Routing question...

Hi,

The setup I'm trying to configure is...

Internet Nat'ed router 192.168.0.1 > (192.168.0.254 f0/0 (Cisco 2811 Dual Ethernet) 10.0.0.1 f0/1) > 10.0.0.2 (PC2)

I can connect from another PC on the 192.168.0.x lan to the 10.0.0.2 (PC2) IP, but PC2 will not reach the internet.

I think it's the NAT on the internet router causing the problem, is there a way to make this work with any config on the router?

Cheers,
Roger.

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

malcybood

can you post your runnning config?

ramjet666

malcybood wrote:

can you post your runnning config?

Building configuration...

Current configuration : 506 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router
!
enable secret 5 ****
!
ip subnet-zero
!
!
!
!
!
!
interface FastEthernet0/0
 ip address 192.168.0.254 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address 10.0.0.1 255.255.255.0
 duplex auto
 speed auto
!
ip classless
ip http server
ip pim bidir-enable
!
!
!
line con 0
line aux 0
line vty 0 4
 password ****
 login
!
!
end

Quite basic no routes.

cisco_trooper

Where is the NAT you speak of?

ramjet666

cisco_trooper wrote:

Where is the NAT you speak of?

Thats on a separate router (Sky broadband) 192.168.0.1

malcybood

cisco_trooper - I think he means the internet ADSL router (i.e. linksys, belkin etc) is NAT'd which it will be if it's a SOHO router, then got a 2811 connected to the 192.168.1.0 network (SOHO router)

ramjet666 You need to add static routes or a routing protocol edit - assuming PC2 is on the 10.0.0.0 network.

Try adding a default route on the Cisco 2811 in global config mode

ip route 0.0.0.0 0.0.0.0 fa0/0

ramjet666

malcybood wrote:

cisco_trooper - I think he means the internet ADSL router (i.e. linksys, belkin etc) is NAT'd which it will be if it's a SOHO router, then got a 2811 connected to the 192.168.1.0 network (SOHO router)

ramjet666 You need to add static routes or a routing protocol.

Yes it's a Netgear ADSL router on IP 192.168.0.1 If this router has NAT can the 10.0.0.x network connect out to the internet?

ramjet666

malcybood wrote:

ramjet666 You need to add static routes or a routing protocol edit - assuming PC2 is on the 10.0.0.0 network.

Try adding a default route on the Cisco 2811 in global config mode

ip route 0.0.0.0 0.0.0.0 fa0/0

I add the static route and PC2 cannot ping an external (i.e. internet) address.

I think it's the natting on the ADSL router?

malcybood

ramjet666 wrote:

malcybood wrote:

ramjet666 You need to add static routes or a routing protocol edit - assuming PC2 is on the 10.0.0.0 network.

Try adding a default route on the Cisco 2811 in global config mode

ip route 0.0.0.0 0.0.0.0 fa0/0

I add the static route and PC2 cannot ping an external (i.e. internet) address.

I think it's the natting on the ADSL router?

The ADSL router will be NATting but it doesnt matter if you can access external from the 192.168.1.0 network. The issue is routing inside your private network nothing to do with NAT.

My bad it needs to be able to route incoming traffic to 10.0.0.0 back from the internet, try enabling RIP.

router(config)router rip
router(config-router)network 10.0.0.0
router(config-router)network 192.168.0.0

ramjet666

From PC2 I get:

c:\>ping 208.67.222.222

Pinging 208.67.222.222 with 32 bytes of data:

Reply from 10.0.0.1: Destination host unreachable.
Reply from 10.0.0.1: Destination host unreachable.
Reply from 10.0.0.1: Destination host unreachable.
Reply from 10.0.0.1: Destination host unreachable.

Ping statistics for 208.67.222.222:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

From PC2..

Also PC2 cannot ping any 192.168.0.x address on this subnet even the ADSL router on .1, but I do get a response from 192.168.0.254 the router's f0/0 interface.

I can connect my laptop via RDP to 10.0.0.2, I did put a static route on the laptop to use 192.168.0.254 as a GW for this IP.

Any ideas?

malcybood

ramjet666 wrote:
From PC2 I get:
c:\>ping 208.67.222.222

Pinging 208.67.222.222 with 32 bytes of data:

Reply from 10.0.0.1: Destination host unreachable.
Reply from 10.0.0.1: Destination host unreachable.
Reply from 10.0.0.1: Destination host unreachable.
Reply from 10.0.0.1: Destination host unreachable.

Ping statistics for 208.67.222.222:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
From PC2..

Also PC2 cannot ping any 192.168.0.x address on this subnet even the ADSL router on .1, but I do get a response from 192.168.0.254 the router interface.

I can connect my laptop via RDP to 10.0.0.2, I did put a static route on the laptop to use 192.168.0.254 as a GW for this IP.

Any ideas?

Is this with RIP enabled?

You need to remove static routes as they will be preferred over RIP due to having a lower administrative distance.

can you do a show ip route from priv exec mode and post the output

router#sh ip route

ramjet666

Current Config:

Building configuration...

Current configuration : 558 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname 2811XM
!
enable secret 5
!
ip subnet-zero
!
!
!
!
!
!
interface FastEthernet0/0
 ip address 192.168.0.254 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address 10.0.0.1 255.255.255.0
 duplex auto
 speed auto
!
router rip
 network 10.0.0.0
 network 192.168.0.0
!
ip classless
ip http server
ip pim bidir-enable
!
!
!
line con 0
line aux 0
line vty 0 4
 password
 login
!
!
end

2811XM#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default, U - per-user static route, o - ODR
       P - periodic downloaded static route

Gateway of last resort is not set

     10.0.0.0/24 is subnetted, 1 subnets
C       10.0.0.0 is directly connected, FastEthernet0/1
C    192.168.0.0/24 is directly connected, FastEthernet0/0
2811XM#

malcybood

The problem is that the sky router doesn't know how to route to the 10.0.0.0 network so try natting the 10.0.0.0 network to 192.168.0.0 network on the 2811.

Here's the getting started link

http://ciscosystems.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094e77.shtml

sorry if this is what you meant at first, i maybe misinterpreted the q. If the sky router ran RIP like linksys etc do you would have been OK just configuring RIP on the Cisco and all routes would have been learned.

p.s. sky ADSL routers are pretty useless for this type of stuff, they are totally locked down and you can't see anything helpful. They also do not give you the ADSL username and password to try stuff out yourself etc.

Hope this helps you out

malcybood

one last thing I've just found on my sky router is you can actually see the routing table. Looks like there are 3 static routes as the metric is 0

This confirms you need to NAT your 10.0.0.0 network to 192.168.0.0 with a NAT pool.

You can get into your sky router routing table usually by doing the following;

go to web interface gui via 192.168.0.1
enter username and password (default is admin / sky )
Navigate to maintenance - diagnostics - routing table

This will confirm the routes on the sky router.

Hope this helps and let us know how you get on with the NAT configuration / ask if you have any questions.

ramjet666

malcybood wrote:

The problem is that the sky router doesn't know how to route to the 10.0.0.0 network so try natting the 10.0.0.0 network to 192.168.0.0 network on the 2811.

Here's the getting started link

http://ciscosystems.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094e77.shtml

sorry if this is what you meant at first, i maybe misinterpreted the q. If the sky router ran RIP like linksys etc do you would have been OK just configuring RIP on the Cisco and all routes would have been learned.

p.s. sky ADSL routers are pretty useless for this type of stuff, they are totally locked down and you can't see anything helpful. They also do not give you the ADSL username and password to try stuff out yourself etc.

Hope this helps you out

Thanks, appreciate your help. BTW dunno if you know but the username/password on Sky routers has been broke. I have used another router on my line and it worked. I have the dark grey netgear.

gorebrush

I have the Sagem, which apparently can be replaced to.

I resent having to use a £50 router, especially as a CCNA/CCNP in progress with a £350 Cisco 877...

