2600 basic router configurations

Unanswered Question
Mar 27th, 2008

Guys, I am trying to configure a 2600 (12.2) with two fast ethernet ports to operate as a basic router to provide users with Internet access but I am having a problem. The f0/0 interface is 10.0.0.1 and connected to a PC 10.0.0.2 that is using 10.0.0.1 as its gateway. Interface f0/1 is connected to an ADSL modem and have an address of 192.168.1.70. The router can ping internet addresses therefore the connection between it and the outside world is working. The PC can ping both router ip addresses but not the address of the ADSL modem (192.168.1.200) or any other external addresses.

I have added the ip route 0.0.0.0 0.0.0.0 192.168.1.200 to set a default route but stil no luck. Can anyone offer any further suggestions? I thought that this would be all I needed to do!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (2 ratings)
Loading.
Paolo Bevilacqua Thu, 03/27/2008 - 10:51

Likely you're missing nat:

int fa0/0

ip nat inside

int fa0/1

ip nat outside

ip nat inside source list 1 interface fa0/1

access-list 1 permit 10.0.0.0 0.0.0.255

Hope this helps, please rate post if it does!

gerryarms Thu, 03/27/2008 - 11:07

I was hoping not to need to use NAT. What I wish to be able to do is to allow all traffic in either direction without anything being blocked or redirected. I have been having some problems with SIP and wish to use a basic routing connection to test.

Paolo Bevilacqua Thu, 03/27/2008 - 11:15

Private address + internet = need for NAT.

Note you haven't got a public address from ISP, check with them, possibly they are doing do another NAT on top of your.

gerryarms Thu, 03/27/2008 - 11:24

Ok, in the real life scenario (I am testing internally here first) I will have a public address assigned to f0/1 interface and 192.168.1.1 assigned to the f0/0 interface.

I assume I will still need NAT in this scenario as well but how can I configure the router to allow full access from either side to the other?

The problem I am having with a NAT firewall currently in place is that it is blocking incoming traffic as the response to some of the SIP requests come back on different ports. I am trying to open everything to test if the problem is with the current Router/Firewall or something else.

Paolo Bevilacqua Thu, 03/27/2008 - 11:42

Hi, IOS has a sophisticated ALG algorithms so that when sessions are started from inside to outside, translations will be dynamically opened as necessary for the necessary duration. SIP is included in the that.

Then you can have static translation to expose something internal permanently. Other needs should be seen on a case by cases basis.

If you don't want nat at all, get an ISP that is able to assign you a subnet with public address.

Hope thus helps, please rate post if it does!

gerryarms Thu, 03/27/2008 - 11:47

Ok, I will try this router using NAT as you suggested and see how it goes. I am getting the impression that I am going to have to purchase a SIP compliant firewall to work in this configuration. Thanks for your help.

Actions

This Discussion