03-27-2008 10:45 AM - edited 03-03-2019 09:18 PM
Guys, I am trying to configure a 2600 (12.2) with two fast ethernet ports to operate as a basic router to provide users with Internet access but I am having a problem. The f0/0 interface is 10.0.0.1 and connected to a PC 10.0.0.2 that is using 10.0.0.1 as its gateway. Interface f0/1 is connected to an ADSL modem and have an address of 192.168.1.70. The router can ping internet addresses therefore the connection between it and the outside world is working. The PC can ping both router ip addresses but not the address of the ADSL modem (192.168.1.200) or any other external addresses.
I have added the ip route 0.0.0.0 0.0.0.0 192.168.1.200 to set a default route but stil no luck. Can anyone offer any further suggestions? I thought that this would be all I needed to do!
03-27-2008 10:51 AM
Likely you're missing nat:
int fa0/0
ip nat inside
int fa0/1
ip nat outside
ip nat inside source list 1 interface fa0/1
access-list 1 permit 10.0.0.0 0.0.0.255
Hope this helps, please rate post if it does!
03-27-2008 11:07 AM
I was hoping not to need to use NAT. What I wish to be able to do is to allow all traffic in either direction without anything being blocked or redirected. I have been having some problems with SIP and wish to use a basic routing connection to test.
03-27-2008 11:15 AM
Private address + internet = need for NAT.
Note you haven't got a public address from ISP, check with them, possibly they are doing do another NAT on top of your.
03-27-2008 11:24 AM
Ok, in the real life scenario (I am testing internally here first) I will have a public address assigned to f0/1 interface and 192.168.1.1 assigned to the f0/0 interface.
I assume I will still need NAT in this scenario as well but how can I configure the router to allow full access from either side to the other?
The problem I am having with a NAT firewall currently in place is that it is blocking incoming traffic as the response to some of the SIP requests come back on different ports. I am trying to open everything to test if the problem is with the current Router/Firewall or something else.
03-27-2008 11:42 AM
Hi, IOS has a sophisticated ALG algorithms so that when sessions are started from inside to outside, translations will be dynamically opened as necessary for the necessary duration. SIP is included in the that.
Then you can have static translation to expose something internal permanently. Other needs should be seen on a case by cases basis.
If you don't want nat at all, get an ISP that is able to assign you a subnet with public address.
Hope thus helps, please rate post if it does!
03-27-2008 11:47 AM
Ok, I will try this router using NAT as you suggested and see how it goes. I am getting the impression that I am going to have to purchase a SIP compliant firewall to work in this configuration. Thanks for your help.
03-27-2008 01:49 PM
You should be fine with the router. Thanks for the nice rating and good luck!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: