cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2332
Views
5
Helpful
24
Replies

The PCs can ping both of the router´s ethernet interfaces, but CANNOT go beyond that.

galongagalonga
Level 1
Level 1

Hi everyone

I have a 2514 and I´m using both ethernet ports (config below).

One is attached to the LAN and the other to a cable modem with a FIXED ip address.

I can make the router see the internet (pings anything) by just adding the classic "ip route 0.0.0.0 0.0.0.0 (gateway´s ip address)"

The PCs can ping both of the router´s ethernet interfaces, but CANNOT go beyond that.

I know it´s a simple matter to solve (probably just another "ip route" command) and thus I thank you!


Cisco Internetwork Operating System Software
IOS (tm) 2500 Software (C2500-IS-L), Version 12.0(28c), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2005 by cisco Systems, Inc.
Compiled Wed 30-Mar-05 16:33 by pwade
Image text-base: 0x0303E2D4, data-base: 0x00001000

ROM: System Bootstrap, Version 11.0(10c), SOFTWARE
BOOTFLASH: 3000 Bootstrap Software (IGS-BOOT-R), Version 11.0(10c), RELEASE SOFTWARE (fc1)

189-57-241-178 uptime is 19 hours, 52 minutes
System restarted by reload
System image file is "flash:c2500-is-l.120-28c.bin"

cisco 2500 (68030) processor (revision L) with 6144K/2048K bytes of memory.
Processor board ID 05689092, with hardware revision 00000000
Bridging software.
X.25 software, Version 3.0.0.
2 Ethernet/IEEE 802.3 interface(s)
2 Serial network interface(s)
32K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash (Read ONLY)

Configuration register is 0x2102

1 Accepted Solution

Accepted Solutions

galongagalonga wrote:

No, I do not own the address  189.57.etc

But since I´m a total ******* when it comes to routing I guess that means I did not know I just can´t use that address and have to retort to the 192.168....blablabla

Actually, I did try that as well with the same results, but I can do it again and let you know in a coupla minutes

You do own the 201.17.6.x addressing though right ?

Assuming your internal addressing for PCs was changed to 192.168.1.0/24 your config should look like

int eth0

ip address 192.168.1.1 255.255.255.0

ip nat inside

int eth1

ip address 201.17.6.16 255.255.255.0

ip nat outside

ip nat inside source list 101 interface eth1 overload

access-list 101 permit ip 192.168.1.0 0.0.0.255 any

Jon

View solution in original post

24 Replies 24

Jon Marshall
Hall of Fame
Hall of Fame

galongagalonga wrote:

Hi everyone

I have a 2514 and I´m using both ethernet ports (config below).

One is attached to the LAN and the other to a cable modem with a FIXED ip address.

I can make the router see the internet (pings anything) by just adding the classic "ip route 0.0.0.0 0.0.0.0 (gateway´s ip address)"

The PCs can ping both of the router´s ethernet interfaces, but CANNOT go beyond that.

I know it´s a simple matter to solve (probably just another "ip route" command) and thus I thank you!


Cisco Internetwork Operating System Software
IOS (tm) 2500 Software (C2500-IS-L), Version 12.0(28c), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2005 by cisco Systems, Inc.
Compiled Wed 30-Mar-05 16:33 by pwade
Image text-base: 0x0303E2D4, data-base: 0x00001000

ROM: System Bootstrap, Version 11.0(10c), SOFTWARE
BOOTFLASH: 3000 Bootstrap Software (IGS-BOOT-R), Version 11.0(10c), RELEASE SOFTWARE (fc1)

189-57-241-178 uptime is 19 hours, 52 minutes
System restarted by reload
System image file is "flash:c2500-is-l.120-28c.bin"

cisco 2500 (68030) processor (revision L) with 6144K/2048K bytes of memory.
Processor board ID 05689092, with hardware revision 00000000
Bridging software.
X.25 software, Version 3.0.0.
2 Ethernet/IEEE 802.3 interface(s)
2 Serial network interface(s)
32K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash (Read ONLY)

Configuration register is 0x2102

If the PCs are using private addressing then have you set up NAT on the router. You will need to because private addressing is not routable on the Internet.

Can you post router config and also the addressing used by the PCs.

Jon

Yes, I know that in order to be able to use intranet numbers such as (192.168.0.1-255) it´s necessary to use NAT.

But I tried with both IP intranet numbers (using the commands ip nat inside etc) and regular IP numbers and got the same results: the router can ping everyone, but the internet users can only ping both ethernet ports and do not even reach the default gateway

galongagalonga wrote:

Yes, I know that in order to be able to use intranet numbers such as (192.168.0.1-255) it´s necessary to use NAT.

Good, glad to hear it

Now could you post details as per last post ie. config + pc addressing.

