02-08-2007 11:53 AM - edited 03-05-2019 02:15 PM
Hi Folks,
Hopefully I can explain clearly what I am attempting to achieve.
We are attempting to set up a test bench connected to our network via a 2621 router.
We have connected eth0/0 to our existing network and eth0/1 to our test network.
We have assigned eth0/0 a valid existing address of 198.238.135.105 and subnet mask of 255.255.255.128 from our existing network.
We have assigned eth0/1 a private IP address of 192.168.1.1 and mask of 255.255.255.0 and it is directly connected to a Cisco 2900 switch.
We have assigned the switch an IP address of 192.168.1.2.
When we connect a workstation to the switch on the test network and assign it an address of 192.168.1.3 we are able to ping 192.168.1.2 (Switch), 192.168.1.1 (eth0/1 on router) and 198.238.135.105 (eth0/0 on router).
We are unable to ping anything else on our existing network.
What we want to achieve is to be able to to NAT translation and get access to the Internet via a workstation connected to the switch on the test network, but we can not do that.
We can't ping beyond the eht0/0 port on the router.
I think what I am trying to do is set up NAT translation and then a bridge or route between the eth0/0 and eth0/1 interfaces. Is there a way to achieve what I am attempting?
We are not using the Serial port on the router.
Thanks, John
02-08-2007 12:02 PM
Hello,
For your current network to reply the what is their current default gateway? Their default gateway should be the router's E0/0. If they have different default gateway they won't be able reply back.
You can NAT the source NEW subnet to an address on the old subnet if you want but why so if you can do it via routing.
Let me know if this solves your issue,
Regards,
02-08-2007 01:27 PM
How would I do it with routing?
Ideally we would eventually like to be able to access devices on the test network from our regular network.
So, I'm not sure whether NAT is how we actually want to go.
02-08-2007 01:56 PM
Hello,
Using NAT may not work with all applications. Since your router has two interfaces connected to both subnets it will route between these subnets.
However, you need to make sure the hosts on each subnet have their default gateway pointed to this Router.
E.G
Subnet 1--- F0/0 Router F0/1 -----Subnet 2
| |
Host1 Host 2
DF: F0/0 DF:F0/1
DF= Default gateway
The router will router between this two subnets,
Hope this answers your question,
Regards,
02-08-2007 02:09 PM
So what you are saying is that I will have to change the default gateway on all our existing workstations?
Am I understanding that correctly?
02-08-2007 12:05 PM
John,
I hope I understood your requirement correctly. If you want host(s) on the test network to have access to the Internet through your existing network then configuring NAT the following way is what you need. If you have a different requirement please clarify.
int e0/0
ip nat outside
int e0/1
ip nat inside
ip nat inside source list 1 int e0/0 overload
access-list 1 permit 192.168.1.0
HTH
Sundar
02-08-2007 01:24 PM
That is what I want.
I tried your suggestion but it did not seem to work. I'm sure I've boneheaded something up.
Here is my configuration:
[i]Current configuration : 1090 bytes
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname TestLab
!
enable secret 5
enable password
!
ip subnet-zero
!
!
!
!
!
voice call carrier capacity active
!
!
!
!
!
!
!
!
!
mta receive maximum-recipients 0
!
!
!
!
interface FastEthernet0/0
ip address 198.238.135.105 255.255.255.128
ip nat outside
speed auto
half-duplex
no mop enabled
!
interface Serial0/0
no ip address
shutdown
!
interface FastEthernet0/1
ip address 192.168.1.1 255.255.255.0
ip nat inside
speed auto
half-duplex
no mop enabled
!
ip nat inside source list 1 interface FastEthernet0/0 overload
ip nat outside source static 192.168.1.1 198.238.135.105
ip classless
ip http server
!
!
access-list 1 permit 192.168.1.0
dialer-list 1 protocol ip permit
dialer-list 1 protocol ipx permit
!
!
snmp-server community RO
snmp-server enable traps tty
call rsvp-sync
!
!
mgcp profile default
!
dial-peer cor custom
!
!
!
gateway
!
!
line con 0
line aux 0
line vty 0 4
password
login
!
!
end
[/i]
02-08-2007 01:29 PM
Hello,
You can use static NAT and PAT to the same IP at the same time. Also, you have to use extended ACL
Perform the below:
Clear ip nat translation *
no ip nat outside source static 192.168.1.1 198.238.135.105
no ip nat inside source list 1 interface FastEthernet0/0 overload
no access-list 1
ip access-list ext 101
permit ip 192.168.1.0 0.0.0.255 any
ip nat inside source list 101 interface FastEthernet0/0 overload
Let me know if this solves your issue,
02-08-2007 01:59 PM
Well, yes and no!
Sorry to be so brain dead. It works fine now as far as pinging addresses goes.
From a workstation on the test network I can now ping any ip address in the world to my hearts content.
The problem comes with name resolution. I can do something silly like "Ping support.novell.com" and I can see it grab the correct IP address, but then I just get "host unreachable" errors. I'm thinking that I may have to allow some packets to come back in to the workstation.
02-08-2007 01:33 PM
John.
Could you verify that the statment ip routing was used. Also After NAT was configured. You could use a static route statement such as "ip route 0.0.0.0 0.0.0.0 e0/0". Then verify that the workstation default gateway is pointing to the e0/1 interface 192.168.1.1.
Hope this helps.
02-08-2007 02:01 PM
How can I verify that?
I'm sorry, I'm very new to configuring routers.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: