Incorrect work of NAT, packets disappear on CISCO 1921?

E

Evgeny Mityushin2016-06-12 19:19:19

Cisco

Evgeny Mityushin, 2016-06-12 19:19:19

Good afternoon!
Is Cisco 1921 k9, on it access to the Internet under the PPTP protocol is configured.
Everything is pinged out of the tsiska, the names are resolved, everything is fine.
But when connecting the internal network from client machines, the piece of iron behaves somehow strangely.
When pinging, for example, Google DNS, one packet passes and after it a dozen more disappear.
Translation of NAT shows that they say everything is fine.
Below is the config.
interface GigabitEthernet0/1 - port to the provider
interface GigabitEthernet0/0 - LAN
Tell me what you all think about it, what is wrong with me.
show version
Cisco IOS Software, C1900 Software (C1900-UNIVERSALK9_NPE-M), Version 15.3(3)M6, RELEASE SOFTWARE (fc1)
Technical Support:www.cisco.com/techsupport
Copyright (c) 1986-2015 by Cisco Systems, Inc.
Compiled Tue 04-Aug-15 03:33 by prod_rel_team
ROM: System Bootstrap, Version 15.0(1r)M16, RELEASE SOFTWARE (fc1)
Current configuration : 3418 bytes
!
! Last configuration change at 11:50:45 UTC Sun Jun 12 2016
version 15.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service internal
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
!
ip domain name local.lan
ip name-server 77.88.8.8
ip cef
no ipv6 cef
multilink bundle-name authenticated
!
vpdn enable
!
vpdn-group 1
request-dialin
protocol pptp
rotary-group 0
initiate-to ip 172.16.3.14
!
!
license udi pid CISCO1921/K9 sn ***********
!
!
username admin privilege 15 password 7 ***********
!
redundancy
notification-timer 120000
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
ip address 10.2.1.1 255.255.255.0
ip nat inside
ip virtual reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address dhcp
duplex auto
speed auto
!
interface Dialer0
ip address negotiated
ip pim dense-mode
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer in-band
dialer idle-timeout 0
dialer string 123
dialer vpdn
dialer-group 1
ppp pfc local request
ppp pfc remote apply
ppp chap hostname * *******
ppp chap password 7 ********
!
ip forward-protocol nd
!
ip http server
ip http secure-server
!
ip nat inside source list NAT interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 172.16.3.14 255.255.255.255 10.15.180.1
!
ip access-list extended NAT
permit ip 10.2.1.0 0.0.0.255 any
!
dialer-list 1 protocol ip permit
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
login
transport input all
!
scheduler allocate 20000 1000
!
end
show ip nat translations
Pro Inside global Inside local Outside local Outside global
icmp 172.19.54.15:1 10.2.1.2:1 8.8.4.4:1 8.8.4.4:1
icmp 172.19.54.15:1 10.2.1.2:1 93.158.134.3: 1 93.158.134.3:1
udp 172.19.54.15:49366 10.2.1.2:49366 8.8.4.4:53 8.8.4.4:53
udp 172.19.54.15:49522 10.2.1.2:49522 8.8.4
. .54.15: 53958 10.2.1.2:53958 62.128.100.55:443 62.128.19.55:4433 0.12.19.54.15:54002
81.19.104.42:44339.19.104.42:44333.19.104.42:4435:54006
10.2.1.2: 54006 62.128.100.221:443 62.128.100.221:443
tcp 172.19.54.15:54008 10.2.1.2:54008 192.168.1.1:80 192.168.1.1:80
TCP 172.19.54.15:54011 10.2.1.2:55:54:443 62.128.100.49:443 TCP
172.19.54.15:54013 10.2.1.24013 37.252.248.78:938 37.252.248.78:938 TCP
172.19.54.15:54016 10.2. 1.2: 54016 91.203.178.85:35271 91.203.178.85:35271 TCP
172.19.54.15:54019 10.2.1.2271 10.7.2.200:35271 10.7.2.200:35271 TCP
172.19.54.15:54021 10.2.1.24.151 192.168.1 :80 192.168.1
:80 TCP 172.19.54.15:54030 10.2.1.20330 91.203.178.85:35271 91.203.178.85:35271 TCP
172.19.54.15:54033 10.2.1.2271 10.7.2.200:35271 TCP
172.19. 54.15: 54037 10.2.1.2:54037 192.168.1:80 192.168.1.1:80
UDP 172.19.54.15:56285 10.2.1.2:56285 8.8.4.44:53 8.8.4.4:53 UDP
172.19.54.15:56394 10.2.1.2:56394 8.8.4.4:53 8.8.4.4:53
udp 172.19.54.15:57087 10.2.1.2:57087 8.8.4.4:53
8.8.4.4:53 10.2.1.2:63478
8.8.4.4:53
8.8.4.4:53
S* 0.0.0.0/0 is directly connected, Dialer0
10.0.0.0/ 8 is variably subnetted, 5 subnets, 2 masks
C 10.0.0.4/32 is directly connected, Dialer0
C 10.2.1.0/24 is directly connected, GigabitEthernet0/0
L 10.2.1.1/32 is directly connected, GigabitEthernet0/0
C 10.15. 180.0/24 is directly connected, GigabitEthernet0/1
L 10.15.180.39/32 is directly connected, GigabitEthernet0/1
172.16.0.0/32 is subnetted, 2 subnets
S 172.16.2.2 [254/0] via 10.15.180.1, GigabitEthernet0/1
S 172.16.3.14 [1/0] via 10.15.180.1
172.19.0.0/32 is subnetted, 1 subnets
C 172.19.54.15 is directly connected, Dialer0

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

E

Evgeny Mityushin, 2016-06-13
@mitushinem

Without changes

B

Bairum82, 2016-06-21
@Bairum82

no errors on eth0/0?
What's on the way from the user's PC to the router? Any switches?
Connect the PC (by setting the correct ip) directly (i.e. bypassing the internal network) to eth0/0 and see if the problem goes away?