When I enter the www.msn.com in browser, here is the output of "debug ip nat
detail"
**note** - IP address: 10.0.0.6 is my Win2k Profession
- IP address: 64.22.13X.ABC is my public IP, (Ethernet 1)
- IP address: 207.211.58.10 is my ISP DNS server.
- beside above IP(s), I don't know where those came from.
FWGW#
FWGW#
FWGW#
2w0d: NAT: i: udp (10.0.0.6, 1138) -> (207.211.58.10, 53) [1536]
2w0d: NAT: ipnat_allocate_port: wanted 1138 got 1138
2w0d: NAT: i: udp (10.0.0.6, 1138) -> (207.211.58.10, 53) [1537]
2w0d: NAT: o: udp (207.211.58.10, 53) -> (64.22.13X.ABC, 1138) [18281]
2w0d: NAT: i: tcp (10.0.0.6, 1139) -> (207.46.176.121, 80) [1538]
2w0d: NAT: ipnat_allocate_port: wanted 1139 got 1139
2w0d: NAT: i: tcp (10.0.0.6, 1140) -> (207.46.179.134, 80) [1540]
2w0d: NAT: ipnat_allocate_port: wanted 1140 got 1140
2w0d: NAT: i: tcp (10.0.0.6, 1141) -> (207.46.179.143, 80) [1542]
2w0d: NAT: ipnat_allocate_port: wanted 1141 got 1141
2w0d: NAT: i: tcp (10.0.0.6, 1142) -> (207.46.185.138, 80) [1544]
2w0d: NAT: ipnat_allocate_port: wanted 1142 got 1142
2w0d: NAT: i: tcp (10.0.0.6, 1143) -> (207.46.185.140, 80) [1546]
2w0d: NAT: ipnat_allocate_port: wanted 1143 got 1143
2w0d: NAT: i: tcp (10.0.0.6, 1144) -> (207.46.185.99, 80) [1548]
2w0d: NAT: ipnat_allocate_port: wanted 1144 got 1144
2w0d: NAT: o: tcp (207.46.185.99, 80) -> (64.22.13X.ABC, 1144) [42286]
2w0d: NAT*: i: tcp (10.0.0.6, 1144) -> (207.46.185.99, 80) [1550]
2w0d: NAT*: i: tcp (10.0.0.6, 1144) -> (207.46.185.99, 80) [1551]
2w0d: NAT*: o: tcp (207.46.185.99, 80) -> (64.22.13X.ABC, 1144) [42300]
2w0d: NAT*: i: tcp (10.0.0.6, 1144) -> (207.46.185.99, 80) [1553]
When browser display Cannot find server it stop here.
Then I type:
FWGW#sh ip nat trans
Pro Inside global Inside local Outside local Outside global
udp 64.22.13X.ABC:1138 10.0.0.6:1138 207.211.58.10:53
207.211.58.10:53
tcp 64.22.13X.ABC:1140 10.0.0.6:1140 207.46.179.134:80
207.46.179.134:80
tcp 64.22.13X.ABC:1141 10.0.0.6:1141 207.46.179.143:80
207.46.179.143:80
tcp 64.22.13X.ABC:1139 10.0.0.6:1139 207.46.176.121:80
207.46.176.121:80
tcp 64.22.13X.ABC:1144 10.0.0.6:1144 207.46.185.99:80
207.46.185.99:80
tcp 64.22.13X.ABC:1142 10.0.0.6:1142 207.46.185.138:80
207.46.185.138:80
tcp 64.22.13X.ABC:1143 10.0.0.6:1143 207.46.185.140:80
207.46.185.140:80
FWGW#sh ip nat stat
Total active translations: 7 (0 static, 7 dynamic; 7 extended)
Outside interfaces:
Ethernet1
Inside interfaces:
Ethernet0
Hits: 7 Misses: 7
Expired translations: 0
Dynamic mappings:
-- Inside Source
access-list 2 interface Ethernet1 refcount 7
FWGW#
Here is ping from inside router with Yahoo IP
FWGW#ping
Protocol [ip]:
Target IP address: 204.71.200.74
Repeat count [5]: 100
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 100, 100-byte ICMP Echos to 204.71.200.74, timeout is 2 seconds:
.!.!!!!!!!!.!!!!!.!!!!!!!!.!!!...!!!.!!!!!!!.!.!.!.!.!!!.!!!!.!!!!!!!!
!!!!!!!!.!.!!.!.!.!!!!!!!!!.!!
Success rate is 78 percent (78/100), round-trip min/avg/max = 20/33/164 ms
FWGW#
I don't know why it drop too many packet. Here is basic current config:
Current configuration:
!
version 11.3
!
hostname FWGW
!
boot system flash
enable secret 5 XXXXXXXXXXXXXXXXxxxx
!
ip subnet-zero
ip nat translation tcp-timeout 360
ip nat translation udp-timeout 360
ip nat translation finrst-timeout never
ip nat translation dns-timeout 61
ip nat inside source list 2 interface Ethernet1 overload
no ip finger
no ip domain-lookup
ip domain-name DOMAIN.COM
ip name-server 207.211.58.10
!
!
process-max-time 200
!
interface Ethernet0
description Connected to Local Network (LAN)
ip address 10.0.0.1 255.0.0.0
ip nat inside
arp timeout 360
!
interface Ethernet1
description Connected to Internet
ip address 64.22.13X.ABC 255.255.255.128
ip nat outside
arp timeout 360
!
ip default-gateway 64.22.13X.BCD <--- My ISP GW
ip classless
ip route 0.0.0.0 0.0.0.0 Ethernet1
!
access-list 2 permit 10.0.0.0 0.0.0.255
!
line con 0
transport input none
line aux 0
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
