I'm new to cisco routing and have a question..
I have a PC that uses VPN to connect to an outside source. After connecting via VPN, the PC doesn't recieve ANY packets.
I called tech support and they said that I needed to configure a 1 to 1 static route.
I assume this means that I route one of our public IPs to this PC.
I have a cisco 3600 Router. How do I configure this?
Then, when I configure the PC, do I have it a static public IP, or a NAT address?
Thanks for all your help!
Well if you have the ip address scheme already set up the configs for the router would look like this.
Then that should be it.
And yes a static route is a route from one device to another that is manually configured.
As stated before if you show me a scrub config I can help more.
Yes that would be it, you also need to make sure that you don't have a firewall or any ACL (access lists) on the router that would block this static route. Let me know how it turns out or if you need anymore help.
I am not seeing any VPN setting reflecting in your configuration.Is this the running-config of the router after the VPN config?
Your internal routing in dynamic through EIGRP.Though you can still add a static route but if you add your VPN network into your EIGRP config. , this will solve the purpose for you.
I would recommend to take help from someone if you are uncomfortable because you are sitting on a live setup and any wrong change can spell a disaster for you.
Sorry I made a mistake when you do the ip route statement in the router. This is what it should be
Sorry I had a huge brain fart. Hope this helps!! Please rate me if it does
Shouldn't the ip route statement specify a next-hop ip address, or output interface?
All static routes I've seen read something like
(config)#ip route 192.168.1.1 255.255.255.0 172.16.0.1
(config)#ip route 192.168.1.1 255.255.255.0 serial2
I don't know, but this raises a question.
The last IP, is that the incoming port/interface?
I'm learning, and am a really fast learner.
You guys have been FANTASTIC!
If any of ya'll ever come down to ol Tombstone, let me know. I know lots of friends who can hook ya up. (Tombstone is where I'm at.)
Nope, it's the outgoing one.
Nothing in static route configuration involves the incoming interface. The route is invoked based only on the destination network. The second ip address, in the first example I gave, is the next-hop to which you want the router to direct traffic that matches the static route. Of course the router must have a route to that next-hop address.
Alternatively, if you don't have a next-hop address, you can specify the outgoing interface, as in
(config)#ip route 10.12.19.0 255.255.255.0 serial0
...which will direct all traffic destinating on the 10.12.19.0/24 subnet out of serial interface 0; such as if there's a simple point-to-point link to the next hop (or destination).
If you use the interface option, the route's administrative distance will be 0, whereas if you use the IP next-hop address option, it will be 1. Administrative distance is used when there are multiple routes available to the same destination; the one with the lowest AD wins. You have the option of configuring an AD between 1 and 255 for your static route.
(config)#ip route 10.12.19.0 255.255.255.0 serial0 150
...assigns an AD of 150 to this route. This is often used as a backup in conjunction with a dynamic routing protocol. Say the router was running RIP, whose AD is 120. It would use our static route, with its 150 AD, only until a better route was made known to the RIP process - wherein the route's AD would be 120. It's called a floating static route and is used a lot on back-up links. A floating static route takes over automatically if the dynamic routing protocol, with its lower AD, loses the primary route.
If you want a particular route to be invoked based on the transiting packet's arrival interface, you could create a route-map, where a "match interface" command would be followed by a "set ip next-hop A.B.C.D"
Other methods might include a borderline blasphemous combination of an extended access-list on the arrival interface and some NAT destination static configs, except I'm getting heartburn thinking about how to make that work.
Hope this helps, please rate the post if it does.