CISCO Rourte 2800 (interfaces)

Answered Question
Jan 22nd, 2010

Hello fellows!


Just began to start with CISCO Router 2800, here is the sceme:

scr_cisco.JPG
So, we have 2 interfaces on router:
FA 0/0 192.168.100.200 ( It is from the outside netowrk which provide me the internet, the Internet server is 192.168.100.100)
FA 0/1 192.168.80.1 (My new created subnet)
I set the default gateway of the router to: 192.168.100.100

Using the software of router (web itnerface) I configured NAT, he asked me the interface from the internet is comming (outside 192.168.100.0) and where I want to share it (incoming 192.168.80.0) - now the internet appeared and the skype is ON )))


So, look - 1 . I'm at my PC 192.168.80.2 ping the server 192.168.100.100 STATUS OK! (so the outside subnet is working), now pinging my subnet ( 192.168.80.3 here is another PC) STATUS OK!
2. Going to the server room (from SERVER 192.168.100.100) pinging my router interface 192.168.100.200 STATUS OK!
NOW THE TROUBLE> PINGING FROM THE SERVER 192.168.100.100 THE NEW CREATED SUBNET 192.168.80.2

there is no ping =((
Please help what should I do?

I have this problem too.
0 votes
Correct Answer by Jon Marshall about 6 years 10 months ago

slash281990 wrote:

huh, hard to understand

ip nat inside source static {esp local-ip interface type number | local-ip global-ip} [extendablemapping-id map-id | no-alias | no-payload | redundancy group-name | route-map | reversible | vrf name] [match-in-vrf]

so I write

ip nat inside source static x.x.x.x
ip nat outside source static x.x.x.x

x.x.x.x - are the ip addreses

is it right?

If the inside address was 192.168.5.10 and you wanted to present it as 172.16.5.10 to the outside -

ip nat inside source static 192.168.5.10 172.16.5.10

Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Edison Ortiz Fri, 01/22/2010 - 11:52

It's working as expected.

NAT is supposed to hide your inside subnet from the outside.

If you need reachability to devices in the inside from the outside, you need to create static NAT.

Regards

Edison.

slash281990 Fri, 01/22/2010 - 12:25

can you provide me with a terminal command to do that please?

Thx a lot!

slash281990 Fri, 01/22/2010 - 13:14

huh, hard to understand

ip nat inside source static {esp local-ip interface type number | local-ip global-ip} [extendablemapping-id map-id | no-alias | no-payload | redundancy group-name | route-map | reversible | vrf name] [match-in-vrf]

so I write

ip nat inside source static x.x.x.x
ip nat outside source static x.x.x.x

x.x.x.x - are the ip addreses

is it right?

Correct Answer
Jon Marshall Fri, 01/22/2010 - 14:04

slash281990 wrote:

huh, hard to understand

ip nat inside source static {esp local-ip interface type number | local-ip global-ip} [extendablemapping-id map-id | no-alias | no-payload | redundancy group-name | route-map | reversible | vrf name] [match-in-vrf]

so I write

ip nat inside source static x.x.x.x
ip nat outside source static x.x.x.x

x.x.x.x - are the ip addreses

is it right?

If the inside address was 192.168.5.10 and you wanted to present it as 172.16.5.10 to the outside -

ip nat inside source static 192.168.5.10 172.16.5.10

Jon

slash281990 Fri, 01/22/2010 - 14:50

what does it mean "as"?


my ouside is 192.168.100.100

inside: 192.168.80.1
I just want the inside to be seen from the outside.

so I have just to write:ip nat inside source static 192.168.80.1 ?

Jon Marshall Fri, 01/22/2010 - 14:57

slash281990 wrote:

what does it mean "as"?


my ouside is 192.168.100.100

inside: 192.168.80.1
I just want the inside to be seen from the outside.

so I have just to write:ip nat inside source static 192.168.80.1 ?

Sorry, can you clarify

1) which interface has "ip nat outside" under it

2) which interface has "ip nat inside" under it

3) what exactly do you want to do ie. connect from which IP address to which IP address and do you want NAT involved ?

Jon

slash281990 Fri, 01/22/2010 - 15:02

Just please checkout the first my post to view the situation...

thre is described..

I want to make 192.168.80.0 to be visible for 192.162.100.0 ( and all other networks that I will add later)

Thx Jon!

Jon Marshall Fri, 01/22/2010 - 15:20

slash281990 wrote:

Just please checkout the first my post to view the situation...

thre is described..

I want to make 192.168.80.0 to be visible for 192.162.100.0 ( and all other networks that I will add later)

Thx Jon!

Okay so you don't need NAT.

The server, what is the default-gateway on it ? It should be the router interface 192.168.100.200.

Also you said you set the default-gateway on the router to be the server. The router doesn't need a default-gateway so if you have configured one can you remove it. The router must have "ip routing" enabled which it should do unless you disabled it.

Basically as long as the server has the default-gateway of 192.168.100.200 and the clients in vlan 80 have the default-gateway of 192.168.80.1 it should all work.

One other thing worth checking is whether you have personal firewalls on the clients that would stop ping requests.

I'm assuming you haven't configured access-lists on the router ?

Jon

Actions

This Discussion

Related Content