Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Routing woes (Help)

Hi Guys looking for some help here.

I have a 2600 with 2 Ethernet ports in with each interface on a different IP network, Eth 0/0 172.19.128.0 255.255.252.0 and Eth0/1 192.168.1.2 255.255.255.240. What I am trying to do is to route the traffic from one network out over the other and then out through a firewall.

So far I have configured the router to a position where I can ping external IP addresses from the Eth0/1 interface but not from the Eth0/0.

Please see my config below for details.

Eth0/0 172.19.128.54

Eth0/1 192.168.1.2

Firewall 192.168.1.1

no service single-slot-reload-enable

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname DR-NAT-Router

!

logging rate-limit console 10 except errors

enable secret 5 *****************************

!

ip subnet-zero

!

!

no ip finger

ip domain-name europe.tel.com

ip name-server 172.19.130.31

ip name-server 194.72.6.57

ip name-server 194.73.82.242

!

!

!

call rsvp-sync

!

!

interface Ethernet0/0

ip address 172.19.128.54 255.255.252.0

ip helper-address 172.19.130.31

full-duplex

!

interface BRI0/0

no ip address

shutdown

!

interface Ethernet0/1

ip address 192.168.1.2 255.255.255.240

half-duplex

!

ip classless

ip route 0.0.0.0 0.0.0.0 192.168.1.1

no ip http server

!

!

dial-peer cor custom

Thanks for taking the time to look at my problem.

  • Other Network Infrastructure Subjects
1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Bronze

Re: Routing woes (Help)

Yes, you can. But the firewall will then NAT once again. Not an optimal configuration.

However, if you want to proceed with this approach, here is a sample config

interface Ethernet0/0

ip address 172.19.128.54 255.255.252.0

ip helper-address 172.19.130.31

ip nat inside

full-duplex

!

!

interface Ethernet0/1

ip address 192.168.1.2 255.255.255.240

half-duplex

ip nat outside

ip nat source list 1 interface e0/1 overload

access-list 1 permit 172.19.128.0 0.0.3.255

Please rate helpful posts.

Thanks

5 REPLIES
Hall of Fame Super Bronze

Re: Routing woes (Help)

1) The firewall needs to have a route back to 172.19.128.0/22 pointing to default gateway 192.168.1.2/28

2) In order to ping external addresses from the 172.19.128.0/22 network, you need to create a NAT for that network on the firewall as well.

Please rate helpful posts.

Thanks

New Member

Re: Routing woes (Help)

Thanks for your reply.

Would it be possible to setup NAT on the router as I really dont want to start changing the firewall settings?

Hall of Fame Super Bronze

Re: Routing woes (Help)

Yes, you can setup NAT on the router but the router must hold the external (internet) IP.

New Member

Re: Routing woes (Help)

So is it not possible to NAT from the 172.19.128.0 network through the 192.168.1.2 address?

Hall of Fame Super Bronze

Re: Routing woes (Help)

Yes, you can. But the firewall will then NAT once again. Not an optimal configuration.

However, if you want to proceed with this approach, here is a sample config

interface Ethernet0/0

ip address 172.19.128.54 255.255.252.0

ip helper-address 172.19.130.31

ip nat inside

full-duplex

!

!

interface Ethernet0/1

ip address 192.168.1.2 255.255.255.240

half-duplex

ip nat outside

ip nat source list 1 interface e0/1 overload

access-list 1 permit 172.19.128.0 0.0.3.255

Please rate helpful posts.

Thanks

101
Views
0
Helpful
5
Replies