NAT on 2621 HELP!!!

Similar Messages

• Urgent NAT-T DMVPN help?

  can some one please provide me with the configuration of the DMVPN hub-server when the hub-server is configured with nat???
  i`ll be thankfull.............

  Hi Mohammed,
  I think you may want to check these links:
  NAT-Transparency Aware DMVPN
  "Also added in Cisco IOS Releases 12.3(9a) and 12.3(11)T is the capability to have the hub DMVPN router behind static NAT. This was a change in the ISAKMP NAT-T support. For this functionality to be used, all the DMVPN spoke routers and hub routers must be upgraded, and IPsec must use transport mode.
  For these NAT-Transparency Aware enhancements to work, you must use IPsec transport mode on the transform set. Also, even though NAT-Transparency (IKE and IPsec) can support two peers (IKE and IPsec) being translated to the same IP address (using the UDP ports to differentiate them), this functionality is not supported for DMVPN. All DMVPN spokes must have a unique IP address after they have been NAT translated. They can have the same IP address before they are NAT translated."
  Static NAT & DMVPN Hub ---> Another similar post.
  Hope it helps.
  Thanks.
  Portu
  Message was edited by: Javier Portuguez

• E1000 + PS3 =NAT Type 3 Help

  I know this has been asked before but nothing seems to work for me. My story is:
  I had a WRT150N with a modem in bridge mode and got NAT Type 2 while playing the PS3. The router crashed and I got an E1000 in its place it came with the basic setup CD so I ran that. Then I was getting NAT Type 3. So I called Linksys, and AT&T and neither could help me we opened the ports that Playstation gave me and made sure the UPnP was enabled and all the things they could think of to open my NAT type. But nothing has worked, so if anyone knows anything I could do please let me know. Its just hard to believe that its my playstaion when I had an NAT Type 2 before my old router crashed. I'll supply screen shots whatever you need, I just cant stand to have this NAT type cause it messes with my online gaming.
  Thanks for the Help,
  Grant
  Solved!
  Go to Solution.

  Did you set up PPPoE for the new router and put your modem into bridge mode? 
  I don't work for Cisco. I'm just here to help.

• Xbox live nat on moderate (HELP)

  My xbox is connected wirelessly to my m10 router. I cant get my nat to be on open its on moderate. How do I make it open?

  Hi
  devinbrar 
  and welcome to the community!
  I just saw this similar inquiry in this thread here "How to change Nat setting on valet so Xbox can function properly"
  Check it out!

• HT3728 My AirPort Base station connects me to the Internet but I get an error message saying "Double NAT"  can u help me?

  My Internet connection is fine but everytime I turn on the computer I get an error message about my AirPort Extreme that says. "Double NAT"  can I fix this or should I not even worry. 
  Thanks

  Open Macintosh HD > Applications > Utilities > AirPort Utility
  Click on the AirPort Extreme
  Click the amber dot next to Status
  Click the option to ignore Double NAT
  Allow the settings to update and the AirPort Extreme will restart with a green light in 25-30 seconds.

• NAT QUESTION - PLEASE HELP

  Dear All,
  I HAVE cisco 1841.
  it has 2 interfaces.
  the first one which is f 0/0 is have public ip from my ISP.
  the other one is normal, and i am going to give it 192.168.1.100 / 24.
  now i have 3 subnets totally diffrent .
  i want to create 3 subinterfaces from f0/1.
  my question is , how many subinterfaces can i add under the f 0/1 ?
  and can i make this Router work as NAT ( overloading ) but all the 4 subnet will use the same public IP Address ?
  can it be done as per this diagram ?
  please update me.

  THanks for your reply.
  i have the followig results.
  =============================================
  HO-RO-Internet#sh idb
  Maximum number of Software IDBs 1200. In use 12.
  HWIDBs SWIDBs
  Active 6 6
  Inactive 6 6
  Total IDBs 12 12
  Size each (bytes) 2904 1280
  Total bytes 34848 15360
  Type SIdx Idx St,O,Sh Interface Name (subblocks)
  H 1 1 U,D,R FastEthernet0/0 (HW SB CDP(4), MAC ADDR(2), Ether(1))
  H 2 2 U,D,R FastEthernet0/1 (HW SB CDP(4), MAC ADDR(2), Ether(1))
  H 3 3 A,D,R Serial0/0/0 (HW SB CDP(4), Serial(3))
  H 4 6 U,D,R Loopback0
  H 5 7 U,D,R Loopback1
  H 6 8 U,D,R Loopback3
  S 1 3 U FastEthernet0/0 (SW CDP(5), DSS(4), Dynamic DNS Updates(3
  ), NetBIOS(2), KEEPALIVE(1))
  S 2 4 U FastEthernet0/1 (SW CDP(5), DSS(4), Dynamic DNS Updates(3
  ), NetBIOS(2), KEEPALIVE(1))
  S 3 5 U Serial0/0/0 (SW CDP(5), NetBIOS(2), KEEPALIVE(1))
  S 4 9 U Loopback0 (KEEPALIVE(1))
  S 5 10 U Loopback1 (KEEPALIVE(1))
  S 6 11 U Loopback3 (KEEPALIVE(1))
  Key: SIdx=Sort Index, Idx=hw_if_index or if_number
  St=Current State, O=Old State, Sh=Shadow State
  A=Admindown, D=Down, G=Going Down, I=Init
  R=Reset, T=Testing, U=Up, X=Deleted
  HO-RO-Internet#
  ===========================================
  so, from where can i know how many sub-interfaces i have ?
  please update me .

• NAT 1941 Router Help

  We have three vlans, all class C’s, on a switch which is trunked to a router on port fa 0/1.
  All vlans route nicely.
  I have one device, and no others, in each 192.168.x.x network that I want to reach (Network Address Translation) via the 10.199.110.0 network. No other communications is required to or from the 10.199.110.0 network:
  192.168.20.30 (personal computer) <--NAT--> 10.199.110.91
  192.168.40.30 (personal computer) <--NAT--> 10.199.110.92
  192.168.60.30 (personal computer) <--NAT--> 10.199.110.93
  Router config:
  interface FastEthernet0/0
  ip address 10.199.110.90 255.255.255.0
  ip nat outside
  duplex full
  speed auto
  no mop enabled
  interface FastEthernet0/1
  no ip address
  duplex auto
  speed auto
  interface FastEthernet0/1.20
  encapsulation dot1Q 20
  ip address 192.168.20.254 255.255.255.0
  ip nat inside
  interface FastEthernet0/1.40
  encapsulation dot1Q 40
  ip address 192.168.40.254 255.255.255.0
  ip nat inside
  interface FastEthernet0/1.60
  encapsulation dot1Q 60
  ip address 192.168.60.254 255.255.255.0
  ip nat inside
  Any questions or ideas?

  Hi Jon,
  We got the problem fixed:
  interface FastEthernet0/0
  ip address 10.199.110.90 255.255.255.0
  ip access-group 101 in
  ip access-group 102 out
  ip nat outside
  duplex full
  speed auto
  no mop enabled
  interface FastEthernet0/1
  no ip address
  duplex auto
  speed auto
  no mop enabled
  interface FastEthernet0/1.20
  encapsulation dot1Q 20
  ip address 192.168.20.254 255.255.255.0
  ip nat inside
  interface FastEthernet0/1.40
  encapsulation dot1Q 40
  ip address 192.168.40.254 255.255.255.0
  ip nat inside
  interface FastEthernet0/1.60
  encapsulation dot1Q 60
  ip address 192.168.60.254 255.255.255.0
  ip nat inside
  ip classless
  ip http server
  no ip http secure-server
  ip nat inside source static 192.168.20.30 10.199.110.91
  ip nat inside source static 192.168.40.30 10.199.110.92
  ip nat inside source static 192.168.60.30 10.199.110.93
  ip nat outside source static 10.199.110.91 10.199.110.91
  ip nat outside source static 10.199.110.92 10.199.110.92
  ip nat outside source static 10.199.110.93 10.199.110.93
  access-list 101 permit ip 10.0.0.0 0.255.255.255 host 10.199.110.91
  access-list 101 permit ip 10.0.0.0 0.255.255.255 host 10.199.110.92
  access-list 101 permit ip 10.0.0.0 0.255.255.255 host 10.199.110.93
  access-list 102 permit ip host 10.199.110.93 10.0.0.0 0.255.255.255
  access-list 102 permit ip host 10.199.110.91 10.0.0.0 0.255.255.255
  access-list 102 permit ip host 10.199.110.92 10.0.0.0 0.255.255.255
  dialer-list 1 protocol ip permit
  Thanks again
  Tom

• Need ASA that will do more that 130,000 NAT Sessions? Help

  ASA NAT Performance Figures Please ?
  Does anyone have real world NAT performance figures for any of the ASA55** models.
  I am interested to see actual NAT Sessions and throughput on the ASA ?
  My Router has peaked at 130,000 Sessions  (100% CPU) so I need to move to an ASA. Currently using a CISCO7201
  So I need assistance in choosing a ASA55XX to replace that will do more than 130,000 NAT Sessions ?

  I found and app called Photon that streams java so I can view Java based apps.  That might work for placing your orders.  It was free.

• IPSEC tunnel with NAT and NetMeeting

  I have established an IPSEC tunnel with two Cisco 2621 routers. Clients over the Internet are able to dial into the MCU server, which is behind one of the Cisco 2621 routers configured with NAT but the MCU is not able to call the client. The MCU is able to call any server or client on the LAN however it is not able to call anyone passed the router configured with NAT. Could anyone who has experience with NAT and IPSEC help me out?
  Thanks,

  The following doc should help...
  http://www.cisco.com/warp/public/707/ipsecnat.html

• Static NAT Question - Public to Inside ASA 9.1x

  Hi All.. I'm having  hard time wrapping my head around the post 8.2 nat statements, please help.
  I have a DMZ server that has a list of ports that need to be accessible from the outside from specific IP addresses (this is a video streaming relay server).  It also need to be able to push the stream to a specific IP address as well.  I can do identity nat, and it'll go out and I see it's using IP, but obviously traffic doesn't get in... I can use sample web server nat's I've found and it works for the web management port, 8088, but I can't figure out how to map multiple ports to it:
  Remote Public IP's: 77.88.99.11
  Local Public IP: 12.12.12.1
  Ports required:
  object-group service srvgp-stream-remote
   service-object tcp destination eq www
   service-object tcp destination eq https
   service-object tcp destionation eq 8088
   service-object tcp destination eq 1935
   service-object udp destination range 6970 9999
   service-object udp destination range 30000 65000
   service-object udp destination eq 554
  I can get this to work:
  object network server-external-ip
   host 12.12.12.1
  object network webserver
   host 192.168.1.100
   nat (dmz,outside) static server-external-ip service tcp 8088 8088
  access-list acl-outside extended permit tcp host 77.88.99.11 object AngelEye eq 8088
  But again, I have no idea how I would do such a thing with a list of required ports? I don't see that's an option in the syntax.  Additionally, would this  provide an 'identity nat' in case the server had to send info out to the public ip via these same ports or do you require a seperate identity nat to do this to the same public ip addresses?
  Any help is greatly appreciated.

  With that many ports, you should use the public IP exclusively for the Webserver:
  object network webserver
  host 192.168.1.100
  nat (dmz,outside) static server-external-ip
  If it's not possible to use that IP only for that server, you can configure manual-nat for these ports:
  nat (dmz,outside) source static webserver server-external-ip service srvgp-stream-remote srvgp-stream-remote

• Linksys e2000 router Open NAT troubleshooting multiple xbox 360's

  Hello,
  I've been searching for about 4 hours now how to fix my NAT problems. I thought it had it working on one xbox in my bedroom, as it said OPEN NAT. But, when I looked at my Xbox in the living room, it said MODERATE NAT. How can I get these both to say OPEN NAT? Any help is appreciated. Thank you!

  If you're attempting to game with multiple 360s, port triggering would be your best option.
  You might succeed in getting open NAT on both but the issue would be if you'd be able to play the same game on both consoles simultaenously. Since both consoles will use the same Internet port, the game packets will only be sent to one local IP address. Some games support this and some don't so if you're unable to get open NAT on both game consoles, call your ISP and request for another IP address. That should solve everything.

• Xfintity router/modem with Airport extreme moderate/strict nat?

  I switched to comcast xfinity and they gave me a modem with a router built in and we are trying to use the Airport Extreme to get better signal using Bridge Mode in Airport Utility. It all worked fine but then on my PS3 and Xbox 360 it says that I have a moderate/strict nat type any help on how to get a open nat?

  Suggest that you double check to make sure that the AirPort Extreme is setup in Bridge Mode.
  Open AirPort Utility - click Manual Setup
  Click the Internet icon
  Settings should look like this:
  Connect Using = Ethernet
  Connection Sharing = Off (Bridge Mode)
  Update to save any changes
  When the AirPort Extreme is in Bridge Mode, DHCP and NAT are turned off.
  These services are being provided by the Comcast gateway, so any NAT issues rest with the Comcast gateway. You may need to call Comcast support to ask them about changing the NAT settings on the device.

• Nat Type

  Hello. A have a problem with NAT TYPE on my ps3. I've got a moderate. How to fix this problem? How open nat type? Help please !!

  hmm just typed this out in another thread but i guess it applies here too .
  what i do for xbox live is manually set the xbox ip and dns servers in the xbox network settings.
  then on the modem router (i use a draytek but i am guessing there must be a setting in the homehub3) i set that xbox ip to dmz.  this means the xbox gets an open nat type in all games.
  also all my clan mates always make me host in modern warfare 3.  green bars and good hit registration all round.  gotta love that infinity upload right .

• Destination NAT and Source Nat

  Hi, my network have mobile users with notebooks, and they use public smtp IP address, when they out of office, without VPN ASA works well, but when they comes back in office they should change SMTP IP back to private. I know that my task could be solved via DNS service, but for some reason I should do Dnat and Snat on ASA, please answer me, Is it posible? (Because ASA have to nat and dnat on same interface Insidem and back this traffic to Inside again
  )Please see this picture, I draw my task there. Thanks!

  Yes it is posible through policy nat.
  here is the example.
  access−list policy−nat extended permit ip host 10.1.1.20 host 5.5.5.5
  global (dmz) 2  192.168.2.2
  nat (inside) 2 access-list policy−nat
  Hope that helps.
  thanks

• What exact changes are done in MGCP after NAT

  Hi All,
  I am not able to understand the changes in the MGCP packet after NAT. The screenshot is of working and non working case. Office is working fine with port change after NAT. But at home the NAT does not change the src port. It RSIP packet from the phone to the MG.
  What exact changes are done to a MGCP packet after NAT.
  Any help will highly be appreciated.
  Regards,
  Ravi

  NAT should not be used with VoIP.
  However, you may have better luck with H.323, or SIP, under NAT.