HELP: sharing internet on 2 networks

Answered Question
Jul 15th, 2008
User Badges:

Hello. I'm a newbie so I use graphical interface to configure my cisco router 871

I have 2 networks

n1: 10.0.0.0 /24

n2: 192.168.1.0 /24

192.168.1.252 is the gateway to internet


n1 has not access to the internet

n2 has the access to the internet using the gateway 192.168.1.252


I want n1 to use the internet access of n2


so I have connected n1 to fe0 with ip 10.0.0.250 and create the vlan1.


n2 is connected to fe1 with 192.168.1.251 ip and create vlan 2


after that I have created a nat between vlan1 and vlan2. No rules are defined .


on n1 each PC has 10.0.0.250 as default gateway and 192.168.1.252 as DNS server


from n1 I can ping the default gateway 192.168.1.252 but I can't access to the net. I have the dns resolution from n1, i can for example get the ip adress of cisco server, but from internet explorer I always have "connecting to http://www.cisco.com" but no connection. The ping give me the ip address but no answer from the server!


Is someone can help me, but only with graphical interface or maybe told me if my configuration is very bad!!!


I have created a NAT because I can't modify the default gateway on n2 and so the n1 network is not sawn by the default gateway 192.168.1.252

Correct Answer by izackvail about 8 years 9 months ago

Try putting a default route on the 871.


ip route 0.0.0.0 0.0.0.0 192.168.1.252


Then setup your clients on the 192 side with a default gateway of 192.168.1.251 and setup the clients on the 10 side with 10.100.132.250.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
paolo bevilacqua Tue, 07/15/2008 - 10:03
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member

Hi, it's practically impossible to help you with graphical interface. telnet to router, loging with username/password, type "term len 0", then "show run" and copy the full output here.


Someone will tell you how to change the configuration from CLI.

quitesyssarl Tue, 07/15/2008 - 13:40
User Badges:

ok here is the conf

=================================================

!This is the running config of the router: 10.100.132.250

!----------------------------------------------------------------------------

!version 12.4

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

service password-encryption

service sequence-numbers

!

hostname router

!

boot-start-marker

boot-end-marker

!

logging buffered 51200

logging console critical

enable secret xxx

!

no aaa new-model

!

crypto pki trustpoint TP-self-signed-651071305

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-651071305

revocation-check none

rsakeypair TP-self-signed-651071305

!

!

crypto pki certificate chain TP-self-signed-651071305

certificate self-signed 01

E90C589A

quit

dot11 syslog

no ip source-route

ip cef

!

ip auth-proxy max-nodata-conns 3

ip admission max-nodata-conns 3

no ip bootp server

no ip domain lookup

!

username quitesys privilege 15 secret xxx

!

!

archive

log config

hidekeys

!

!

ip tcp synwait-time 10

ip ssh time-out 60

ip ssh authentication-retries 2

!

interface FastEthernet0

!

interface FastEthernet1

switchport access vlan 2

!

interface FastEthernet2

!

interface FastEthernet3

!

interface FastEthernet4

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

shutdown

duplex auto

speed auto

!

interface Vlan1

description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$

ip address 10.100.132.250 255.255.255.224

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

ip virtual-reassembly

ip route-cache flow

ip tcp adjust-mss 1452

!

interface Vlan2

description $FW_OUTSIDE$

ip address 192.168.1.251 255.255.255.0

ip nat outside

ip virtual-reassembly

!

ip forward-protocol nd

!

ip http server

ip http access-class 23

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

ip nat inside source list 1 interface Vlan2 overload

!

logging trap debugging

access-list 1 remark SDM_ACL Category=2

access-list 1 permit 10.100.132.224 0.0.0.31

access-list 100 remark SDM_ACL Category=2

access-list 100 permit ip any any

no cdp run

!

control-plane

!

banner exec ^C

% Password expiration warning.

username privilege 15 secret 0

-----------------------------------------------------------------------

^C

banner login ^CAuthorized access only!

Disconnect IMMEDIATELY if you are not an authorized user!^C

!

line con 0

login local

no modem enable

transport output telnet

line aux 0

login local

transport output telnet

line vty 0 4

privilege level 15

login local

transport input telnet ssh

!

scheduler max-task-time 5000

scheduler allocate 4000 1000

scheduler interval 500

end

============================

Correct Answer
izackvail Tue, 07/15/2008 - 14:29
User Badges:
  • Bronze, 100 points or more

Try putting a default route on the 871.


ip route 0.0.0.0 0.0.0.0 192.168.1.252


Then setup your clients on the 192 side with a default gateway of 192.168.1.251 and setup the clients on the 10 side with 10.100.132.250.

quitesyssarl Tue, 07/15/2008 - 22:55
User Badges:

ok with the route but I don't have to add the default gateway on each network

Actions

This Discussion