(Waiting for my 16MB Sky service to go live next Monday, router arrived today!)

malcybood

ramjet666 wrote:

malcybood wrote:

The problem is that the sky router doesn't know how to route to the 10.0.0.0 network so try natting the 10.0.0.0 network to 192.168.0.0 network on the 2811.

Here's the getting started link

http://ciscosystems.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094e77.shtml

sorry if this is what you meant at first, i maybe misinterpreted the q. If the sky router ran RIP like linksys etc do you would have been OK just configuring RIP on the Cisco and all routes would have been learned.

p.s. sky ADSL routers are pretty useless for this type of stuff, they are totally locked down and you can't see anything helpful. They also do not give you the ADSL username and password to try stuff out yourself etc.

Hope this helps you out

Thanks, appreciate your help. BTW dunno if you know but the username/password on Sky routers has been broke. I have used another router on my line and it worked. I have the dark grey netgear.

I had read a few forums which tells you how to hack the netgear and extract the password but I've got the Sagem.

Not found a site that has given the solution yet

gorebrush wrote:

I have the Sagem, which apparently can be replaced to.

I resent having to use a £50 router, especially as a CCNA/CCNP in progress with a £350 Cisco 877...

(Waiting for my 16MB Sky service to go live next Monday, router arrived today!)

Do you have a link that tells you how to extract the Sagem password?

I found a site that said the username is basically your router MAC address@skydsl and password was your WPA key (I think) but it didn't work for me. I only tried once in a hurry so may go back to it at some point if I need to.

ramjet666

malcybood wrote:

ramjet666 wrote:

malcybood wrote:

The problem is that the sky router doesn't know how to route to the 10.0.0.0 network so try natting the 10.0.0.0 network to 192.168.0.0 network on the 2811.

Here's the getting started link

http://ciscosystems.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094e77.shtml

sorry if this is what you meant at first, i maybe misinterpreted the q. If the sky router ran RIP like linksys etc do you would have been OK just configuring RIP on the Cisco and all routes would have been learned.

p.s. sky ADSL routers are pretty useless for this type of stuff, they are totally locked down and you can't see anything helpful. They also do not give you the ADSL username and password to try stuff out yourself etc.

Hope this helps you out

Thanks, appreciate your help. BTW dunno if you know but the username/password on Sky routers has been broke. I have used another router on my line and it worked. I have the dark grey netgear.

I had read a few forums which tells you how to hack the netgear and extract the password but I've got the Sagem.

Not found a site that has given the solution yet

gorebrush wrote:

I have the Sagem, which apparently can be replaced to.

I resent having to use a £50 router, especially as a CCNA/CCNP in progress with a £350 Cisco 877...

(Waiting for my 16MB Sky service to go live next Monday, router arrived today!)

Do you have a link that tells you how to extract the Sagem password?

I found a site that said the username is basically your router MAC address@skydsl and password was your WPA key (I think) but it didn't work for me. I only tried once in a hurry so may go back to it at some point if I need to.

I sent you the link in a pm, the password/login is a hash of your serial number/mac address of router.

ramjet666

Need some help with the nat'ing, read the link but not sure how to apply it in my setup!

ramjet666

I managed to find out how to do this here's the config:

interface FastEthernet0/0
 ip address 192.168.0.254 255.255.255.0
 ip nat outside
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address 10.0.0.1 255.255.255.0
 ip nat inside
 duplex auto
 speed auto
!
ip nat pool ovrld 192.168.0.201 192.168.0.201 prefix-length 24
ip nat inside source list 7 pool ovrld overload
ip nat inside source static tcp 10.0.0.2 443 192.168.0.254 443 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.0.1
ip http server
ip pim bidir-enable
!
!
access-list 7 permit 10.0.0.0 0.0.0.255

I used 192.168.0.201 as this is not in the DHCP scope on the internet router.
Also can RDP to the internal PC on the 10.0.0.x network from the 192.168.0.x network with the;

ip nat inside source static tcp 10.0.0.2 443 192.168.0.254 443 extendable

line.
I know 443 is https and not 3389 for RDP. A long story! But this PC is listening for RDP on 443.

malcybood

nice one, glad you got it working man. It's more satisfying when you work out the code yourself too