Networking-forum.com

Cisco Routing and Switching • IP NAT inside source Static not working

2015-01-29

Hi fellow engineers,

Hope you could help me out in this problem.

This is just a simple static nat implementation but I couldn't make this work.

Kindly take note that I just changed the first 3 octets of the public ip addresses.

This is the static nat that doesn't work. this is found in the config below. ip nat inside source static 10.88.82.27 1.1.1.126

This router is a Cisco C867VAE-W-A-K9

THANKS SO MUCH

Please see the config below.

version 15.3
no service pad
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
!
hostname JP-RT1
!
boot-start-marker
boot-end-marker
!
aqm-register-fnf
!
enable secret 5 $1$PuQ8$MOI.WjwPslCgIi0krdAgh0
!
no aaa new-model
wan mode ethernet

!
!
!
ip dhcp excluded-address 10.88.81.1 10.88.81.100
ip dhcp excluded-address 10.88.81.246 10.88.81.255
ip dhcp excluded-address 192.168.88.1 192.168.88.10
ip dhcp excluded-address 192.168.88.246 192.168.88.255
!
ip dhcp pool MARKCOM_DHCP_WLAN
network 10.88.81.0 255.255.255.0
default-router 10.88.81.1
dns-server X.X.X.X
!
ip dhcp pool HDI-Guest
network 192.168.88.0 255.255.255.0
default-router 192.168.88.1
dns-server X.X.X.X
!
!
!
no ip domain lookup
ip domain name hdi.com
ip name-server 8.8.8.8
ip name-server X.X.X.X
ip cef
no ipv6 cef
!
!
!
!
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-2797460316
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2797460316
revocation-check none
rsakeypair TP-self-signed-2797460316
!
!
crypto pki certificate chain TP-self-signed-2797460316
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32373937 34363033 3136301E 170D3134 31313236 30393135
35315A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 37393734
36303331 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100D18F 4A89739D 3F76E250 98A3B010 F084AA0F AF0BED53 06CC2744 744DCC96
ECD5F567 A3C244F7 15B58F60 08033EA7 1BCF3A49 24295FD0 546EE7D6 BC0992A8
70AFAC88 F9A0FC52 F4F18EC2 435FB76A 95BCBE8A 60D68171 5B0CC447 6F2ECCA8
48680FF4 95F13417 D703BF4B 8C9FD7B6 D7EB3C0E 05E547DD ECB00102 F8D59813
90950203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 145A8A54 FD847C8F 5A55DC67 FAFD7318 E26A57AA 96301D06
03551D0E 04160414 5A8A54FD 847C8F5A 55DC67FA FD7318E2 6A57AA96 300D0609
2A864886 F70D0101 05050003 8181002B 039A4DA1 04B39609 53ACC1A4 B1BF3CF6
C60029D4 3FF2735D 6D8A8E0A 0839EE3D BBA17B38 AFB1840F FDAB54AD B5319BD8
175AEAAF 501E8CD1 476A2389 DFC95BF1 19228C02 7E168EDC D4AB5D53 96F7D627
06004E42 F8F00D91 B5642D97 60DFEAFE F1B8043B 28E27F4F 184E6474 D678428B
7CD40105 809B1B8B 41E2B976 0099EF
quit
!
!
username admin privilege 15 secret 5 $1$1yT6$GQiLg3lf3ny3Z878g.92Y0
!
!
controller VDSL 0
shutdown
!
ip ssh version 2
!
!
!
!
!
crypto isakmp policy 100
encr aes
authentication pre-share
group 2
crypto isakmp key p@ssw0rDhditechteam address 1.1.1.106
!
!
crypto ipsec transform-set HDITECHVPN esp-aes esp-sha-hmac
mode tunnel
!
!
!
crypto map HDITECH_IPSECVPN 100 ipsec-isakmp
set peer 1.1.1.106
set transform-set HDITECHVPN
match address VPN_ADDRESSES
!
!
!
!
!
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
!
interface Ethernet0
no ip address
shutdown
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface GigabitEthernet0
switchport mode trunk
no ip address
!
interface GigabitEthernet1
switchport access vlan 83
no ip address
spanning-tree portfast
!
interface GigabitEthernet2
description WAN - Internet DSL
ip address 1.1.1.125 255.255.255.0
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
crypto map HDITECH_IPSECVPN
!
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
switchport access vlan 81
no ip address
!
interface Vlan1
description Guest_WiFi
ip address 192.168.88.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Vlan80
description JP_VOIP_VLAN_80_GATEWAY
ip address 10.88.80.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Vlan81
description MARKCOM_VLAN_81_GATEWAY
ip address 10.88.81.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Vlan82
description ACC&SERVER_VLAN_82_GATEWAY
ip address 10.88.82.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Vlan83
description JP-RT1 MAANGEMENT IP
ip address 10.88.83.11 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
ip forward-protocol nd
ip http server
ip http secure-server
!
!
ip nat inside source list NAT_ADDRESSES interface GigabitEthernet2 overload
ip nat inside source static 10.88.82.27 1.1.1.126
ip route 0.0.0.0 0.0.0.0 1.1.1.1
!
ip access-list extended NAT_ADDRESSES
deny ip 10.88.80.0 0.0.3.255 10.88.40.0 0.0.7.255
permit ip 10.88.80.0 0.0.3.255 any
permit ip 192.168.88.0 0.0.0.255 any
ip access-list extended VPN_ADDRESSES
permit ip 10.88.80.0 0.0.3.255 10.88.40.0 0.0.7.255
!
!
!
!
line con 0
exec-timeout 5 0
logging synchronous
login local
no modem enable
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
stopbits 1
line vty 0 4
exec-timeout 5 0
logging synchronous
login local
transport input telnet ssh
!
scheduler allocate 60000 1000
!
end

Statistics: Posted by ddo36 — Wed Jan 28, 2015 10:06 pm