11-29-2007 09:42 PM - edited 03-05-2019 07:43 PM
Hi,
I am facing problem with 2821 router where if i login to the console able to ping DNS and gateway but unable to ping the dns as well access internet from host located on 10.43.12.0 network i have attached the config for ref
11-30-2007 12:33 AM
Hi
You need to NAT your internal 10.43.12.0 addresses to a public IP address as they are not routable across the Internet.
Easiest solution is to use the public IP address attached to your gi0/0 interface eg.
int g0/0
ip nat outside
int gi0/1
ip nat inside
access-list 101 permit ip any any
ip nat inside source list 101 interface gi0/0 overload
This will Nat all your 10.43.x.x addresses to 280.225.236.242
HTH
Jon
11-30-2007 02:59 AM
Hi jon,
it works but what if i don't want to nat at the router and will have to do at the firewall
say for i assign a public ip 220.218.276.129/25 for outside interface of router and 220.218.276.130 at firewall how will the router be configured
11-30-2007 03:12 AM
It's a little unclear what your topology is. If your firewall is closer to the Internet than the router then yes you can get the firewall to do the Natting but your firewall would need a public IP on it's outside interface ie.
10.43.x.x (Router) 220.218.276.129 -> 220.218.276.130 firewall (public IP needed)
if this is your topology you could just readdress the link between the outside interface of your router and the inside interface of your firewall and then use the 220.218.276.128/25 subnet for the outside of the firewall.
Could you confirm exactly what you want to do ?
Jon
11-30-2007 03:57 AM
Hi jon,
i am using cisco 2821 as perimeter router just for getting terminate the lease link from the router to firwall which means routers inside interface to untrust int of the fire wall the trust int of firewall is connected to private network can i configure the firewall to do natting and configure the firewall untrust and router inside with public add 220.218.276.128/25 if that is the case i will not be using
ip nat inside
ip nat outside
on the router so how will router be configured when i remove nat overload ,ip nat inside ,ip nat outside and try to ping from the host connected to private network it fails
11-30-2007 07:21 AM
Okay so you will readdress gi0/1 of 2821 router to have address of 220.218.217.130 and get rid of the "ip nat inside" and "ip nat outside" statements.
Add NAT statements to the firewall and it should all work. Am i missing the point of your question.
Jon
12-04-2007 06:33 AM
hi jon,
Back after a long weekend as discussed i removed ip nat inside,outside command and did natting at the firwall but from my core switch i am able to ping the router outside interface but not the gateway i,e, 280.245.236.241 but i am able to do it at the console of the router i have attcahed the config please go through
thanksregards
prakash
12-04-2007 07:27 AM
Hi Prakash
So what is the IP address of the outside interface of the firewall ? Presumably it is a public IP address ?
If you are not getting a response from the gateway it sounds like there is no route on that router for the subnet used for the outside interface of your pix.
So you can either
1) revert back to NAT on the router
or
2) Talk to your ISP, assuming it is your ISP who owns this router and get them to add the route
or
3) Connect the ISP router directly into your firewall and take the 2800 router out of the equation which is more of a standard setup.
HTH
Jon
12-05-2007 04:33 AM
Hi Jon,
I think you are not getting my point i have attached a network diagram as well as config of my 2nd router i have 2 different isp which is connected to 2 different routers currently i am concerned about my 2 nd router i have configured the core switch and firewall i do nating at the firewall i am able to ping from host A 10.43.11.55 to router 280.245.236.242
but not to public DNS OR 280.245.236.241 according to isp he says i have problem with router config but every thing seems to be okay
if i do natting at router it works if i nat it at firewall and remove natting at router it does not work
At both router and firewall i am using public ip please go through the config and diagram and revert.
ThanksRegards
prakash
12-05-2007 04:47 AM
Prakash
"I think you are not getting my point" - wouldn't be the first time, i can be a bit slow sometimes :)
Can you send diagram as it doesn't seem to be attached
Jon
12-05-2007 06:58 PM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: