Options
Routing question...
ramjet666
Member Posts: 33 ■■□□□□□□□□
in CCNA & CCENT
Hi,
The setup I'm trying to configure is...
Internet Nat'ed router 192.168.0.1 > (192.168.0.254 f0/0 (Cisco 2811 Dual Ethernet) 10.0.0.1 f0/1) > 10.0.0.2 (PC2)
I can connect from another PC on the 192.168.0.x lan to the 10.0.0.2 (PC2) IP, but PC2 will not reach the internet.
I think it's the NAT on the internet router causing the problem, is there a way to make this work with any config on the router?
Cheers,
Roger.
The setup I'm trying to configure is...
Internet Nat'ed router 192.168.0.1 > (192.168.0.254 f0/0 (Cisco 2811 Dual Ethernet) 10.0.0.1 f0/1) > 10.0.0.2 (PC2)
I can connect from another PC on the 192.168.0.x lan to the 10.0.0.2 (PC2) IP, but PC2 will not reach the internet.
I think it's the NAT on the internet router causing the problem, is there a way to make this work with any config on the router?
Cheers,
Roger.
Comments
-
Optionsramjet666 Member Posts: 33 ■■□□□□□□□□malcybood wrote:can you post your runnning config?
Building configuration... Current configuration : 506 bytes ! version 12.2 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Router ! enable secret 5 **** ! ip subnet-zero ! ! ! ! ! ! interface FastEthernet0/0 ip address 192.168.0.254 255.255.255.0 duplex auto speed auto ! interface FastEthernet0/1 ip address 10.0.0.1 255.255.255.0 duplex auto speed auto ! ip classless ip http server ip pim bidir-enable ! ! ! line con 0 line aux 0 line vty 0 4 password **** login ! ! end
Quite basic no routes. -
Optionsramjet666 Member Posts: 33 ■■□□□□□□□□cisco_trooper wrote:Where is the NAT you speak of?
Thats on a separate router (Sky broadband) 192.168.0.1 -
Optionsmalcybood Member Posts: 900 ■■■□□□□□□□cisco_trooper - I think he means the internet ADSL router (i.e. linksys, belkin etc) is NAT'd which it will be if it's a SOHO router, then got a 2811 connected to the 192.168.1.0 network (SOHO router)
ramjet666 You need to add static routes or a routing protocol edit - assuming PC2 is on the 10.0.0.0 network.
Try adding a default route on the Cisco 2811 in global config mode
ip route 0.0.0.0 0.0.0.0 fa0/0 -
Optionsramjet666 Member Posts: 33 ■■□□□□□□□□malcybood wrote:cisco_trooper - I think he means the internet ADSL router (i.e. linksys, belkin etc) is NAT'd which it will be if it's a SOHO router, then got a 2811 connected to the 192.168.1.0 network (SOHO router)
ramjet666 You need to add static routes or a routing protocol.
Yes it's a Netgear ADSL router on IP 192.168.0.1 If this router has NAT can the 10.0.0.x network connect out to the internet? -
Optionsramjet666 Member Posts: 33 ■■□□□□□□□□malcybood wrote:ramjet666 You need to add static routes or a routing protocol edit - assuming PC2 is on the 10.0.0.0 network.
Try adding a default route on the Cisco 2811 in global config mode
ip route 0.0.0.0 0.0.0.0 fa0/0
I add the static route and PC2 cannot ping an external (i.e. internet) address.
I think it's the natting on the ADSL router? -
Optionsmalcybood Member Posts: 900 ■■■□□□□□□□ramjet666 wrote:malcybood wrote:ramjet666 You need to add static routes or a routing protocol edit - assuming PC2 is on the 10.0.0.0 network.
Try adding a default route on the Cisco 2811 in global config mode
ip route 0.0.0.0 0.0.0.0 fa0/0
I add the static route and PC2 cannot ping an external (i.e. internet) address.
I think it's the natting on the ADSL router?
The ADSL router will be NATting but it doesnt matter if you can access external from the 192.168.1.0 network. The issue is routing inside your private network nothing to do with NAT.
My bad it needs to be able to route incoming traffic to 10.0.0.0 back from the internet, try enabling RIP.
router(config)router rip
router(config-router)network 10.0.0.0
router(config-router)network 192.168.0.0 -
Optionsramjet666 Member Posts: 33 ■■□□□□□□□□From PC2 I get:
c:\>ping 208.67.222.222 Pinging 208.67.222.222 with 32 bytes of data: Reply from 10.0.0.1: Destination host unreachable. Reply from 10.0.0.1: Destination host unreachable. Reply from 10.0.0.1: Destination host unreachable. Reply from 10.0.0.1: Destination host unreachable. Ping statistics for 208.67.222.222: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms
From PC2..
Also PC2 cannot ping any 192.168.0.x address on this subnet even the ADSL router on .1, but I do get a response from 192.168.0.254 the router's f0/0 interface.
I can connect my laptop via RDP to 10.0.0.2, I did put a static route on the laptop to use 192.168.0.254 as a GW for this IP.
Any ideas? -
Optionsmalcybood Member Posts: 900 ■■■□□□□□□□ramjet666 wrote:From PC2 I get:
c:\>ping 208.67.222.222 Pinging 208.67.222.222 with 32 bytes of data: Reply from 10.0.0.1: Destination host unreachable. Reply from 10.0.0.1: Destination host unreachable. Reply from 10.0.0.1: Destination host unreachable. Reply from 10.0.0.1: Destination host unreachable. Ping statistics for 208.67.222.222: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms
From PC2..
Also PC2 cannot ping any 192.168.0.x address on this subnet even the ADSL router on .1, but I do get a response from 192.168.0.254 the router interface.
I can connect my laptop via RDP to 10.0.0.2, I did put a static route on the laptop to use 192.168.0.254 as a GW for this IP.
Any ideas?
Is this with RIP enabled?
You need to remove static routes as they will be preferred over RIP due to having a lower administrative distance.
can you do a show ip route from priv exec mode and post the output
router#sh ip route -
Optionsramjet666 Member Posts: 33 ■■□□□□□□□□Current Config:
Building configuration... Current configuration : 558 bytes ! version 12.2 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname 2811XM ! enable secret 5 ! ip subnet-zero ! ! ! ! ! ! interface FastEthernet0/0 ip address 192.168.0.254 255.255.255.0 duplex auto speed auto ! interface FastEthernet0/1 ip address 10.0.0.1 255.255.255.0 duplex auto speed auto ! router rip network 10.0.0.0 network 192.168.0.0 ! ip classless ip http server ip pim bidir-enable ! ! ! line con 0 line aux 0 line vty 0 4 password login ! ! end
2811XM#sh ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set 10.0.0.0/24 is subnetted, 1 subnets C 10.0.0.0 is directly connected, FastEthernet0/1 C 192.168.0.0/24 is directly connected, FastEthernet0/0 2811XM#
-
Optionsmalcybood Member Posts: 900 ■■■□□□□□□□The problem is that the sky router doesn't know how to route to the 10.0.0.0 network so try natting the 10.0.0.0 network to 192.168.0.0 network on the 2811.
Here's the getting started link
http://ciscosystems.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094e77.shtml
sorry if this is what you meant at first, i maybe misinterpreted the q. If the sky router ran RIP like linksys etc do you would have been OK just configuring RIP on the Cisco and all routes would have been learned.
p.s. sky ADSL routers are pretty useless for this type of stuff, they are totally locked down and you can't see anything helpful. They also do not give you the ADSL username and password to try stuff out yourself etc.
Hope this helps you out -
Optionsmalcybood Member Posts: 900 ■■■□□□□□□□one last thing I've just found on my sky router is you can actually see the routing table. Looks like there are 3 static routes as the metric is 0
This confirms you need to NAT your 10.0.0.0 network to 192.168.0.0 with a NAT pool.
You can get into your sky router routing table usually by doing the following;
go to web interface gui via 192.168.0.1
enter username and password (default is admin / sky )
Navigate to maintenance - diagnostics - routing table
This will confirm the routes on the sky router.
Hope this helps and let us know how you get on with the NAT configuration / ask if you have any questions. -
Optionsramjet666 Member Posts: 33 ■■□□□□□□□□malcybood wrote:The problem is that the sky router doesn't know how to route to the 10.0.0.0 network so try natting the 10.0.0.0 network to 192.168.0.0 network on the 2811.
Here's the getting started link
http://ciscosystems.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094e77.shtml
sorry if this is what you meant at first, i maybe misinterpreted the q. If the sky router ran RIP like linksys etc do you would have been OK just configuring RIP on the Cisco and all routes would have been learned.
p.s. sky ADSL routers are pretty useless for this type of stuff, they are totally locked down and you can't see anything helpful. They also do not give you the ADSL username and password to try stuff out yourself etc.
Hope this helps you out
Thanks, appreciate your help. BTW dunno if you know but the username/password on Sky routers has been broke. I have used another router on my line and it worked. I have the dark grey netgear. -
Optionsgorebrush Member Posts: 2,743 ■■■■■■■□□□I have the Sagem, which apparently can be replaced to.
I resent having to use a £50 router, especially as a CCNA/CCNP in progress with a £350 Cisco 877...
