We recently dug out an old Cisco 1841 to solve a need and have been in the process of trying to configure it appropriately. Admittedly, this is my first escapade into the land of Cisco Routing. I've been trying to piece together the correct NAT rules, but something just isn't right.
To give you a lay of the land, we have Outside Internet connection going into fa0/1. Then we have a Cisco Firewall going to fa0/0. Now, before I get too far, I know for a fact that the Cisco firewall is configured appropriately. The original router that was in place before we swapped it with the 1841 worked just fine. For those wondering, we were using an Edgemark router through a PBX provider that we no longer want to use. To fill the need for a router, we replaced the Edgemark router with this Cisco router.
Internet -> Cisco 1841 FA0/1 -> Cisco 1841 FA0/0 -> Cisco ASA 5520 Firewall -> Core Internal Switch
interface FastEthernet0/0
description $ETH-LAN$
ip address 67.xxx.xxx.177 255.255.255.240
ip nat inside
ip virtual-reassembly
no ip route-cache
duplex auto
speed auto
!
interface FastEthernet0/1
description $ETH-WAN$
ip address 65.yyy.yyy.150 255.255.255.252
no ip proxy-arp
ip nat outside
ip virtual-reassembly
no ip route-cache
speed 10
full-duplex
!
ip classless
ip route 0.0.0.0 0.0.0.0 65.yyy.yyy.149
!
no ip http server
no ip http secure-server
ip nat pool Net67 67.xxx.xxx.176 67.xxx.xxx.191 netmask 255.255.255.240
ip nat pool ovrld 67.xxx.xxx.178 67.xxx.xxx.178 prefix-length 24
ip nat inside source list 101 pool ovrld overload
ip nat outside source list 101 pool Net67 add-route
!
access-list 101 permit ip 67.xxx.xxx.176 0.0.0.15 any
Now, the nat rules that I have here are rules that I had pieced together off of sites such as ServerFault, Cisco Community, and other sources. I think something is wrong though.
Here are the issues:
- Devices on the inside can't see the internet.
- Though the router CAN ping 8.8.8.8 from itself.
- Traffic on the outside going to the inside public IP's can't get through.
Any help would be appreciated.
Thanks!
EDIT: A Previous config that I also tried, which also did not work was this.
interface FastEthernet0/0
description $ETH-LAN$
ip address 67.xxx.xxx.177 255.255.255.240
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
description $ETH-WAN$
ip address 65.yyy.yyy.150 255.255.255.252
no ip proxy-arp
ip nat outside
ip virtual-reassembly
no ip route-cache
speed 10
full-duplex
!
ip route 0.0.0.0 0.0.0.0 65.yyy.yyy.149
!
no ip http server
no ip http secure-server
ip nat inside source route-map nonat interface FastEthernet0/1 overload
!
access-list 101 permit ip 67.xxx.xxx.176 255.255.255.240 any
route-map nonat permit 10
match ip address 101
Best Answer
first of all you have a duplex mix match. if you are wanting to do at test to make your configuration work i would recommend that you make both interfaces duplex auto (in addition to your speed). i would also change your inside outside overload statement to have your inside traffic pointing towards the outside interface. ie. ip nat inside source list 101 interface fastethernet 0/1 overload try this and see if it gets you access.... in 3 years