Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

Basic Routing Question

We have a 1605 that we are trying the following:

Our ISP is providing a DSL circuit with a single public IP address 69.xx.xx.130.

We would like to assign that address to ethernet1 and then configure ethernet0 with an internal ip address 10.0.0.1. The gateway for the DSL is 69.xx.xx.1

So we set up the two interfaces successfully and can ping each of the interfaces, ip routing is running however we can see to get traffic from the private side to the ISP gateway.

We have tried the following:

ip route 69.xx.xx.0 255.255.255.0 69.xx.xx.1

ip route 10.0.0.0 255.0.0.0 69.xx.xx.1

ip route 0.0.0.0 0.0.0.0 eth1

All with no luck.

Thanks in advance,

Brian

2 ACCEPTED SOLUTIONS

Accepted Solutions

Re: Basic Routing Question

Brian,

I see another problem with Ilya's configuration. Can you put these commands in.

no access-list 1

access-list 1 perm 10.0.0.0 0.255.255.255

HTH,

Sundar

Re: Basic Routing Question

You can do this using static Port Address Translation. For example:

ip nat inside source static tcp 80 interface Ethernet1 80

You can see more examples at

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094e77.shtml

Regards,

iLya

13 REPLIES
Hall of Fame Super Gold

Re: Basic Routing Question

Brian

I am not sure that your problem is necessarily a routing problem. Without more information it is difficult to know for sure. But my guess is that you are sending data from your private addresses to the ISP and that they have no route to return to you (because they do not route to your private addresses in network 10.0.0.0). I believe that the solution to your problem is probably to translate the addresses on all your traffic so that going out of the router it appears to be from 69.xx.xx.130.

HTH

Rick

Silver

Re: Basic Routing Question

Ok, I hope I cactch your point:

ip route 69.xx.xx.0 255.255.255.0 69.xx.xx.1 (it doesn't necessary if you use default route)

ip route 10.0.0.0 255.0.0.0 69.xx.xx.1

(in this statement the next hop router is wrong, since you should route your internal traffic to inside not to outside, so the next hop should be 10.x.x.x)

ip route 0.0.0.0 0.0.0.0 eth1

(it's OK, static default route)

Try to modify your second command. (or if there are more network equipment use dynamic routing instead of static)

bye

FCS

Please rate me if I helped.

Re: Basic Routing Question

Change default route to following:

ip route 0.0.0.0 0.0.0.0 69.xx.xx.1

Remove route 10.0.0.0

and configure NAT on your router as follow:

1) eth1 - add 'ip nat outside'

2) eth0 - add 'ip nat inside'

3) in general config mode add two commands:

access-list 1 perm 10.0.0.0 255.0.0.0

ip nat inside source list 1 interface eth 0 overload

This should be enough to get bits moving.

Re: Basic Routing Question

Hi,

Are you sure you want to use 'ip nat inside source list 1 interface eth 0 overload' ;-)

Shouldn't that be the outside interface as follows:

'ip nat inside source list 1 interface eth 1 overload'

Regards,

Sundar

Re: Basic Routing Question

Ehrm, indeed that should have been eth1. Thanks for correction :-)

Cheers,

iLya

Re: Basic Routing Question

Brian,

You need a globally routable (public) address to access the Internet. Your 10.0.0.0/X address is private as such isn't eligible to access the Internet. Since, you already have a valid globally routable address assigned to e1 interface, you can source all the traffic from your network to appear it is originated by the e1 inteface address. For this you need to configure NAT (PAT) and the router would do the transalation both ways - outbound & inbound - traffic for the users on your network. For your convenience Ilya has posted the configuration for you - but it needs a small typo correction.

Hope that helps!

Regards,

Sundar

New Member

Re: Basic Routing Question

I was able to successfully perform all these commands. (with the change noted for the ip nat command)

However, clients on private side can't either ping the ISP gateway or tracert to a public ip.

In addition, from the router we can ping the ISP gateway and successfully perform trace route to the same public ip

Hall of Fame Super Bronze

Re: Basic Routing Question

Can you post the new config ?

New Member

Re: Basic Routing Question

Building configuration...

Current configuration:

!

version 12.0

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname gma_dsl_2

!

enable secret 5 $

enable password

!

ip subnet-zero

!

!

!

interface Ethernet0

ip address 10.0.0.1 255.0.0.0

no ip directed-broadcast

ip nat inside

!

interface Ethernet1

ip address 69.xxx.xxx.126 255.255.255.248

no ip directed-broadcast

ip nat outside

!

ip nat inside source list 1 interface Ethernet1 overload

ip classless

ip route 0.0.0.0 0.0.0.0 69.xxx.xxx.1

!

access-list 1 permit 0.0.0.0 255.0.0.0

snmp-server community public RO

!

line con 0

transport input none

line vty 0 4

login

!

end

Re: Basic Routing Question

Brian,

I see another problem with Ilya's configuration. Can you put these commands in.

no access-list 1

access-list 1 perm 10.0.0.0 0.255.255.255

HTH,

Sundar

Re: Basic Routing Question

I shouldn't type configs and cooking at the same time. Thanks Sundar!

New Member

Re: Basic Routing Question

so now that you have shined some light on the need to be running nat. Is the process different in order to redirect tcp ports to the private side. Ie run web server on private ip side of router, accessed thru the public ip address?

Re: Basic Routing Question

You can do this using static Port Address Translation. For example:

ip nat inside source static tcp 80 interface Ethernet1 80

You can see more examples at

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094e77.shtml

Regards,

iLya

145
Views
5
Helpful
13
Replies
CreatePlease to create content