1267 bytes ! version 12.2 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname rain-router ! enable secret 5 *** enable password *** ! ip subnet-zero ip dhcp excluded-address ip dhcp excluded-address ! ip dhcp pool lan-pool network default-router dns-server DNS1 DNS2 ! ! ! ! interface Ethernet0 ip address no ip redirects no ip proxy-arp ip nat inside no ip route-cache no cdp enable ! interface Serial0 no ip address shutdown ! interface Serial1 ip address [EXTERNAL IP] [EXTERNAL NETMASK] no ip redirects no ip proxy-arp ip nat outside no ip route-cache no fair-queue no cdp enable ! no ip route-cache no fair-queue no cdp enable ! ip nat inside source list 1 interface Serial1 overload ip classless ip route [NEXT HOP IP] permanent no ip http server ! access-list 1 permit ! ! line con 0 line vty 0 4 password **** login ! end

Reply to
Loading thread data ...

Disregard -- the problem turned out to be an access list on the ISPs router.


Reply to
chad Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.