07-12-2007 11:09 AM - edited 03-05-2019 05:16 PM
I know this is quite simple, but the end result continues to elude me..
I have two LAN's, 192.168.0.0 (A) and 192.168.100.0 (B). I need the hosts on (B) to talk the servers on (A).
I have a Cisco 2801 Router. From (A) I can ping the interface configured to subnet (B) but cannot ping the hosts on the other side.
What is the simplest configuration for making A and B talk to each other efficiently? Thanks
07-12-2007 11:12 AM
Make sure you configure the default gateway (router local interface address) on the workstations.
Hope this helps,
07-12-2007 11:17 AM
Yep, have the router interface set as gateway, in addition to my LAN gateway...is this bad?
07-12-2007 11:29 AM
You should nornally have only one default gateway.
If you just want to test the connectivity between subnet A and B then you could just manually add the routes on the workstations as follow (assuming they are windows WS):
on workstations on subnet A:
route add 192.168.100.0 mask 255.255.255.0 192.168.0.9
on workstations on subnet B:
route add 192.168.0.0 mask 255.255.255.0 192.168.100.1
This should do what you are looking for.
Hope this helps,
07-12-2007 11:40 AM
Ive done this as well, still doesnt work. Perhaps I have something else wrong here...
07-12-2007 11:13 AM
Is it possible to see the configuration that you are using?
07-12-2007 11:15 AM
Yep...Im new to Cisco routers so this is a test environment...
Building configuration...
Current configuration : 1857 bytes
!
version 12.4
service config
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname itfroute01
!
boot-start-marker
boot-end-marker
!
no logging buffered
enable secret 5 $1$iH4t$INo3qB3/GCKlCHtjPH4JS/
enable password
!
no aaa new-model
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
no ip routing
no ip cef
!
!
no ip dhcp use vrf connected
!
!
ip domain name itfnet.com
ip name-server 192.168.0.4
ip name-server 192.168.0.6
!
!
!
!
interface FastEthernet0/0
description $ETH-LAN$
ip address 192.168.0.9 255.255.255.0
ip access-group sdm_fastethernet0/0_in in
ip access-group oubound0/0 out
no ip route-cache
speed auto
full-duplex
no mop enabled
!
interface FastEthernet0/1
description $ETH-LAN$
ip address 192.168.100.1 255.255.255.0
ip access-group sdm_fastethernet0/1_in in
ip access-group outbound0/1 out
ip nat inside
no ip route-cache
duplex auto
speed auto
!
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0 permanent
ip route 192.168.0.0 255.255.255.0 FastEthernet0/0
ip route 192.168.0.0 255.255.255.0 FastEthernet0/1
ip route 192.168.100.0 255.255.255.0 FastEthernet0/0
ip route 192.168.100.0 255.255.255.0 FastEthernet0/1
!
ip http server
ip nat inside source list sdm_fastethernet0/1_in interface FastEthernet0/0 overload
!
ip access-list standard oubound0/0
remark SDM_ACL Category=1
permit 0.0.0.0 255.255.255.0
ip access-list standard outbound0/1
remark SDM_ACL Category=1
permit 0.0.0.0 255.255.255.0
!
ip access-list extended sdm_fastethernet0/0_in
remark SDM_ACL Category=1
permit ip any any
ip access-list extended sdm_fastethernet0/1_in
remark SDM_ACL Category=3
permit ip any any
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
password
login
!
end
07-12-2007 11:19 AM
For starters try taking all the following route statements out:
ip route 192.168.0.0 255.255.255.0 FastEthernet0/0
ip route 192.168.0.0 255.255.255.0 FastEthernet0/1
ip route 192.168.100.0 255.255.255.0 FastEthernet0/0
ip route 192.168.100.0 255.255.255.0 FastEthernet0/1
07-12-2007 11:29 AM
I think the next problem is in your outbound0/1 and outbound0/0 access-lists.
I am not sure what you actually want to permit out those interfaces but assuming you want to permit all traffic it needs to be
permit ip any any
if you just want to permit the specific subnet out each interface it would need to be for outbound0/0
permit 192.168.0.0 0.0.0.255
and for outbount0/1
permit 192.168.100.0 0.0.0.255
right now your access-list is only permitting network any.any.any.0 and nothing else.
07-12-2007 11:40 AM
Ok, here is my new config, still cant ping hosts on B...
Building configuration...
Current configuration : 1612 bytes
!
version 12.4
service config
service timestamps debug datetime msec
service timestamps log datetime msec
!
hostname itfroute01
!
boot-start-marker
boot-end-marker
!
no logging buffered
enable secret xxx
enable password
!
no aaa new-model
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
no ip routing
no ip cef
!
!
no ip dhcp use vrf connected
!
!
ip domain name itfnet.com
ip name-server 192.168.0.4
ip name-server 192.168.0.6
!
!
!
!
interface FastEthernet0/0
description $ETH-LAN$
ip address 192.168.0.9 255.255.255.0
ip access-group any in
ip access-group any out
no ip route-cache
speed auto
full-duplex
no mop enabled
!
interface FastEthernet0/1
description $ETH-LAN$
ip address 192.168.100.1 255.255.255.0
ip access-group any in
ip access-group any out
ip nat inside
no ip route-cache
duplex auto
speed auto
!
ip classless
!
ip http server
ip nat inside source list sdm_fastethernet0/1_in interface FastEthernet0/0 overload
!
ip access-list standard any
remark SDM_ACL Category=1
permit any
ip access-list standard oubound0/0
remark SDM_ACL Category=1
permit 0.0.0.0 255.255.255.0
ip access-list standard outbound0/1
remark SDM_ACL Category=1
permit 0.0.0.0 255.255.255.0
!
ip access-list extended sdm_fastethernet0/0_in
remark SDM_ACL Category=1
permit ip any any
ip access-list extended sdm_fastethernet0/1_in
remark SDM_ACL Category=2
permit ip any any
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
password
login
!
end
07-12-2007 12:00 PM
I know this is simple stuff..
I can ping both router interfaces from both subnets, all routes are in the windows routing tables, but STIll cant ping hosts behind the router. errr
Thanks for all the help, very appreciated
07-12-2007 12:02 PM
can i see what the ACL's look like now
07-12-2007 12:04 PM
Standard IP access list any
10 permit any (4139 matches)
Standard IP access list oubound0/0
10 permit 0.0.0.0, wildcard bits 255.255.255.0
Standard IP access list outbound0/1
10 permit 0.0.0.0, wildcard bits 255.255.255.0
Extended IP access list sdm_fastethernet0/0_in
10 permit ip any any (124287 matches)
Extended IP access list sdm_fastethernet0/1_in
10 permit ip any any
07-12-2007 12:08 PM
Your ACL is preventing this traffic from crossing the interface. The ACL's are affecting this.
Can you try to modify them the way I previously recomended. Or a quicker solution would just be to remove the oubound0/0 and oubound0/1 from the interfaces!!
07-12-2007 04:29 PM
You have a 'no ip routing' statement. Enable routing by doing an 'ip routing'.
HTH
--CS
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide