Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
515
Views
5
Helpful
7
Replies

Several gateways

sarenos2006
Level 1
Level 1

‎01-21-2007 05:02 AM - edited ‎03-05-2019 01:54 PM

I have a cisco 2651 with 3 ethernet interfaces.

1 is for Lan ( 192.168.3.x)

1 is for default gateway 0.0.0.0 192.168.1.1 (fiber connection)

1 is for a static route to 213.162.23.24 192.168.4.1 (DSL connection )

The problem is that when the lan users in the range 192.168.3.x try to access to the IP 213.162.23.24 they can't, a ping from the router to 213.162.23.24 going by 192.168.4.1 gateway is possible. But from the users is not.

This is the config:

interface FastEthernet0/0

ip address 192.168.3.1 255.255.255.0

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

!

interface FastEthernet0/1

ip address 192.168.4.2 255.255.255.0

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

interface Ethernet1/0

ip address 192.168.1.249 255.255.255.0

ip nat outside

ip virtual-reassembly

half-duplex

!

ip http server

ip classless

ip route 0.0.0.0 0.0.0.0 192.168.1.1

ip route 213.162.201.146 255.255.255.255 192.168.4.1

!

!

ip nat inside source list 1 interface Ethernet1/0 overload

access-list 1 permit 192.168.3.0 0.0.0.255

Where is the problem?

Thanks

Labels:
0 Helpful
7 Replies 7

vijayasankar
Level 4
Level 4

‎01-21-2007 05:54 AM

Hi,

There are few points that i would like to mention here.

1) There is no static route for 213.162.23.24 exists in your configuration.

2) In the NAT configuration, you are overloading it through ethernet1/0 ?

This will work only for traffic exiting via ethernet1/0 interface

Where is the nat configuration for traffic exiting via fastethernet0/1 ( 192.168.4.2) ?

Probably you are missing the nat configuration for traffic exiting via this interface..

Revert back with further details.

-VJ

sarenos2006
Level 1
Level 1
In response to vijayasankar

‎01-22-2007 12:10 AM

1) First, the static route is wrong but now is fixed.

2) I have natted the traffic over FastEthernet0/1 192.168.4.2 and the problem persists.

I cannot do ping from the clients in 192.168.3.0 to the IP address 213.162.201.146

This is the config now:

interface FastEthernet0/0

ip address 192.168.3.1 255.255.255.0

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

!

interface FastEthernet0/1

ip address 192.168.4.2 255.255.255.0

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

interface Ethernet1/0

ip address 192.168.1.249 255.255.255.0

ip nat outside

ip virtual-reassembly

half-duplex

!

ip http server

ip classless

ip route 0.0.0.0 0.0.0.0 192.168.1.1

ip route 213.162.201.146 255.255.255.255 192.168.4.1

!

ip nat inside source list 1 interface Ethernet1/0 overload

ip nat inside source list 10 interface FastEthernet0/1 overload

ip nat inside source static tcp 192.168.3.148 3389 192.168.1.249 3389 extendable

!

access-list 1 permit 192.168.3.0 0.0.0.255

access-list 10 permit 192.168.3.0 0.0.0.255

Where is the mistake

regards

0 Helpful

vijayasankar
Level 4
Level 4
In response to sarenos2006

‎01-22-2007 12:56 AM

Hi,

Thanks for reverting back.

Have you performed a "clear ip nat translations" after doing the configuration change.

Does the ping from router to 213.162.201.146 works now.

If possible capture the output of "show ip nat translations" and examine the translation table for proper natting.

Also if possible you can do debug on nat translation by issuing "debug ip nat" to examine the nat translations happening on the fly.

-VJ

0 Helpful

sarenos2006
Level 1
Level 1
In response to vijayasankar

‎01-22-2007 02:04 AM

Yes the ping from the router runs correctly, but from the clients in the range 192.168.3.0 doesn't.

I suposse I have to add an access list to permit the access from the 192.168.3.0 213.162.201.146

Can you help me?

0 Helpful

vijayasankar
Level 4
Level 4
In response to sarenos2006

‎01-22-2007 02:38 AM

Hi,

You already have the access-list 10 which is doing the source nat for that segment.

Kindly let me know whether you have done the following as stated in earlier post.

1) Have you performed a "clear ip nat translations" after doing the configuration change.

2) If possible capture the output of "show ip nat translations" and examine the translation table for proper natting.

3) Also if possible you can do debug on nat translation by issuing "debug ip nat" to examine the nat translations happening on the fly.

-VJ

sarenos2006
Level 1
Level 1
In response to vijayasankar

‎01-23-2007 12:03 AM

Yes I have performed that commands and the problem continues.

I want to nat the network from 192.168.3.0/24 to 213.162.201.146

0 Helpful

vijayasankar
Level 4
Level 4
In response to sarenos2006

‎01-23-2007 12:12 AM

Hi,

If you have the output of below mentioned captures(requested in my earlier post), please provide the same.

-----------------

2) If possible capture the output of "show ip nat translations" and examine the translation table for proper natting.

3) Also if possible you can do debug on nat translation by issuing "debug ip nat" to examine the nat translations happening on the fly.

-VJ

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card