NAT Cisco Configuration / Newbie

[ecg]

Hello, I am brand new to cisco router configuration and could use a little advice if someone is willing to help me. Below I have described the details in hopes of answering any questions you may have.

Router: Cisco 1600
Interfaces: Ethernet 0 and Ethernet 1
One Static IP: 64.48.254.173
Name Server: 4.24.15.216

We have several T1's running into the main computer office, however at my location I only have access to a 10 port switch box in which we have 6 windows machines actively running a static IP of their own. What I would like is to configure NAT and use 1 IP for the external address and run 192.168.1.1 to 192.168.1.6 for the six machines internally.

I have purchased the Cisco IOS in a nutshell book about 48 hours ago so please understand that I am not looking for the easy way out here --- I am definately willing to learn.

Where I am at now:

I have both interface eth0 and interface eth1 connected to the switch box and both are successfully pinging, but I am quite lost on where to go from here...

If someone could drop me a basic configuration file for the information listed above it would be greatly appreciated.

Thank you in advance,

ECG

 

[hsh2hsh]

First , build a access-list:
access-list 1 permit 192.168.1.0 0.0.0.255

and then,create a NAT pool:
ip nat pool mynat <your ISP ip address range>

then, define the NAT rule:
ip nat inside source list 1 pool mynat (overload)

after that, assign the pool to your interface
int e0
ip nat inside
int e1
ip nat outside

That's all. Good luck!

 

[ChrisAC]

You can just NAT all traffic from one interface to the address of the other interface.

So, lets say that eth0 is your private LAN on 192.168.1.0 /24 and eth1 has your one static IP on 64.48.254.173.

interface etho
ip address 192.168.1.1 255.255.255.0
ip access-group 105 in
ip nat inside
speed auto
no cdp enable
!
interface eth1
ip address 64.48.254.173 255.255.255.252 <??>
ip nat outside
speed auto
no cdp enable
!
ip nat translation timeout 3600
ip nat inside source list 5 interface eth1 overload
!
access-list 5 permit 192.168.1.0 0.0.0.255
!
access-list 105 permit ip 192.168.1.0 0.0.0.255 any
access-list 105 deny ip any any log
!

Chris.
**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************

 

[ecg]

I really appreciate your help guys. I decided to work all day on this to see how far I could get before reposting for additional advice. Well, here is where I stand now!

From the Router Console:

I can ping the routers address = 64.48.254.173
I can ping the gateway address = 64.48.254.1
I can ping the 192.168.1.15 adddress = one windows machine I connected to the switch box.

From the windows machine:

I can ping the routers address = 64.48.254.173
I can ping the gateway address = 64.48.254.1

However, the windows machine won't connect to the Internet and will not let me access the web.

Below is the new configuration as I have (###) the areas in which the commands were not accepted when I tried to add them to the router. All others were added successfully

Any ideas on how to get the router to accept them ?


!
hostname Router
!
ip name-server 4.24.15.216
!
interface etho
ip address 192.168.1.1 255.255.255.0
ip access-group 105 in

!########## 3 commands below fail ####
ip nat inside
speed auto
no cdp enable
!################ END ################
!
interface eth1
ip address 64.48.254.173 255.255.255.0
!
!########## 5 commands below fail ####
!
ip nat outside
speed auto
no cdp enable
!
ip nat translation timeout 3600
ip nat inside source list 5 interface eth1 overload
!################ END ################
!
access-list 5 permit 192.168.1.0 0.0.0.255
!
ip default-gateway 64.48.254.1
access-list 105 permit ip 192.168.1.0 0.0.0.255 any
access-list 105 deny ip any any log
!

 

[ChrisAC]

Are you sure that you are entering the NAT commands under the interface configuration , eg.

collossus(config)#int fa0
collossus(config-if)#ip address 192.168.1.1 255.255.255.0
collossus(config-if)#ip access-group 105 in
collossus(config-if)#ip nat inside
collossus(config-if)#speed auto
collossus(config-if)#no cdp enable
collossus(config-if)#^Z
collossus#

Chris.
**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************

 

[ecg]

Yup, I am positive I am entering them under the interface configuration...

Below is the output I recieve:

========================================

Router(boot)#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(boot)(config)#int etho
Router(boot)(config-if)#ip address 192.168.1.1 255.255.255.0
Router(boot)(config-if)#ip access-group 105 in

Router(boot)(config-if)#ip nat inside
^
% Invalid input detected at '^' marker.

Router(boot)(config-if)#speed auto
^
% Invalid input detected at '^' marker.

Router(boot)(config-if)#no cdp enable
^
% Invalid input detected at '^' marker.

