Questions

Cisco Point to Point T1 NAT Configuration Help

+
0 Votes
Locked

Cisco Point to Point T1 NAT Configuration Help

thallaran
I am trying to configure NAT on a point to point t1 between a branch office and our data center. I have a cisco 1721 in the branch office and a cisco 2801 in the data center. I can ping the 1721 from the 2801 and the 2801 from the 1721 over the line but from the 1721 in the branch office I cannot ping any hosts on the public internet beyond the 2801. From the 2801 I can ping hosts on the public internet directly. Anyone have and idea why I cannot access the public internet from the branch office when the 1721 and 2801 routers are configured as below? Any help would be greatly appreciated.

1721 from a branch office, running config:
Current configuration : 618 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname scrgr
!
enable password ******
!
ip subnet-zero
ip name-server 208.67.222.222
!
!
!
!
interface FastEthernet0
ip address 10.0.4.1 255.255.255.0
speed auto
no cdp enable
!
interface Serial0
ip address 10.0.3.2 255.255.255.0
service-module t1 clock source internal
no cdp enable
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0
ip http server
!
!
no cdp run
!
line con 0
line aux 0
line vty 0 4
password *******
login
!
end


2801 configuration at datacenter, running config:
Current configuration : 2188 bytes
!
version 12.4
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname condi
!
boot-start-marker
boot-end-marker
!
no logging buffered
enable secret 5 $1$WKdr$4Y0tH9wEWlhWgCsU4Jzye.
!
no aaa new-model
ip cef
!
!
no ip bootp server
ip domain name nabbr.com
ip name-server 208.67.220.220
ip name-server 208.67.222.222
!
username thyy privilege 15 password 7 ******
username nahhgg password 7 *****
!
!
ip tcp synwait-time 10
!
!
interface FastEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE0$$ES_LAN$$FW_INSIDE$
ip address 10.0.0.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip route-cache flow
duplex auto
speed auto
no mop enabled
!
interface FastEthernet0/1
description $ES_WAN$$FW_OUTSIDE$$ETH-WAN$
ip address 209.234.219.130 255.255.255.224
ip nat outside
ip nat enable
ip route-cache flow
duplex auto
speed auto
no mop enabled
!
interface Serial0/1/0
ip address 10.0.3.1 255.255.255.0
ip flow ingress
ip flow egress
ip nat inside
ip nat enable
ip route-cache flow
service-module t1 clock source internal
!
interface Serial0/2/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
!
ip route 0.0.0.0 0.0.0.0 209.234.249.129 permanent
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1
ip route 10.0.4.0 255.255.255.0 10.0.3.2
!
ip http server
ip http authentication local
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 7 interface Serial0/1/0 overload
!
logging trap debugging
access-list 7 permit 10.0.3.0 0.0.0.255
access-list 7 permit 10.0.4.0 0.0.0.255
no cdp run
!
control-plane
!
privilege exec level 3 show startup-config
privilege exec level 3 show
!
line con 0
password 7 ******
line aux 0
line vty 0 4
password 7 ******
login
!
scheduler allocate 20000 1000
end
  • +
    0 Votes
    bryan

    on the 1721 instead of:

    ip route 0.0.0.0 0.0.0.0 serial 0

    point the traffic to the serial port on the 2801

    ip route 0.0.0.0 0.0.0.0 10.0.3.1

  • +
    0 Votes
    bryan

    on the 1721 instead of:

    ip route 0.0.0.0 0.0.0.0 serial 0

    point the traffic to the serial port on the 2801

    ip route 0.0.0.0 0.0.0.0 10.0.3.1