Weird Cisco NAT Behaviour

MulLa

Golden Member
Jun 20, 2000
1,755
0
0
Hi all,

Trying to get NAT up and running properly on my 1841 router. It seemed to work fine for 80% of websites out there. For some pages, browser will refuse to load saying it cannot be displayed. On some sites if you refresh it, then it'll load properly, on others no matter how much you refresh it, it still won't load. Then on some pages, it'll load the text / link only portion of the page with no graphics.

Pages that I've noticed with problems so far are Symantec, Microsoft, VMware & Hotmail.

This is very strange and if anyone has any hints as to what's going on or guidelines for troubleshooting it'll be much appreciated. Posted the most basic version of the config I have that still doesn't work.

Thanks heaps in advnace!


!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname router
!
boot-start-marker
boot-end-marker
!
enable secret 5 ****
!
no aaa new-model
!
resource policy
!
ip cef
!
!
!
!
vpdn enable
!
!
!
crypto pki trustpoint TP-self-signed-1122731203
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1122731203
revocation-check none
rsakeypair TP-self-signed-1122731203
!
!
crypto pki certificate chain TP-self-signed-1122731203
certificate self-signed 01 nvram:IOS-Self-Sig#3302.cer
!
!
!
!
!
interface FastEthernet0/0
description Trunk to Switch
no ip address
duplex auto
speed auto
!
interface FastEthernet0/0.110
encapsulation dot1Q 110
ip address 172.16.30.2 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
no snmp trap link-status
!
interface FastEthernet0/0.120
encapsulation dot1Q 120
ip address 172.16.40.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
no snmp trap link-status
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface ATM0/0/0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0/0/0.1 point-to-point
no snmp trap link-status
pvc 8/35
pppoe-client dial-pool-number 1
!
!
interface Dialer1
mtu 1492
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap callin
ppp chap hostname ****
ppp chap password 7 ****
!
ip route 0.0.0.0 0.0.0.0 Dialer1
!
!
ip http server
ip http access-class 50
ip http secure-server
ip nat inside source list 1 interface Dialer1 overload
!
access-list 1 permit 172.16.30.0 0.0.0.255
access-list 1 permit 172.16.40.0 0.0.0.255
access-list 50 permit 172.16.30.0 0.0.0.255
!
!
!
!
control-plane
!
banner motd 
If you are not authorised user in the network, then you must disconnect immediately.

!
line con 0
exec-timeout 0 0
password 7 ****
logging synchronous
login
line aux 0
password 7 ****
login
line vty 0 4
access-class 50 in
password 7 ****
login
line vty 5 807
access-class 50 in
password 7 ****
login
!
scheduler allocate 20000 1000
!
webvpn context Default_context
ssl authenticate verify all
!
no inservice
!
end
 

spidey07

No Lifer
Aug 4, 2000
65,469
5
76
I'd check name resolution.

NAT works at layer3/4 only and isn't going to impact what your're desribing unless it's a "funny" protocol.
 

MulLa

Golden Member
Jun 20, 2000
1,755
0
0
Indeed!! We had ISA server running perviously and we've decided to can that but the DNS server is still forwarding queries to it!! Funny how it only stuffed up some sites but not others.

Oh well... now I feel embrassed to have thought it's the router!!! :eek:

Thanks Spidey07!! Saved me a tonne of headache!!