Jon

The PC that I want to access the internet has an IP number of 189.57.231.227 mask 255.255.255.0 and a gateway 189.57.231.22

The 2514 has the following configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router
!
!
ip subnet-zero
!
!
!
interface Ethernet0
ip address 189.57.231.225 255.255.255.248
no ip directed-broadcast
!
interface Ethernet1
ip address 201.17.6.16 255.255.255.0
no ip directed-broadcast
!
interface Serial0
no ip address
no ip directed-broadcast
no ip mroute-cache
shutdown
no fair-queue
!
interface Serial1
no ip address
no ip directed-broadcast
shutdown
!
ip classless
ip route 0.0.0.0 0.0.0.0 201.17.6.1
!
!
line con 0
transport input none
line aux 0
line vty 0 4
!
end

galongagalonga wrote:

The PC that I want to access the internet has an IP number of 189.57.231.227 mask 255.255.255.0 and a gateway 189.57.231.22

The 2514 has the following configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router
!
!
ip subnet-zero
!
!
!
interface Ethernet0
ip address 189.57.231.225 255.255.255.248
no ip directed-broadcast
!
interface Ethernet1
ip address 201.17.6.16 255.255.255.0
no ip directed-broadcast
!
interface Serial0
no ip address
no ip directed-broadcast
no ip mroute-cache
shutdown
no fair-queue
!
interface Serial1
no ip address
no ip directed-broadcast
shutdown
!
ip classless
ip route 0.0.0.0 0.0.0.0 201.17.6.1
!
!
line con 0
transport input none
line aux 0
line vty 0 4
!
end

Firstly, have these addresses been allocated to you ie. both public on eth0 and eth1 ?

I suspect the issue is that there is no route back to your LAN addressing. So when you ping from the router itself it works because the router uses the source address of eth1.  Try doing an extended ping on the router using the source ip on eth0 and see if ping works.

If the 189.57 addressing has been allocated to you then you can either -

1) Nat them to the eth1 ip address

OR

2) add a route to the next hop device ie. 201.17.6.1 for your LAN addressing pointing back to 201.17.6.16

if you don't own the 189.57 addressing you only have the choice of natting your LAN addresses to eth1

You say you have tried NAT already, what was the config you tried ?

Jon

No, I do not own the address  189.57.etc

But since I´m a total dumbass when it comes to routing I guess that means I did not know I just can´t use that address and have to retort to the 192.168....blablabla

Actually, I did try that as well with the same results, but I can do it again and let you know in a coupla minutes

galongagalonga wrote:

No, I do not own the address  189.57.etc

But since I´m a total ******* when it comes to routing I guess that means I did not know I just can´t use that address and have to retort to the 192.168....blablabla

Actually, I did try that as well with the same results, but I can do it again and let you know in a coupla minutes

You do own the 201.17.6.x addressing though right ?

Assuming your internal addressing for PCs was changed to 192.168.1.0/24 your config should look like

int eth0

ip address 192.168.1.1 255.255.255.0

ip nat inside

int eth1

ip address 201.17.6.16 255.255.255.0

ip nat outside

ip nat inside source list 101 interface eth1 overload

access-list 101 permit ip 192.168.1.0 0.0.0.255 any

Jon

THANK YOU THANK YOU THANK YOU THANK YOU THANK YOU THANK YOU THANK YOU THANK YOU THANK YOU THANK YOU THANK YOU THANK YOU THANK YOU THANK YOU THANK YOU THANK YOU THANK YOU THANK YOU THANK YOU THANK YOU THANK YOU THANK YOU THANK YOU THANK YOU THANK YOU THANK YOU THANK YOU THANK YOU THANK YOU THANK YOU THANK YOU THANK YOU THANK YOU THANK YOU THANK YOU THANK YOU THANK YOU THANK YOU THANK YOU THANK YOU THANK YOU THANK YOU!!!!!!!!!!!!!!!!!

(SOB) BOHOOOOO (TEARS)

I take it that it's working now then

Glad to have helped.#

Jon

Yes it is and I thank you again.

I get the feeling the problem was the lack of the "access-list 101 permit ip 192.168.1.0 0.0.0.255 any" command

my gut tells me that cisco products policy are "you can´t do jack unless you especifically allow so", which is nice for security but sucks if you are a newbie

tomorrow I´m going to try to connect the serial port as well (have 2 internet connections): hope I can count on your support should you be around ok?

galongagalonga wrote:

Yes it is and I thank you again.

I get the feeling the problem was the lack of the "access-list 101 permit ip 192.168.1.0 0.0.0.255 any" command

my gut tells me that cisco products policy are "you can´t do jack unless you especifically allow so", which is nice for security but sucks if you are a newbie

tomorrow I´m going to try to connect the serial port as well (have 2 internet connections): hope I can count on your support should you be around ok?

The acl as you probably realised is what tells the router which packets to NAT. Without that having "ip nat inside" and "ip nat outside" configured wasn't actually doing anything.

It certainly can be a steep learning curve if your'e new to Cisco products

I'll be glad to help out if i'm around but the good news is that there are loads of people on these forums that can do the same so you should be able to get help no matter.

If you do need help make sure you post the config you are working with as this saves both you and the people who might answer some time.

Jon

ok I´m back (this time with another moniker as cisco´s site keeps deleting mine)

This time I´ve also set up the serial connection in order to allow 2 connections to the internet (one cable and the other optic)

The config is as follows:

version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router
!
enable password abc123
!
ip subnet-zero
!
!
!
interface Ethernet0
ip address 192.168.1.1 255.255.255.0
no ip directed-broadcast
ip nat inside
!
interface Ethernet1
ip address 201.17.6.16 255.255.255.0
no ip directed-broadcast
ip nat outside
!
interface Serial0
ip address 189.57.241.178 255.255.255.252
no ip directed-broadcast
no ip mroute-cache
no fair-queue
!
interface Serial1
no ip address
no ip directed-broadcast
shutdown
!
ip nat inside source list 101 interface Ethernet1 overload
ip nat inside source static tcp 192.168.1.21 80 201.17.6.16 80 extendable
ip nat inside source static tcp 192.168.1.21 21 201.17.6.16 21 extendable
ip nat inside source static tcp 192.168.1.21 25 201.17.6.16 25 extendable
ip nat inside source static tcp 192.168.1.21 110 201.17.6.16 110 extendable
ip nat inside source static tcp 192.168.1.21 5060 201.17.6.16 5060 extendable
ip nat inside source static tcp 192.168.1.21 65000 201.17.6.16 65000 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 201.17.6.1
!
!
ip access-list extended WebServer
permit tcp any host 201.17.6.16 eq www
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
!
line con 0
password abc123
login
transport input none
line aux 0
line vty 0 4
password abc123
login

The router is a 2514 with the following config:

Cisco Internetwork Operating System Software
IOS (tm) 2500 Software (C2500-IS-L), Version 12.0(28c), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2005 by cisco Systems, Inc.
Compiled Wed 30-Mar-05 16:33 by pwade
Image text-base: 0x0303E2D4, data-base: 0x00001000

ROM: System Bootstrap, Version 11.0(10c), SOFTWARE
BOOTFLASH: 3000 Bootstrap Software (IGS-BOOT-R), Version 11.0(10c), RELEASE SOFT
WARE (fc1)

Router uptime is 19 minutes
System restarted by power-on
System image file is "flash:c2500-is-l.120-28c.bin"

cisco 2500 (68030) processor (revision L) with 6144K/2048K bytes of memory.
Processor board ID 05689092, with hardware revision 00000000
Bridging software.
X.25 software, Version 3.0.0.
2 Ethernet/IEEE 802.3 interface(s)
2 Serial network interface(s)
32K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash (Read ONLY)

Configuration register is 0x2102

I can´t seem to make both work. It only accesses through the cable and it seems that after a while it loses connection so I have to reboot the router (rebooting the cable modem will not do the trick)

I really tried everything because I hate bothering others, but newbies + cisco = trouble!

galonga@yahoo.com

ok I´m back (this time with another moniker as cisco´s site keeps deleting mine)

This time I´ve also set up the serial connection in order to allow 2 connections to the internet (one cable and the other optic)

The config is as follows:

version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router
!
enable password abc123
!
ip subnet-zero
!
!
!
interface Ethernet0
ip address 192.168.1.1 255.255.255.0
no ip directed-broadcast
ip nat inside
!
interface Ethernet1
ip address 201.17.6.16 255.255.255.0
no ip directed-broadcast
ip nat outside
!
interface Serial0
ip address 189.57.241.178 255.255.255.252
no ip directed-broadcast
no ip mroute-cache
no fair-queue
!
interface Serial1
no ip address
no ip directed-broadcast
shutdown
!
ip nat inside source list 101 interface Ethernet1 overload
ip nat inside source static tcp 192.168.1.21 80 201.17.6.16 80 extendable
ip nat inside source static tcp 192.168.1.21 21 201.17.6.16 21 extendable
ip nat inside source static tcp 192.168.1.21 25 201.17.6.16 25 extendable
ip nat inside source static tcp 192.168.1.21 110 201.17.6.16 110 extendable
ip nat inside source static tcp 192.168.1.21 5060 201.17.6.16 5060 extendable
ip nat inside source static tcp 192.168.1.21 65000 201.17.6.16 65000 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 201.17.6.1
!
!
ip access-list extended WebServer
permit tcp any host 201.17.6.16 eq www
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
!
line con 0
password abc123
login
transport input none
line aux 0
line vty 0 4
password abc123
login


Okay, first things first - do you own the address on your serial interface

Assuming you do there are a couple of things you need to add to your config

1) you need an "ip nat outside" statement under the serial interface ie.

int serial0

ip nat outside

2) You only have one default route on our router pointing to 201.17.6.1 so it will only ever use that link. You need to add another default route so the router will alternate between the  -

ip route 0.0.0.0 0.0.0.0  189.57.241.77

Also bear in mind, your static NATs use 201.17.6.16  so any inbound traffic to your servers will use that link.

Jon

oops !

you also need another nat line ie.

ip nat inside source list 101 interface serial0 overload

Jon

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco