routing between two lans

Unanswered Question
Oct 11th, 2007

I have one lan connect using a Linksys wireless nat router, i also have a testing/learning network with 5 pc's, Cisco 3550 switch and 2600 router with 2 ethernet interfaces. Lan A (Linksys wireless) 192.168.1.0 | Lan B (testing/learning) 192.168.2.0. The 2600 router e/0 address 192.168.2.1 e/1 192.168.1.2. Linksys address 192.168.1.1

I want to beable to get out to the internet from the test/learning network. I have rip protocal enabled, network 192.168.1.0 and .2.0

I can ping both interfaces...but can not get out. I have been searching for some direction to no luck. If someone can maybe point me in the right direction I would appreciate it. Network Diagram is attached for a better understanding of my home/learning network

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.7 (3 ratings)
Loading.
nathancielieska Thu, 10/11/2007 - 11:23

My guess is that your linksys router is the culprit. Here is how i would set it up.

Make your testing and learning hosts default gateway as 192.168.2.1

I would broadcast your wireless users the ip address of 192.168.1.1 as there default gateway. On the linksys i would have a default gateway pointing to your 2600 for routing (192.168.1.2). I would do NAT on your router making your internet connection your ip nat outside and your two ethernet interfaces as ip nat insides (please see Ciscos site for configuring NAT on routers).

This would allow your testing machines to get to the internet and your wireless users. It would also allow your wireless users to use the 2600 to get to the internet.

Hope it helps.

sundar.palaniappan Thu, 10/11/2007 - 11:33

You can do this just with NAT.

Try this config on the 2600.

int e0

ip nat inside

int e1

ip nat outside

ip nat inside source list 10 int e1 overload

access-list 10 permit 192.168.2.0

HTH

Sundar

mseaman56 Thu, 10/11/2007 - 11:58

I want to thank you for the help. I had thought about nat but was not sure. I will try the config you have and again thanks for the direction.

Mark

mseaman56 Fri, 10/12/2007 - 04:19

I want to post my config on the router and see if anyone can point out any mistakes. I am thinking nathancielieska is right and the linksys is the problem.

Current configuration : 893 bytes

!

version 12.3

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname training

!

boot-start-marker

boot-end-marker

!

enable secret ??????????

enable password ????????

!

no aaa new-model

ip subnet-zero

ip cef

!

!

!

ip audit po max-events 100

!

!

interface Ethernet0/0

ip address 192.168.2.1 255.255.255.0

ip nat inside

half-duplex

!

interface Ethernet0/1

ip address 192.168.1.2 255.255.255.0

ip nat outside

half-duplex

!

router rip

network 192.168.1.0

network 192.168.2.0

!

ip nat pool training 192.168.2.2 192.168.2.50 netmask 255.255.255.0

ip nat inside source list 10 pool training overload

no ip http server

no ip http secure-server

ip classless

!

!

access-list 10 permit 192.168.2.0

!

!

!

!

!

!

line con 0

line aux 0

line vty 0 4

password ??????

login

!

!

end

mseaman56 Fri, 10/12/2007 - 05:37

Yes I can but will have to wait till I return home this evening, probably around 6pm EST.

thanks for the reply

hi.622823 Fri, 10/12/2007 - 05:47

Hey, no problem at all.

Also, I don't think enabling NAT on the Cisco router will help, because you're translating one private IP into another --- this won't get you to the internet.

mseaman56 Fri, 10/12/2007 - 06:30

The linksys wireless router is connect to the internet and is configured as a gateway and does the Nat for my home network 192.168.1.0. I have my training network as 2.0 with the 2600 e0/1 interface connected to the linksys with an static address of 1.2 The router will not route past the 192.168.2.1 e0/0 to the e0/1 interface or from my home network to my learning network.

I am looking to take my ccna sometime down the road and that is why I am playing with all of this; trying to expand my knowledge and learn, doing labs and creating my own network.

Thanks

jaipal Fri, 10/12/2007 - 07:46

Hi,

I would suggest to have route specified on the cisco router pointing to LAN A

ip route 0.0.0.0 0.0.0.0 192.168.1.2

See if this would help you !!

Thanks,

sundar.palaniappan Fri, 10/12/2007 - 10:02

Mark,

Did you try the NAT configuration I suggested? This configuration would make it appear all traffic is coming 192.168.1.2 from the Linksys router's perspective. The linksys then would NAT all traffic from the test network to it's global address. Basically you are doing double NAT here - on the Linksys and 2600.

The NAT configuration that you have in there to NAT all traffic to 192.168.2.2-50 isn't providing any benefit. For your configuration to work you need to do two things on the Linksys - Add 192.168.2.0/24 to the addresses to be NATted to the global address and a route to get to 192.168.2.0/24 to point to the 2600.

HTH

Sundar

mseaman56 Fri, 10/12/2007 - 11:32

I thought I had tried. I have Cisco CCNA 1 & 2 books at home that I use for reference and maybe I didn't understand the correct way to enter the configuration for Nat. I posted the config of the router. I guess I am not understanding.

the nat pool that I have I thought would send all the address in that pool (which is my learning network) to the outside nat interface e0/1 and then on to the linksys.

My understanding is you either have to staticlly assign the addresses or have a pool of the addresses you want to use from the network.

If I am understanding you correctly I do not need to have this nat pool or specify any addresses.

The one thing I have not done is add the 192.168.2.0/24 to the addresses on the link sys. and the route to the 2.0

Thanks for allowing me to pick your brain.

Mark

sundar.palaniappan Fri, 10/12/2007 - 12:27

You don't always need a NAT pool. Using a NAT pool is one of way doing dynamic NAT. You could also use the outside interface to NAT (PAT) all internal traffic. Let me try to explain how the configuration I suggested should work.

int e0

ip nat inside

int e1

ip nat outside

ip nat inside source list 10 int e1 overload

access-list 10 permit 192.168.2.0

All PCs on your test network would use the e0's IP of 192.168.2.1 as their gateway.

The above NAT inside command and access list would NAT (PAT) all traffic from 192.168.2.0/24 network to e1's IP address of 192.168.1.2 and send it over to the Linksys. You would also need to configure a default on the 2600 to point to the 192.168.1.1 (Linksys).

The Linksys would then route all traffic from any host on the 192.168.1.0/24 network, that includes 192.168.1.2 (2600), out to the ISP by NATting (PAT) the traffic using it's public IP address.

When the return traffic arrives at the Linksys it would know how to route the traffic back to the local client using the internal (192.168.1.x) address.

HTH

Sundar

mseaman56 Fri, 10/12/2007 - 12:52

Thank you Sundar for the explaination and your valuable time...I believe I understand now. Will see if I do when I get home and change the configuration. Will post later to update.

Thanks,

Mark

mseaman56 Fri, 10/12/2007 - 16:41

I made some improvement. I am able to route to my home network of 192.168.1.0. I am able to do a trace to both my home computers and I am able to remote into my linksys router, but I still am not able to get to the wan. Here is my 2600 config:

interface Ethernet0/0

ip address 192.168.2.1 255.255.255.0

ip nat inside

half-duplex

!

interface Ethernet0/1

ip address 192.168.1.2 255.255.255.0

ip nat outside

half-duplex

!

router rip

network 192.168.1.0

network 192.168.2.0

!

ip nat inside source list 10 pool training overload

no ip http server

no ip http secure-server

ip classless

ip route 0.0.0.0 0.0.0.0 192.168.1.1

!

!

access-list 10 permit 192.168.2.0

I added a route to my 2.0 network in my linksys.

Here is also my linksys routing table.

Destination LAN IP Subnet Mask Gateway Hop Count Interface

192.168.2.0 255.255.255.0 192.168.1.2 0 LAN & Wireless

192.168.1.0 255.255.255.0 0.0.0.0 0 LAN & Wireless

68.x.x.0 255.255.240.0 0.0.0.0 0 WAN (Internet)

0.0.0.0 0.0.0.0 68.203.80.1 0 WAN (Internet)

I wouldn't have gotten this far with out your help and is greatly appreciated.

Any thoughts?

Late here will return tomorrow.

thanks,

Mark

sundar.palaniappan Fri, 10/12/2007 - 17:40

Try this config and test.

no ip nat inside source list 10 pool training overload

ip nat inside source list 10 int e0/1 overload

mseaman56 Sat, 10/13/2007 - 05:53

Thanks for the instruction, unfortunatly no change. I am able to access the linksys web interface using 192.168.1.1 and 68.203.x.x which does not make any sense to me. that's my ip from the provider. I am still able to trace route to my home computers and from my home pc's to my training network. Again here is my 2600 config. Any thoughts?

nterface Ethernet0/0

ip address 192.168.2.1 255.255.255.0

ip nat inside

half-duplex

!

interface Ethernet0/1

ip address 192.168.1.2 255.255.255.0

ip nat outside

half-duplex

!

router rip

network 192.168.1.0

network 192.168.2.0

!

ip nat inside source list 10 interface Ethernet0/1 overload

no ip http server

no ip http secure-server

ip classless

ip route 0.0.0.0 0.0.0.0 192.168.1.1

!

!

access-list 10 permit 192.168.2.0

Thanks,

Mark

sundar.palaniappan Sat, 10/13/2007 - 06:53

If I am understanding you correct from a PC on the 192.168.2.0/24 (training) network you are able to ping 192.168.1.1 and your ISP's address (68.203.x.x) correct?

mseaman56 Sat, 10/13/2007 - 08:31

Yes I can ping from a pc on my 192.168.2.0/24 (training)network to 192.168.1.1 and the ip address of my cable modem 68.203.x.x. I can also login to my linksys via http using either 1.1 or 68.203.x.x:8080

thanks

Mark

mseaman56 Fri, 10/12/2007 - 12:21

I looked a little more and I think I understand now...if I use overload I am using Pat...so the nat pool is not needed.

Mark

fangshucheng Sat, 10/13/2007 - 07:11

You said:The 2600 router e/0 address 192.168.2.1 e/1 192.168.1.2, but the word document you uploaded shows me that e/0 address 192.168.1.2 e/1 192.168.2.1.

My guess is that you misconfig the 2600. Coud you check it and make sure?

mseaman56 Sat, 10/13/2007 - 08:41

thanks for pointing that out for me. the doc is wrong for those two interfaces. e/0 is 192.168.2.1 and e/1 is 192.168.1.2

thanks,

Mark

sundar.palaniappan Mon, 10/15/2007 - 14:34

Mark,

The NAT configuration on the 2600 would make it look like all traffic from the training network is coming from 192.168.1.2 from the Linksys router's perspective. If you were able to get to the Internet from the 192.168.1.0/24 network before then all traffic from the training network should be able to get to the Internet as well. If you aren't then there may be able a problem with the Linksys/Cable modem configuration. Another thing you might want to check is does your cable provider restrict access to only one host to have Internet access at any given time.

HTH

Sundar

mseaman56 Tue, 10/16/2007 - 04:37

Thanks Sundar for your reply. I was and I am able to access the Internet from the 192.168.1.0/24 network and yes more than one host can access, I have had 4 at a time do so. Could this be a dns issue? I have tried to ping the ISP's dns servers but time out from my 192.168.2.0/24 network. No problem with the .1.0/24 network. If this is the case then should I add an access list on the 2600 to permit and if so I am not sure which protocol to allow ie...all ip or just icmp, tcp ect..

Thanks,

Mark

Actions

This Discussion