(Waiting for my 16MB Sky service to go live next Monday, router arrived today!) -
Optionsmalcybood Member Posts: 900 ■■■□□□□□□□ramjet666 wrote:malcybood wrote:The problem is that the sky router doesn't know how to route to the 10.0.0.0 network so try natting the 10.0.0.0 network to 192.168.0.0 network on the 2811.
Here's the getting started link
http://ciscosystems.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094e77.shtml
sorry if this is what you meant at first, i maybe misinterpreted the q. If the sky router ran RIP like linksys etc do you would have been OK just configuring RIP on the Cisco and all routes would have been learned.
p.s. sky ADSL routers are pretty useless for this type of stuff, they are totally locked down and you can't see anything helpful. They also do not give you the ADSL username and password to try stuff out yourself etc.
Hope this helps you out
Thanks, appreciate your help. BTW dunno if you know but the username/password on Sky routers has been broke. I have used another router on my line and it worked. I have the dark grey netgear.
I had read a few forums which tells you how to hack the netgear and extract the password but I've got the Sagem.
Not found a site that has given the solution yetgorebrush wrote:I have the Sagem, which apparently can be replaced to.
I resent having to use a £50 router, especially as a CCNA/CCNP in progress with a £350 Cisco 877...
(Waiting for my 16MB Sky service to go live next Monday, router arrived today!)
Do you have a link that tells you how to extract the Sagem password?
I found a site that said the username is basically your router MAC address@skydsl and password was your WPA key (I think) but it didn't work for me. I only tried once in a hurry so may go back to it at some point if I need to. -
Optionsramjet666 Member Posts: 33 ■■□□□□□□□□malcybood wrote:ramjet666 wrote:malcybood wrote:The problem is that the sky router doesn't know how to route to the 10.0.0.0 network so try natting the 10.0.0.0 network to 192.168.0.0 network on the 2811.
Here's the getting started link
http://ciscosystems.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094e77.shtml
sorry if this is what you meant at first, i maybe misinterpreted the q. If the sky router ran RIP like linksys etc do you would have been OK just configuring RIP on the Cisco and all routes would have been learned.
p.s. sky ADSL routers are pretty useless for this type of stuff, they are totally locked down and you can't see anything helpful. They also do not give you the ADSL username and password to try stuff out yourself etc.
Hope this helps you out
Thanks, appreciate your help. BTW dunno if you know but the username/password on Sky routers has been broke. I have used another router on my line and it worked. I have the dark grey netgear.
I had read a few forums which tells you how to hack the netgear and extract the password but I've got the Sagem.
Not found a site that has given the solution yetgorebrush wrote:I have the Sagem, which apparently can be replaced to.
I resent having to use a £50 router, especially as a CCNA/CCNP in progress with a £350 Cisco 877...
(Waiting for my 16MB Sky service to go live next Monday, router arrived today!)
Do you have a link that tells you how to extract the Sagem password?
I found a site that said the username is basically your router MAC address@skydsl and password was your WPA key (I think) but it didn't work for me. I only tried once in a hurry so may go back to it at some point if I need to.
I sent you the link in a pm, the password/login is a hash of your serial number/mac address of router. -
Optionsramjet666 Member Posts: 33 ■■□□□□□□□□Need some help with the nat'ing, read the link but not sure how to apply it in my setup!
-
Optionsramjet666 Member Posts: 33 ■■□□□□□□□□I managed to find out how to do this here's the config:
interface FastEthernet0/0 ip address 192.168.0.254 255.255.255.0 ip nat outside duplex auto speed auto ! interface FastEthernet0/1 ip address 10.0.0.1 255.255.255.0 ip nat inside duplex auto speed auto ! ip nat pool ovrld 192.168.0.201 192.168.0.201 prefix-length 24 ip nat inside source list 7 pool ovrld overload ip nat inside source static tcp 10.0.0.2 443 192.168.0.254 443 extendable ip classless ip route 0.0.0.0 0.0.0.0 192.168.0.1 ip http server ip pim bidir-enable ! ! access-list 7 permit 10.0.0.0 0.0.0.255
I used 192.168.0.201 as this is not in the DHCP scope on the internet router.
Also can RDP to the internal PC on the 10.0.0.x network from the 192.168.0.x network with the;ip nat inside source static tcp 10.0.0.2 443 192.168.0.254 443 extendable
line.
I know 443 is https and not 3389 for RDP. A long story! But this PC is listening for RDP on 443. -
Optionsmalcybood Member Posts: 900 ■■■□□□□□□□nice one, glad you got it working man. It's more satisfying when you work out the code yourself too