*e0 address space has been changed to protect the innocent since it is public address space
The PCs in the 192.168.0.x subnet were originally slated to access the Internet through a new DSL circuit. This would have put a new firewall in the same subnet. The 1605 was to be configured to allow the accountant in the 1.1.1.x subnet (220.127.116.11) to map a drive to a share on the server (192.168.0.2) in the 192.168.0.x subnet. Since the businesses in question are in the medical field the networks must be separated to meet HIPAA requirements. If this was the end of it then configuring the router would be within my skill set.
Even though the office next door (1.1.1.x) has DSL a new DSL circuit for the 192.168.0.x location is not available for the forseeable future. Frame Relay or Fractional T1 are too much money at this time. Therefore sharing the DSL connection in the 1.1.1.x subnet with the 192.168.0.x subnet is a priority.
Herein lies the problem. The exisitng Watchguard SOHO Firewall has an internal ip of 18.104.22.168. Any packets not in the 1.1.1.x subnet are dropped. I can enable NAT on the 1605 and successfully access the Internet from the 192.168.0.x subnet by natting to the 22.214.171.124 interface (e0/outside on 1605). However, the accountant's WS (126.96.36.199) can no longer reach the Server at 192.168.0.2 since it is on the outside interface of the 1605.
I have worked on this long enough to end up with the accountant's WS (188.8.131.52) able to ping and tracert to the server (192.168.0.2). I have also set up a hosts file and can ping the server by name from the accountants WS (184.108.40.206). All this with NAT enabled on the 1605 and the 1.1.1.x subnet configured as outside. I am a long way from being a Cisco Guru but I am guessing that the ICMP packets are transiting the router's interfaces. However, I am further guessing, the protocols/ports needed for MS networking are being dropped. It is not possible to map a drive nor connect in any way (other than replies to pings) to the server at 192.168.0.2 with NAT enabled on the 1605.
Am I dreaming or is there a way to get this to work?
Here is the current config. I have tried multiple others including some with ACLs. Keep in mind this separates two networks in adjacent office suites. Therefore I am not concerned about locking down ACLs if used.
service timestamps debug uptime
service timestamps log uptime
enable secret xxxxxxxxxxx
enable password xxxxxxxxxxx
description Urology NW outside-e0
ip address 220.127.116.11 255.255.255.0
no ip directed-broadcast
ip nat outside
description Integrity Medical Research inside-e1
ip address 192.168.0.1 255.255.255.0
no ip directed-broadcast
ip nat inside
ip nat pool UNW 18.104.22.168 22.214.171.124 netmask 255.255.255.0
Thanks for the info about "helper-address". I had tried some ACLs with both UDP and TCP ports 137, 138 & 139 but hadn't made any headway. Possibly because I did not have the proper syntax. I'll check the helper-address scenario.
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...