Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Point to Point Link internet Access

Hi,

We have two locations A and B. Location A has two serial interface one to internet and the other to Location B through IPLC Line. In the Router in Location A Nating is done with Serial 0/1 facing the internet as router outside and ethernet as nat inside and the other serial interface 0/0 facing the leased line nat inside. From location A i could connect to the internet and location B. From location B i could connect to location A and could reach the Serail interface s0/1 which is facing the internet in location A but not further. Can some one advice what i am missing in the configuration. I have added two access list allowing the ethernet network on both locations to browse the internet.

Thanks in Advance

9 REPLIES
Bronze

Re: Point to Point Link internet Access

Have you included location B's IP address range(s) in the access-list that defines which traffic is to bet NATted?

Maybe you could post your config of router A so we can exmine it.

regards

Herbert

New Member

Re: Point to Point Link internet Access

Below is the Configuration information on location A

Thanks in Advance

!

!

!

!

interface Null0

no ip unreachables

!

interface FastEthernet0/0

ip address 172.16.0.1 255.255.252.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

ip route-cache flow

speed auto

full-duplex

no cdp enable

!

interface Serial0/0

bandwidth 64

ip address 192.168.0.1 255.255.255.252

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

ip route-cache flow

no cdp enable

!

interface Serial0/1

bandwidth 64

ip address x.x.x.x1 255.255.255.252

ip verify unicast reverse-path

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat outside

ip route-cache flow

no cdp enable

!

ip nat inside source list 100 interface Serial0/1 overload

ip nat inside source static tcp 172.16.0.2 80 x.x.x.x2 80

ip http server

ip http authentication local

ip classless

ip route 0.0.0.0 0.0.0.0 203.94.228.253

ip route 192.168.1.0 255.255.255.0 192.168.0.2

!

!

logging trap debugging

access-list 100 remark VTY Access-class list

access-list 100 remark SDM_ACL Category=3

access-list 100 permit ip 192.168.1.0 0.0.0.255 any

access-list 100 permit ip 172.16.0.0 0.0.3.255 any

access-list 100 deny ip any any

no cdp run

banner login You have accessed a private system.

Unauthorized access is prohibited.

If you do not belong here, leave immediately.

!

line con 0

transport output telnet

line aux 0

transport output telnet

line vty 0 4

access-class 100 in

privilege level 15

transport input telnet

transport output telnet

!

scheduler allocate 4000 1000

scheduler interval 500

!

!

end

Re: Point to Point Link internet Access

Cant say anything until you have posted router Bs configuration?

Things to note are,

Router B should also have a default route pointing to Router A, so that all packets going to internet will go through the leased line between the sites.

Has this been configured ?

New Member

Re: Point to Point Link internet Access

Router B has a routing statement pointing to router A. Below is the configuration of Router A.

!

!

security authentication failure rate 3 log

security passwords min-length 6

logging buffered 52000 debugging

logging console critical

!

memory-size iomem 25

clock timezone Asia/Calcutta 5 30

aaa new-model

!

!

aaa authentication login default local

aaa session-id common

ip subnet-zero

no ip source-route

!

!

!

no ip bootp server

ip cef

!

!

!

!

interface Null0

no ip unreachables

!

interface FastEthernet0/0

ip address 192.168.1.1 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

speed auto

full-duplex

no cdp enable

!

interface Serial0/0

bandwidth 64

ip address 192.168.0.2 255.255.255.252

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

no cdp enable

!

ip classless

ip route 0.0.0.0 0.0.0.0 192.168.0.1

ip route 172.16.0.0 255.255.252.0 192.168.0.1

ip http server

ip http authentication local

!

logging trap debugging

logging 192.168.1.2

no cdp run

banner login You have accessed a private system.

Unauthorized access is prohibited.

If you do not belong here, leave immediately.

!

line con 0

transport output telnet

line aux 0

transport output telnet

line vty 0 4

privilege level 15

transport input telnet

transport output telnet

!

scheduler allocate 4000 1000

scheduler interval 500

!

end

Thanks in Advance

Bronze

Re: Point to Point Link internet Access

I don't see anythong wrong at first sight.

When you try to connect to the Internet from lan B and (immediately) you do a "show ip nat translations" on router A, does it include an entry for your test connection?

Also, are you sure it is an IP problem? Could it be e.g. DNS?

New Member

Re: Point to Point Link internet Access

Thanks a lot for your mail.

From Router B i am not able to ping beyond router A serail ip address. I am not able to ping the ip address of the ISP which is connected to the Serial interface of the Router A.

Bronze

Re: Point to Point Link internet Access

That's normal: if you ping from router B, it uses the ip address of the outgoing interface as source address, 192.168.0.2. But this address is not natted by router A (only 192.168.1.x and 172.16.x.x addresses).

So you should try your ping from a 192.168.1.x address. E.g. you can do an extended ping from the router and use its ethernet's IP address as source.

Alternatively, add "access-list 100 permit ip 192.168.0.0 0.0.0.3 any" on router A (before the deny statement) so these addresses get translated as well.

If it still doesn't work, check "show ip nat trans" on router A during your test.

Re: Point to Point Link internet Access

If you still want to make the ping from router B to ISP work, you need to add an extra statement on the access-list permitting 192.168.0.x network.

New Member

Re: Point to Point Link internet Access

Thanks a lot for all your help. I will check for the same and let you know.

Thank You very much

116
Views
0
Helpful
9
Replies