HELP: sharing internet on 2 networks

Answered Question
Jul 15th, 2008
User Badges:

Hello. I'm a newbie so I use graphical interface to configure my cisco router 871

I have 2 networks

n1: /24

n2: /24 is the gateway to internet

n1 has not access to the internet

n2 has the access to the internet using the gateway

I want n1 to use the internet access of n2

so I have connected n1 to fe0 with ip and create the vlan1.

n2 is connected to fe1 with ip and create vlan 2

after that I have created a nat between vlan1 and vlan2. No rules are defined .

on n1 each PC has as default gateway and as DNS server

from n1 I can ping the default gateway but I can't access to the net. I have the dns resolution from n1, i can for example get the ip adress of cisco server, but from internet explorer I always have "connecting to" but no connection. The ping give me the ip address but no answer from the server!

Is someone can help me, but only with graphical interface or maybe told me if my configuration is very bad!!!

I have created a NAT because I can't modify the default gateway on n2 and so the n1 network is not sawn by the default gateway

Correct Answer by izackvail about 8 years 9 months ago

Try putting a default route on the 871.

ip route

Then setup your clients on the 192 side with a default gateway of and setup the clients on the 10 side with

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
paolo bevilacqua Tue, 07/15/2008 - 10:03
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member

Hi, it's practically impossible to help you with graphical interface. telnet to router, loging with username/password, type "term len 0", then "show run" and copy the full output here.

Someone will tell you how to change the configuration from CLI.

quitesyssarl Tue, 07/15/2008 - 13:40
User Badges:

ok here is the conf


!This is the running config of the router:


!version 12.4

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

service password-encryption

service sequence-numbers


hostname router





logging buffered 51200

logging console critical

enable secret xxx


no aaa new-model


crypto pki trustpoint TP-self-signed-651071305

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-651071305

revocation-check none

rsakeypair TP-self-signed-651071305



crypto pki certificate chain TP-self-signed-651071305

certificate self-signed 01



dot11 syslog

no ip source-route

ip cef


ip auth-proxy max-nodata-conns 3

ip admission max-nodata-conns 3

no ip bootp server

no ip domain lookup


username quitesys privilege 15 secret xxx




log config




ip tcp synwait-time 10

ip ssh time-out 60

ip ssh authentication-retries 2


interface FastEthernet0


interface FastEthernet1

switchport access vlan 2


interface FastEthernet2


interface FastEthernet3


interface FastEthernet4

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow


duplex auto

speed auto


interface Vlan1


ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

ip virtual-reassembly

ip route-cache flow

ip tcp adjust-mss 1452


interface Vlan2

description $FW_OUTSIDE$

ip address

ip nat outside

ip virtual-reassembly


ip forward-protocol nd


ip http server

ip http access-class 23

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

ip nat inside source list 1 interface Vlan2 overload


logging trap debugging

access-list 1 remark SDM_ACL Category=2

access-list 1 permit

access-list 100 remark SDM_ACL Category=2

access-list 100 permit ip any any

no cdp run




banner exec ^C

% Password expiration warning.

username privilege 15 secret 0



banner login ^CAuthorized access only!

Disconnect IMMEDIATELY if you are not an authorized user!^C


line con 0

login local

no modem enable

transport output telnet

line aux 0

login local

transport output telnet

line vty 0 4

privilege level 15

login local

transport input telnet ssh


scheduler max-task-time 5000

scheduler allocate 4000 1000

scheduler interval 500



Correct Answer
izackvail Tue, 07/15/2008 - 14:29
User Badges:
  • Bronze, 100 points or more

Try putting a default route on the 871.

ip route

Then setup your clients on the 192 side with a default gateway of and setup the clients on the 10 side with

quitesyssarl Tue, 07/15/2008 - 22:55
User Badges:

ok with the route but I don't have to add the default gateway on each network


This Discussion