NAT config Highlighted

Created Oct 09, 2014 04:17:29Latest reply Oct 16, 2014 19:55:34 1978 6 0 0

kindly assist in configuring NAT on AR1200.. I have followed the documentation and NAT has failed to work


I have attached my config  kindly check what I am missing.

regards

Justus

This article contains more resources

You need to log in to download or view. No account?Register

x
  • x
  • convention:

justusmusau  Novice   Created Oct 16, 2014 19:55:34 Helpful(0) Helpful(0)

Resolved by  


enabling ip soft-forward enhance enable

  • x
  • convention:

Jon_TX  Novice   Created Oct 09, 2014 04:46:33 Helpful(0) Helpful(0)

it looks like your WAN ip address is /30 ( 197.254.50.94 255.255.255.252 ), and your nat address group is on different subnet.

you might want to make sure your nat address group is being routed from the ISP.



  • x
  • convention:

justusmusau  Novice   Created Oct 09, 2014 15:29:28 Helpful(0) Helpful(0)

it is   routed  as per the stats below


core1.fmt1.he.net> ping 197.254.122.14 numeric count 5
  Sending 5, 16-byte ICMP Echo to 197.254.122.14, timeout 5000 msec, TTL 64
Reply from 197.254.122.14  : bytes=16 time=336ms TTL=245
Reply from 197.254.122.14  : bytes=16 time=327ms TTL=245
Reply from 197.254.122.14  : bytes=16 time=323ms TTL=245
Reply from 197.254.122.14  : bytes=16 time=324ms TTL=245
Reply from 197.254.122.14  : bytes=16 time=324ms TTL=245
Success rate is 100 percent (5/5), round-trip min/avg/max=323/326/336 ms.
# Entry cached for another 58 seconds.

#################

<HOLMES_CORE_ROUTER>ping -a 192.168.20.1 197.254.50.93               
  PING 197.254.50.93: 56  data bytes, press CTRL_C to break
    Request time out
    Request time out
    Request time out
    Request time out
    Request time out

  --- 197.254.50.93 ping statistics ---
    5 packet(s) transmitted
    0 packet(s) received
    100.00% packet loss




or what is the best way to test.


thanks



  • x
  • convention:

Jon_TX  Novice   Created Oct 09, 2014 22:14:16 Helpful(0) Helpful(0)

I am not sure why you're pinging 197.254.122.14.

your nat address group is from .10 to .11.

when someone tries to ping .10 or .11 from outside, it needs to be able to reach your AR1200 router.


  • x
  • convention:

justusmusau  Novice   Created Oct 10, 2014 14:04:51 Helpful(0) Helpful(0)

Reply 4 #

This was to confirm the subnet is routed via the 197.254.50.94  and I had configured an loop back interface on the  router to test.

interface LoopBack0

 ip address 197.254.122.14 255.255.255.255 


Do you mind getting remote access to the router and see.


thanks,



  • x
  • convention:

justusmusau  Novice   Created Oct 10, 2014 14:15:16 Helpful(0) Helpful(0)

 sysname HOLMES_CORE_ROUTER
#
 snmp-agent local-engineid 800007DB03E468A39A449A
 snmp-agent
#
 http timeout 3
#
 drop illegal-mac alarm
#
vlan batch 10 200 300 4092
#
 wlan ac-global carrier id other ac id 0
#
set transceiver-monitoring disable
#
pki realm default
 enrollment self-signed
#
#
acl number 2000  
acl number 2001  
 rule 5 permit source 10.0.0.0 0.0.0.255
#                                         
acl number 3180  
 rule 5 permit ip source 192.168.20.0 0.0.0.255
#
aaa
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user admin service-type http
#
firewall zone Local
 priority 16
#
 nat alg dns enable
 nat alg ftp enable
 nat alg rtsp enable
 nat alg sip enable
 #
 nat address-group 1 197.254.122.10 197.254.122.11
 nat address-group 2 197.254.122.12 197.254.122.13
#
interface Vlanif200                       
 ip address 197.254.122.9 255.255.255.248
 nat outbound 3180 address-group 1
#
interface Vlanif300
 ip address 192.168.20.1 255.255.255.0
#
interface Vlanif4092
#
interface Ethernet0/0/0
 port link-type trunk
 port trunk allow-pass vlan 200 300
#
interface Ethernet0/0/1
 port link-type access
 port default vlan 300
#
interface Ethernet0/0/2
#
interface Ethernet0/0/3
#
interface Ethernet0/0/4
#
interface Ethernet0/0/5
#                                         
interface Ethernet0/0/6
#
interface Ethernet0/0/7
#
interface GigabitEthernet0/0/0
 ip address 197.254.50.94 255.255.255.252
#
interface GigabitEthernet0/0/1
 auto duplex full
#
interface Cellular0/0/0
 link-protocol ppp
#
interface Cellular0/0/1
 link-protocol ppp
#
interface NULL0
#
interface LoopBack0
#
ip route-static 0.0.0.0 0.0.0.0 197.254.50.93
#
user-interface con 0
 authentication-mode password             
 set authentication password cipher %$%$_N{v3&[,HU@NBk$CEyL),.(A=L;lBFecA:<MIm'Sg3F*.(D,%$%$
user-interface vty 0 4
 authentication-mode password
 user privilege level 3
 set authentication password cipher %$%$5@kr/3d4tE7iQX&CB1J>&^m7BQt>!`gr+1P#"z@s-Q7V^m:&%$%$
#
port-group ethernet1
#
port-group gigabitethernet
#
port-group l2
#
port-group vlan
#
wlan ac
#
  • x
  • convention:

Responses

Reply
You need to log in to reply to the post Login | Register

Notice:To ensure the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but not limited to politically sensitive content, content concerning pornography, gambling, drug abuse and trafficking, content that may disclose or infringe upon others' intellectual properties, including commercial secrets, trade marks, copyrights, and patents, and personal privacy. Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see“ Privacy Policy.”
If the attachment button is not available, update the Adobe Flash Player to the latest version!
Fast reply Scroll to top