cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
759
Views
0
Helpful
14
Replies

URGENT! 1600 Setup..

casapgb12
Level 1
Level 1

Our ISP turned up our T1 today. For whatever reason I told them that I would provide the router and configure it myself. Now that I have been staring at this all day I realize I have no clue where to start. Here is what I have: (IPs have been changed for security)

Qwest serial = 10.100.100.57/30

my serial = 10.100.100.58/30

usable IP block: 10.10.10.224/29

eth0: 10.10.10.225

dns = 205.171.3.65

eth 1private lan = 192.168.1.254/24

I configured Serial0 with 10.100.100.58 and setup NAT to my private LAN and that all worked great. But what I am needing to do is place 2 pieces of hardware on the public LAN using the 10.10.10.xxx address assigned to me. I cannot get these machines to do anything on ther Internet. I have bridged the ser0 and eth0, I have tried routing, i have sat and stared. I'm at a loss. Any help will be appreciated.

1 Accepted Solution

Accepted Solutions

Daniel

This link should help you understand extended ping and how to use it:

http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080093f22.shtml

If you can not ping the Ethernet 0 interface from an external network there is reason to believe that you have found at least part of the problem. Check with the provider and verify that you have the address and mask correct and that they have routes in their network to your router for that subnet.

HTH

Rick

HTH

Rick

View solution in original post

14 Replies 14

Hello,

from what I can tell, you are trying to allow Internet access for two machines with IP addresses in the 10.10.10.0 range ? Do you have configured the Ethernet0 interface as inside NAT interface as well, and allowed both IP addresses in an access list, in order to be ´eligible´ for translation ?

It might be easiest if you post the configuration of your router...

Regards,

GP

Georg

I believe your response is based on the assumption that 10.10.10.0 (private address space) are really the addresses on the LAN. And from that perspective your answer is quite correct. In reading the original post I believe that the comment that addresses have been changed for security suggests that the addresses on the "public" LAN may in fact be public addresses and not private addresses.

There are several possibilities that occur to me. We would need some more information to find what the real problem is.

- I do not see anything in the original post about routing. Is the router running any routing protocol? (I doubt it, but would like to know).

- does the router have a default route. (from the comment that the private LAN works I would assume so but I would like to know for sure).

- are the machines on the "public" LAN set up with proper addresses and masks. An error here could certainly prevent them from working.

- are the machines on the"public" LAN configured with default gateway that points to the new router? Can these machines ping to the default gateway?

- additional troubleshooting steps:

-- can these machines ping to the router serial interface?

-- can these machines ping to the provider address on the remote end of the serial connection?

And a note to the original post: I believe that the optimum solution will be a routing solution rather than a bridging solution.

HTH

Rick

HTH

Rick

Hello Rick,

appreciate your thoughts...I guess we will indeed need to see the actual configuration in order to come to a conclusive answer...

I am afraid Daniel is enjoying his weekend, so that might not happen before Monday...:)

Best regards,

GP

GP, you are so right. It turned out to be a great weekend. Everybody, thanks for the replies. Here is my current config:

Current configuration:

!

version 11.2

no service password-encryption

service udp-small-servers

service tcp-small-servers

!

hostname Router

!

enable secret 5 xxxxxxxxxxxxxxxxxxxxx/

!

ip nat inside source list 1 interface Serial0 overload

ip nat inside source static 192.168.1.10 10.100.100.58

ip name-server 205.171.3.65

ip name-server 205.171.2.65

!

interface Ethernet0

ip address 10.10.10.225 255.255.255.248

!

interface Ethernet1

ip address 192.168.1.254 255.255.255.0

ip nat inside

!

interface Serial0

ip address 10.100.100.58 255.255.255.252

no ip directed-broadcast

ip nat outside

!

ip classless

ip route 0.0.0.0 0.0.0.0 10.100.100.57

ip http server

access-list 1 permit 192.168.1.0 0.0.0.255

!

line con 0

line vty 0 4

password xxxxxx

login

Rick is right here, I changed IPs so keep in mind that 10.100.100.xxx are QWest serial IPs, 10.10.10.xxx are my real public IPs and 192.168.1.xxx is my private LAN. The current configuration only has NAT running successfully. I realize that I have nothing else configured. This is because I needed to get the store running on the T1 and NAT was the fastest way. So right now, what I'm doing is just running off of my serial IP. This is not what I want. What I need to do is setup my serial IP provided by Quest simply as a gateway. Then use my real public IPs.

I'm sure that the setup should be:

Int Ser0 = Customer serial IP assigned by QWest.

