CiscoForums.it

Cisco Users Group
https://ciscoforums.it/

GNS 3 problema nat

https://ciscoforums.it/viewtopic.php?f=21&t=30608

Pagina 1 di 1

GNS 3 problema nat

Inviato: gio 18 lug , 2013 3:19 pm
da Braveheart84
Sto svolgendo un esercizio con GNS. Dopo aver configurato i tre router, e verificata la connettività tra di esse, ho questo problema: dopo aver settato il NAT, se faccio un ping con sorgente l'interfaccia che deve essere nattata (loopback in questo caso), non funziona. Sottolineo che nelle ACL c'è un deny tra la rete 192.168.1.0 indirizzata alla 10.10.0.0 e viceversa, poiché nell'esercizio dovrò configurare un tunnel GRE.

Vi posto la configurazione:


BRANCH#show run
BRANCH#show running-config
Building configuration...

Current configuration : 1380 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname BRANCH
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
no ip domain lookup
ip domain name lab.local
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback1
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Serial0/0
ip address 209.165.200.242 255.255.255.248
ip nat outside
no ip virtual-reassembly
serial restart-delay 0
!
interface Serial0/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial0/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial0/3
no ip address
shutdown
serial restart-delay 0
!
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 209.165.200.241
!
ip nat pool BR 209.165.200.249 209.165.200.254 prefix-length 29
ip nat source list BRANCH pool BR overload
!
!
ip access-list extended BRANCH
remark non tradurre per VNP
deny ip 192.168.1.0 0.0.0.255 10.10.0.0 0.0.255.255
permit ip 192.168.1.0 0.0.0.255 any
permit ip 192.168.1.0 0.0.0.255 10.10.0.0 0.0.255.255
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
!
end



hostname ISP
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
no ip domain lookup
ip domain name lab.local
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback1
ip address 209.165.202.129 255.255.255.0
!
interface Serial0/0
ip address 209.165.200.241 255.255.255.248
serial restart-delay 0
!
interface Serial0/1
ip address 209.165.200.225 255.255.255.248
serial restart-delay 0
!
interface Serial0/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial0/3
no ip address
shutdown
serial restart-delay 0
!
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 Serial0/1
ip route 209.165.200.232 255.255.255.248 Serial0/1
ip route 209.165.200.248 255.255.255.248 Serial0/0
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
!
end


HQ#show run
HQ#show running-config
Building configuration...

Current configuration : 1444 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname HQ
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
no ip domain lookup
ip domain name lab.local
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 10.10.20.238 255.255.255.0
ip nat inside
no ip virtual-reassembly
!
interface Loopback10
ip address 10.10.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Serial0/0
ip address 209.165.200.226 255.255.255.248
ip nat outside
no ip virtual-reassembly
serial restart-delay 0
!
interface Serial0/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial0/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial0/3
no ip address
shutdown
serial restart-delay 0
!
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 209.165.200.225
!
ip nat pool HQ 209.165.200.233 209.165.200.238 prefix-length 29
ip nat source list HQ_NAT pool HQ overload
ip nat source static 10.10.20.238 209.165.200.238
!
!
ip access-list extended HQ_NAT
deny ip 10.10.0.0 0.0.255.255 192.168.1.0 0.0.0.255
permit ip 10.10.0.0 0.0.255.255 any
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
!
end

Re: GNS 3 problema nat

Inviato: gio 18 lug , 2013 4:14 pm
da paolomat75
Se mandi il file GNS3 ci do un occhio dove sta l'errore (sono pigno).

Paolo

Re: GNS 3 problema nat

Inviato: gio 18 lug , 2013 4:26 pm
da Braveheart84
dammi la tua mail, qui non me lo fa postare

Re: GNS 3 problema nat

Inviato: dom 21 lug , 2013 10:12 am
da paolomat75
Ciao,
ho visto ora il file.
Hai sbagliato il nat

Codice: Seleziona tutto

BRANCH(config)#no ip nat source list BRANCH pool BR overload
BRANCH(config)#ip nat inside source list BRANCH pool BR overload

HQ(config)#no ip nat source list HQ_NAT pool HQ overload
HQ(config)#ip nat inside source list HQ_NAT pool HQ overload
HQ(config)#no ip nat source static 10.10.20.238 209.165.200.238
HQ(config)#ip nat inside source static 10.10.20.238 209.165.200.238
Così dovrebbe funzionare tutto (il nat va di sicuro)
Paolo

Re: GNS 3 problema nat

Inviato: dom 21 lug , 2013 4:03 pm
da Braveheart84
ci avevo pensato all'overload, cmq ora verifico...


ahhh avevo omesso l'inside. Grazie, ora funzia

Re: GNS 3 problema nat

Inviato: dom 21 lug , 2013 5:44 pm
da paolomat75
Bene.

Prego
Paolo
Tutti gli orari sono UTC+01:00
Pagina 1 di 1

Creato da phpBB® Forum Software © phpBB Limited

Traduzione Italiana phpBB-Store.it