========================================

If I run this below I do not see &quot;NAT&quot; in the selection:

Router(boot)(config-if)#ip ?
address
unnumbered
broadcast-address
access-group
verify
helper-address
rarp-server
mask-reply
redirects
unreachables
directed-broadcast
proxy-arp
probe
accounting
mtu
security
route-cache
tcp

========================================

Also, &quot;SPEED&quot; is not recognizable as well:

Router(boot)(config-if)#speed ?
% Unrecognized command

========================================

And for &quot;no cdp enable&quot; this was the dropdown selection:

Router(boot)(config-if)#no ?
description
mac-address
mtu
transmit-interface
bandwidth
ip
arp
logging
load-interval
carrier-delay
delay
loopback
keepalive
shutdown
tx-queue-limit
media-type
timeout
random-detect
fair-queue
custom-queue-list
priority-group
traffic-shape

========================================


Hmmmmmm.... Whatcha think ?


ECG

 

[ChrisAC]

Hmmmm ... not sure! Compare your ip ? command to mine ..

collossus#conf t
Enter configuration commands, one per line. End with CNTL/Z.
collossus(config)#int fa0
collossus(config-if)#ip ?
Interface IP configuration subcommands:
access-group Specify access control for packets
accounting Enable IP accounting on this interface
address Set the IP address of an interface
authentication authentication subcommands
bandwidth-percent Set EIGRP bandwidth limit
bgp BGP interface commands
broadcast-address Set the broadcast address of an interface
cef Cisco Express Fowarding interface commands
cgmp Enable/disable CGMP
dhcp Configure DHCP parameters for this interface
directed-broadcast Enable forwarding of directed broadcasts
dvmrp DVMRP interface commands
hello-interval Configures IP-EIGRP hello interval
helper-address Specify a destination address for UDP broadcasts
hold-time Configures IP-EIGRP hold time
idle-group Specify interesting packets for idle-timer
igmp IGMP interface commands
irdp ICMP Router Discovery Protocol
load-sharing Style of load sharing
local-proxy-arp Enable local-proxy ARP
mask-reply Enable sending ICMP Mask Reply messages
mrm Configure IP Multicast Routing Monitor tester
mroute-cache Enable switching cache for incoming multicast packets
mtu Set IP Maximum Transmission Unit
multicast IP multicast interface commands
nat NAT interface commands
nbar Network-Based Application Recognition
nhrp NHRP interface subcommands
ospf OSPF interface commands
pgm PGM Reliable Transport Protocol
pim PIM interface commands
policy Enable policy routing
probe Enable HP Probe support
proxy-arp Enable proxy ARP
rarp-server Enable RARP server for static arp entries
redirects Enable sending ICMP Redirect messages
rgmp Enable/disable RGMP
rip Router Information Protocol
route-cache Enable fast-switching cache for outgoing packets
rsvp RSVP interface commands
rtp RTP parameters
sap Session Announcement Protocol interface commands
security DDN IP Security Option
split-horizon Perform split horizon
summary-address Perform address summarization
tcp TCP header compression and other parameters
unnumbered Enable IP processing without an explicit address
unreachables Enable sending ICMP Unreachable messages
urd Configure URL Rendezvousing
verify Enable per packet validation
vrf VPN Routing/Forwarding parameters on the interface
wccp WCCP interface commands

collossus(config-if)#speed ?
10 Force 10 Mbps operation
100 Force 100 Mbps operation
auto Enable AUTO speed configuration


What is your router IOS version. Do a &quot;sh ver&quot; and post the result.

eg.

collossus#sh ver
Cisco Internetwork Operating System Software
IOS (tm) C1700 Software (C1700-SY7-M), Version 12.2(8)T, RELEASE SOFTWARE (fc2)
TAC Support:

http://www.cisco.com/tac

Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Thu 14-Feb-02 03:41 by ccai
Image text-base: 0x80008108, data-base: 0x80B6B4F8

ROM: System Bootstrap, Version 12.0(3)T, RELEASE SOFTWARE (fc1)

collossus uptime is 7 minutes
System returned to ROM by power-on
System restarted at 23:56:13 UTC Thu Feb 27 2003
System image file is &quot;flash:c1700-sy7-mz.122-8.T.bin&quot;

Chris.
**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************

 

[rainman]

ecg -- you have a typo when you are trying to get into interface configuration mode:

Router(boot)#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(boot)(config)#int etho
Router(boot)(config-if)#ip address 192.168.1.1 255.255.255.0
Router(boot)(config-if)#ip access-group 105 in


Router(boot)(config)#int etho <----- Should be eth0 (zero)


-Rainman

 

[ChrisAC]

Ah ... well spotted rainman!

Chris.
**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************