Int Eth0 = First IP in my public IP block

What I don't know is how to setup the routes between the two and to use my Int Eth0 as just a gateway. I need to have 2 IPs that can be accessed directly from the Internet, no translation at all.

I'm sure that NAT is only complicating things and it would be fine by me if I didn't run NAT on the router. I have another system that I would like to use NAT on anyways.

Daniel

The config that you posted looks mostly ok to me. I do wonder why you have the static NAT configured:

ip nat inside source static 192.168.1.10 10.100.100.58

It appears to be a device within your private LAN which you are translating into your serial address. It essentially duplicates the dynamic translation. I am not sure why you are doing this. (But I do not see that it would impact your attempt to get the two devices to work on Ethernet 0.

What I think I see here is that your serial interface is using a /30 subnet given to you by your provider. Your Ethernet 0 has a different /29 subnet which is also given to you by your provider. Your Ethernet 1 is using private address space and you are doing PAT to translate all traffic from the private network into the address on the serial. You have a default route which points everything to the provider end of the serial connection. All of this makes sense to me. If I have misunderstood any of this please correct me.

It looks to me like things should work for machines on your private network to access the internet and I believe that I understood in the original post that this was working. (Again if I misunderstand please provide correction.) So the issue is the 2 devices that you are trying to put on Ethernet 0 and why they do not work.

Assuming that the addresses on Ethernet 0 are in public address space from the provider I see no need to have any address translation for them. The provider should have routes in their router for that address block and that is one of the first things that I would check. Can you do an extended ping on the router and specify the destination as something in the provider network or in the Internet and specify the source as Ethernet 0. (The default in doing ping from the router is to use the address of the outbound interface as the source. But we want to test using the address of Ethernet 0. If ping works we know that the provider can route to that subnet. And if ping fails we know that the provider is not routing to that subnet and this is the cause of your problem.)

If the extended ping does work then the problem seems to be not in the provider and we need to look more closely at your environment. Would you verify that the devices that you are installing are configured correctly (have a correct address, have a correct subnet mask, have the default gateway pointing to the router Ethernet 0 interface)? Would you also check whether these devices can ping the router Ethernet 0 interface?

When we know these things we will be closer to finding the solution.

HTH

Rick

HTH

Rick

Hello all,

while thinking of an answer to the last post, Rick already gave it...:)

I, too, think that indeed there might be something wrong with either the IP address space assigned (check with Qwest) or with the client configuration. The clients on Ethernet0 should be able to access the Internet with this configuration...curious to know where the problem lies.

Regards,

GP

The static route ip nat inside source static 192.168.1.10 10.100.100.58 is a route to a server that I eventually want on a 10.10.10.xxx IP address. Correct, correct, correct. I setup a machine that had a public ip and used the Eth0 as it's gateway and I am unable to ping the ser0 interface. I also cannot ping the eth0 interface from an external network. I am unclear what you mean by an extended ping.

Daniel

This link should help you understand extended ping and how to use it:

http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080093f22.shtml

If you can not ping the Ethernet 0 interface from an external network there is reason to believe that you have found at least part of the problem. Check with the provider and verify that you have the address and mask correct and that they have routes in their network to your router for that subnet.

HTH

Rick

HTH

Rick

Ok.. I'll check that out. what about the other way. Why would my workstation not be able to ping 10.100.100.57 QWest's serial IP?

OK. running an extended ping I can ping from eth1 but not eth0. Also, running a traceroute eth0 has no idea how to get out. I'm pretty sure I am missing a route somewhere that tells eth0 how to get out and tells ser0 how to get to my public IP range.

Daniel

Being able to do an extended ping from Ethernet 1 is what I would expect if you told me that devices on your private network have been able to access Internet resources. And it demonstrates that network address translation is working.

I believe that the fact that extended ping from Ethernet 0 fails is essentially the same reason that workstations in the public subnet can not ping the provider serial interface address. It sounds to me like your provider does not have a route to the public subnet as you have configured it. I think that you should verify with the provider the details about the set of addresses that they gave you. Verify that you have not made a keystroke error somewhere (transposed a digit or something) and verify that you have the correct subnet mask. Also ask them to verify that they do have a route to the subnet which points to your router.

HTH

Rick

HTH

Rick

I'll look into then...

Hello,

following up on Rick´s post(s), you could try the SmartWhois tool linked below and type in one of the IP addresses assigned by Qwest. What is the result ?

SmartWhois

http://www.all-nettools.com/toolbox

Regards,

GP

All, Thank you guys so much. The config was fine. It was on my providers end. I guess I assumed that since they gave me the IP block it had already been activated. Lesson for the future. Once then activated it every thing started talking. It's good to have a resource like this to double-check yourself against. I appreciate everybodies time. Problem solved.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco