Problem configuring 1721 router

Unanswered Question
Jun 26th, 2007

Hello,

I have to configure a cisco 1721 with NAT

this is the config :

sh run

Building configuration...

Current configuration : 1899 bytes

!

version 12.3

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname ByPass_LinkProof

!

enable secret 5 ##############

!

no aaa new-model

ip subnet-zero

!

!

no ip domain lookup

!

!

ip cef

!

!

!

!

interface FastEthernet0

ip address 192.168.152.2 255.255.255.0

ip nat inside

speed 100

full-duplex

!

interface FastEthernet1

switchport access vlan 2

no ip address

!

interface FastEthernet2

switchport access vlan 3

no ip address

!

interface FastEthernet3

switchport access vlan 4

no ip address

!

interface FastEthernet4

switchport access vlan 5

no ip address

!

interface Vlan1

no ip address

shutdown

!

interface Vlan2

ip address <Pub Address 1> 255.255.255.248

ip nat outside

!

interface Vlan3

ip address <Pub Address 2> 255.255.255.240

!

interface Vlan4

ip address <Pub Address 3> 255.255.255.248

!

interface Vlan5

ip address <Pub Address 4> 255.255.255.248

!

ip nat inside source list 1 interface Vlan2 overload

ip nat inside source static 192.168.151.3 <Pub Address 5>

ip nat inside source static 192.168.151.4 <Pub Address 6>

ip classless

ip route 0.0.0.0 0.0.0.0 <NHR Address 1>

ip route 10.242.0.0 255.255.0.0 192.168.152.1

ip route 192.168.150.0 255.255.255.0 192.168.152.1

ip route 192.168.151.0 255.255.255.0 192.168.152.1

no ip http server

!

access-list 1 permit any

access-list 101 permit tcp any any eq www

access-list 101 permit tcp any any eq domain

access-list 101 permit tcp any any eq 3101

access-list 101 permit tcp any any eq smtp

access-list 101 permit tcp any any eq pop3

access-list 101 permit tcp any any eq 443

access-list 101 permit tcp any any eq 22

access-list 101 permit tcp any any eq 995

access-list 101 deny tcp any any

access-list 102 deny tcp any eq 445 host 192.168.0.103

access-list 102 permit tcp any any

!

line con 0

line aux 0

line vty 0 4

password #####

login

!

no scheduler allocate

!

end

ByPass_LinkProof#

The Vlans 3 4 and 5 are note used for the momment.

when he router is connecter I can ping an internet ip on the router, but not inside the network.

thanks for your help.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Richard Burts Tue, 06/26/2007 - 04:16

Adrien

I do not see any particular issue with the configuration of NAT and wonder if there is some other explanation for your problem. Is it possible that the end stations inside the network do not have correct default gateway configured? (for example can the end stations access resources in the 192.168.150.0 and 192.168.151.0 networks?) Or is it possible that you are pinging by address from the router and pinging by name from the inside end station and there is some issue with DNS?

I see access list 101 and 102 configured (and believe that there are some issues with these access lists) but do not see them applied. Can you clarify what is being done with these access lists?

HTH

Rick

ricadri640 Tue, 06/26/2007 - 04:36

Hello,

The acl 101 and 102 where not in use, so I delete...

this is the config now, with the same problem :

sh run

Building configuration...

Current configuration : 1461 bytes

!

version 12.3

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname ByPass_LinkProof

!

enable secret 5 ###################

!

no aaa new-model

ip subnet-zero

!

!

no ip domain lookup

!

!

ip cef

!

!

!

!

interface FastEthernet0

ip address 192.168.152.2 255.255.255.0

ip nat inside

speed 100

full-duplex

!

interface FastEthernet1

switchport access vlan 2

no ip address

!

interface FastEthernet2

switchport access vlan 3

no ip address

!

interface FastEthernet3

switchport access vlan 4

no ip address

!

interface FastEthernet4

switchport access vlan 5

no ip address

!

interface Vlan1

no ip address

shutdown

!

interface Vlan2

ip address 255.255.255.248

ip nat outside

!

interface Vlan3

ip address ############# 255.255.255.240

shutdown

!

interface Vlan4

ip address ############# 255.255.255.248

shutdown

!

interface Vlan5

ip address ############## 255.255.255.248

shutdown

!

ip nat inside source list 1 interface Vlan2 overload

ip nat inside source static 192.168.151.3

ip nat inside source static 192.168.151.4

ip classless

ip route 0.0.0.0 0.0.0.0

ip route 10.242.0.0 255.255.0.0 192.168.152.1

ip route 192.168.150.0 255.255.255.0 192.168.152.1

ip route 192.168.151.0 255.255.255.0 192.168.152.1

no ip http server

!

access-list 1 permit any

!

line con 0

line aux 0

line vty 0 4

password #############

login

!

no scheduler allocate

!

end

ByPass_LinkProof#

it is not a problem of internal configuration, because with another device it works well...

thanks

Actions

This Discussion