CIsco NAT Problem

scottsmith111 · Jun 25, 2002

I'm hoping someone can help me on this. I have installed a CISCO 804 ISDN Router at my mother's home. The IP address of the router on the internal network is 192.168.1.1. There are two workstations, 192.168.1.2 and 192.168.1.3. I setup the router using the ConfigMaker utility because my grasp of IOS is not that great. This generates an IOS command script that works great for general Internet browsing and e-mail. The router get's the public IP address and the workstations NAT out to the Internet just fine. BUT, I want to be able to activate my mother's ViaVideo VideoPhone so we can use that to communicate. Here are the NAT commands that worked before:

ip nat inside source static tcp 192.168.1.3 3235 207.65.178.0 3235
ip nat inside source static tcp 192.168.1.3 3234 207.65.178.0 3234
ip nat inside source static tcp 192.168.1.3 3233 207.65.178.0 3233
ip nat inside source static tcp 192.168.1.3 3232 207.65.178.0 3232
ip nat inside source static tcp 192.168.1.3 3231 207.65.178.0 3231
ip nat inside source static tcp 192.168.1.3 3230 207.65.178.0 3230
ip nat inside source static udp 192.168.1.3 3235 207.65.178.0 3235
ip nat inside source static udp 192.168.1.3 3234 207.65.178.0 3234
ip nat inside source static udp 192.168.1.3 3233 207.65.178.0 3233
ip nat inside source static udp 192.168.1.3 3232 207.65.178.0 3232
ip nat inside source static udp 192.168.1.3 3231 207.65.178.0 3231
ip nat inside source static udp 192.168.1.3 3230 207.65.178.0 3230
ip nat inside source static tcp 192.168.1.3 3603 207.65.178.0 3603
ip nat inside source static tcp 192.168.1.3 1503 207.65.178.0 1503
ip nat inside source static tcp 192.168.1.3 1720 207.65.178.0 1720
ip nat inside source static tcp 192.168.1.3 5900 207.65.178.0 5900
ip nat outside source static tcp 207.65.178.0 3235 192.168.1.3 3235
ip nat outside source static tcp 207.65.178.0 3234 192.168.1.3 3234
ip nat outside source static tcp 207.65.178.0 3233 192.168.1.3 3233
ip nat outside source static tcp 207.65.178.0 3232 192.168.1.3 3232
ip nat outside source static tcp 207.65.178.0 3231 192.168.1.3 3231
ip nat outside source static tcp 207.65.178.0 3230 192.168.1.3 3230
ip nat outside source static udp 207.65.178.0 3235 192.168.1.3 3235
ip nat outside source static udp 207.65.178.0 3234 192.168.1.3 3234
ip nat outside source static udp 207.65.178.0 3233 192.168.1.3 3233
ip nat outside source static udp 207.65.178.0 3232 192.168.1.3 3232
ip nat outside source static udp 207.65.178.0 3231 192.168.1.3 3231
ip nat outside source static udp 207.65.178.0 3230 192.168.1.3 3230
ip nat outside source static tcp 207.65.178.0 3603 192.168.1.3 3603
ip nat outside source static tcp 207.65.178.0 1503 192.168.1.3 1503
ip nat outside source static tcp 207.65.178.0 1720 192.168.1.3 1720

(Note: I've replaced the last digit in the public IP address to .0 in all cases here for security.)

When I put this into the router, Internet access is disabled on the workstations and the ViaVideo does not work. Here is the IOS script that is generated by ConfigMaker (passwords and usernames converted to ****:

!
version 12.0
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname ****
!
enable password *****
!
!
dial-peer voice 1 pots
no call-waiting
ring 0
port 1
destination-pattern ****
!
dial-peer voice 2 pots
call-waiting
ring 0
port 2
destination-pattern ****
!
pots country US
ip subnet-zero
!
no ip domain-lookup
isdn switch-type basic-ni
!
!
!
interface Ethernet0
description connected to EthernetLAN
ip address 192.168.1.1 255.255.255.0
no ip directed-broadcast
ip nat inside
!
interface BRI0
description connected to Internet
no ip address
no ip directed-broadcast
ip nat outside
encapsulation ppp
dialer rotary-group 1
isdn switch-type basic-ni
isdn spid1 ***
isdn spid2 ***
isdn voice-priority *** out always
isdn voice-priority *** in always
isdn voice-priority *** out always
isdn voice-priority *** in off
isdn incoming-voice modem
no cdp enable
!
interface Dialer1
description connected to Internet
ip address 207.65.178.0 255.255.255.0
no ip directed-broadcast
ip nat outside
encapsulation ppp
no ip split-horizon
dialer in-band
dialer idle-timeout 300
dialer string ****
dialer hold-queue 10
dialer load-threshold 1 outbound
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname *****
ppp chap password ****
ppp pap sent-username **** password ****
ppp multilink
!
router rip
version 2
passive-interface Dialer1
network 192.168.1.0
no auto-summary
!
ip nat inside source list 1 interface Dialer1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
!
access-list 1 permit 192.168.1.0 0.0.0.255
dialer-list 1 protocol ip permit
snmp-server location ****
snmp-server contact ****
!
line con 0
exec-timeout 0 0
password ****
login
transport input none
stopbits 1
line vty 0 4
password ****
login
!
end

Can anyone tell me what I need to change/add in my special NAT section to make this work? Any help would be GREATLY appreciated!

Guest_imported · Jun 25, 2002

Remove NAT from the outside interface and all forwards that begin with ' ip nat outside source static '

That should solve your problem.

sunyasee · Jun 27, 2002

Looks like all you need to do is change the 'outside source static' to 'inside source static' Command should match the the following......

ip nat INSIDE source static <internal IP> <external IP> ----

Sunyasee B-)

Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

CIsco NAT Problem

scottsmith111

Technical User

Guest_imported

New member

sunyasee

ISP

Similar threads

Part and Inventory Search

Sponsor