Setting up a test network with a 2621 router

Unanswered Question
Feb 8th, 2007

Hi Folks,

Hopefully I can explain clearly what I am attempting to achieve.

We are attempting to set up a test bench connected to our network via a 2621 router.

We have connected eth0/0 to our existing network and eth0/1 to our test network.

We have assigned eth0/0 a valid existing address of 198.238.135.105 and subnet mask of 255.255.255.128 from our existing network.

We have assigned eth0/1 a private IP address of 192.168.1.1 and mask of 255.255.255.0 and it is directly connected to a Cisco 2900 switch.

We have assigned the switch an IP address of 192.168.1.2.

When we connect a workstation to the switch on the test network and assign it an address of 192.168.1.3 we are able to ping 192.168.1.2 (Switch), 192.168.1.1 (eth0/1 on router) and 198.238.135.105 (eth0/0 on router).

We are unable to ping anything else on our existing network.

What we want to achieve is to be able to to NAT translation and get access to the Internet via a workstation connected to the switch on the test network, but we can not do that.

We can't ping beyond the eht0/0 port on the router.

I think what I am trying to do is set up NAT translation and then a bridge or route between the eth0/0 and eth0/1 interfaces. Is there a way to achieve what I am attempting?

We are not using the Serial port on the router.

Thanks, John

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
m-haddad Thu, 02/08/2007 - 12:02

Hello,

For your current network to reply the what is their current default gateway? Their default gateway should be the router's E0/0. If they have different default gateway they won't be able reply back.

You can NAT the source NEW subnet to an address on the old subnet if you want but why so if you can do it via routing.

Let me know if this solves your issue,

Regards,

Jmorgan1413_2 Thu, 02/08/2007 - 13:27

How would I do it with routing?

Ideally we would eventually like to be able to access devices on the test network from our regular network.

So, I'm not sure whether NAT is how we actually want to go.

m-haddad Thu, 02/08/2007 - 13:56

Hello,

Using NAT may not work with all applications. Since your router has two interfaces connected to both subnets it will route between these subnets.

However, you need to make sure the hosts on each subnet have their default gateway pointed to this Router.

E.G

Subnet 1--- F0/0 Router F0/1 -----Subnet 2

| |

Host1 Host 2

DF: F0/0 DF:F0/1

DF= Default gateway

The router will router between this two subnets,

Hope this answers your question,

Regards,

Jmorgan1413_2 Thu, 02/08/2007 - 14:09

So what you are saying is that I will have to change the default gateway on all our existing workstations?

Am I understanding that correctly?

sundar.palaniappan Thu, 02/08/2007 - 12:05

John,

I hope I understood your requirement correctly. If you want host(s) on the test network to have access to the Internet through your existing network then configuring NAT the following way is what you need. If you have a different requirement please clarify.

int e0/0

ip nat outside

int e0/1

ip nat inside

ip nat inside source list 1 int e0/0 overload

access-list 1 permit 192.168.1.0

HTH

Sundar

Jmorgan1413_2 Thu, 02/08/2007 - 13:24

That is what I want.

I tried your suggestion but it did not seem to work. I'm sure I've boneheaded something up.

Here is my configuration:

[i]Current configuration : 1090 bytes

!

version 12.2

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname TestLab

!

enable secret 5

enable password

!

ip subnet-zero

!

!

!

!

!

voice call carrier capacity active

!

!

!

!

!

!

!

!

!

mta receive maximum-recipients 0

!

!

!

!

interface FastEthernet0/0

ip address 198.238.135.105 255.255.255.128

ip nat outside

speed auto

half-duplex

no mop enabled

!

interface Serial0/0

no ip address

shutdown

!

interface FastEthernet0/1

ip address 192.168.1.1 255.255.255.0

ip nat inside

speed auto

half-duplex

no mop enabled

!

ip nat inside source list 1 interface FastEthernet0/0 overload

ip nat outside source static 192.168.1.1 198.238.135.105

ip classless

ip http server

!

!

access-list 1 permit 192.168.1.0

dialer-list 1 protocol ip permit

dialer-list 1 protocol ipx permit

!

!

snmp-server community RO

snmp-server enable traps tty

call rsvp-sync

!

!

mgcp profile default

!

dial-peer cor custom

!

!

!

gateway

!

!

line con 0

line aux 0

line vty 0 4

password

login

!

!

end

[/i]

m-haddad Thu, 02/08/2007 - 13:29

Hello,

You can use static NAT and PAT to the same IP at the same time. Also, you have to use extended ACL

Perform the below:

Clear ip nat translation *

no ip nat outside source static 192.168.1.1 198.238.135.105

no ip nat inside source list 1 interface FastEthernet0/0 overload

no access-list 1

ip access-list ext 101

permit ip 192.168.1.0 0.0.0.255 any

ip nat inside source list 101 interface FastEthernet0/0 overload

Let me know if this solves your issue,

Jmorgan1413_2 Thu, 02/08/2007 - 13:59

Well, yes and no!

Sorry to be so brain dead. It works fine now as far as pinging addresses goes.

From a workstation on the test network I can now ping any ip address in the world to my hearts content.

The problem comes with name resolution. I can do something silly like "Ping support.novell.com" and I can see it grab the correct IP address, but then I just get "host unreachable" errors. I'm thinking that I may have to allow some packets to come back in to the workstation.

DELL ACORD Thu, 02/08/2007 - 13:33

John.

Could you verify that the statment ip routing was used. Also After NAT was configured. You could use a static route statement such as "ip route 0.0.0.0 0.0.0.0 e0/0". Then verify that the workstation default gateway is pointing to the e0/1 interface 192.168.1.1.

Hope this helps.

Actions

This Discussion