07-15-2008 07:23 AM - edited 03-03-2019 10:43 PM
Hello. I'm a newbie so I use graphical interface to configure my cisco router 871
I have 2 networks
n1: 10.0.0.0 /24
n2: 192.168.1.0 /24
192.168.1.252 is the gateway to internet
n1 has not access to the internet
n2 has the access to the internet using the gateway 192.168.1.252
I want n1 to use the internet access of n2
so I have connected n1 to fe0 with ip 10.0.0.250 and create the vlan1.
n2 is connected to fe1 with 192.168.1.251 ip and create vlan 2
after that I have created a nat between vlan1 and vlan2. No rules are defined .
on n1 each PC has 10.0.0.250 as default gateway and 192.168.1.252 as DNS server
from n1 I can ping the default gateway 192.168.1.252 but I can't access to the net. I have the dns resolution from n1, i can for example get the ip adress of cisco server, but from internet explorer I always have "connecting to http://www.cisco.com" but no connection. The ping give me the ip address but no answer from the server!
Is someone can help me, but only with graphical interface or maybe told me if my configuration is very bad!!!
I have created a NAT because I can't modify the default gateway on n2 and so the n1 network is not sawn by the default gateway 192.168.1.252
Solved! Go to Solution.
07-15-2008 02:29 PM
Try putting a default route on the 871.
ip route 0.0.0.0 0.0.0.0 192.168.1.252
Then setup your clients on the 192 side with a default gateway of 192.168.1.251 and setup the clients on the 10 side with 10.100.132.250.
07-15-2008 10:03 AM
Hi, it's practically impossible to help you with graphical interface. telnet to router, loging with username/password, type "term len 0", then "show run" and copy the full output here.
Someone will tell you how to change the configuration from CLI.
07-15-2008 01:40 PM
ok here is the conf
=================================================
!This is the running config of the router: 10.100.132.250
!----------------------------------------------------------------------------
!version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname router
!
boot-start-marker
boot-end-marker
!
logging buffered 51200
logging console critical
enable secret xxx
!
no aaa new-model
!
crypto pki trustpoint TP-self-signed-651071305
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-651071305
revocation-check none
rsakeypair TP-self-signed-651071305
!
!
crypto pki certificate chain TP-self-signed-651071305
certificate self-signed 01
E90C589A
quit
dot11 syslog
no ip source-route
ip cef
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
no ip bootp server
no ip domain lookup
!
username quitesys privilege 15 secret xxx
!
!
archive
log config
hidekeys
!
!
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
!
interface FastEthernet0
!
interface FastEthernet1
switchport access vlan 2
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
shutdown
duplex auto
speed auto
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
ip address 10.100.132.250 255.255.255.224
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1452
!
interface Vlan2
description $FW_OUTSIDE$
ip address 192.168.1.251 255.255.255.0
ip nat outside
ip virtual-reassembly
!
ip forward-protocol nd
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface Vlan2 overload
!
logging trap debugging
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.100.132.224 0.0.0.31
access-list 100 remark SDM_ACL Category=2
access-list 100 permit ip any any
no cdp run
!
control-plane
!
banner exec ^C
% Password expiration warning.
username
-----------------------------------------------------------------------
^C
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
no modem enable
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end
============================
07-15-2008 02:29 PM
Try putting a default route on the 871.
ip route 0.0.0.0 0.0.0.0 192.168.1.252
Then setup your clients on the 192 side with a default gateway of 192.168.1.251 and setup the clients on the 10 side with 10.100.132.250.
07-15-2008 10:55 PM
ok with the route but I don't have to add the default gateway on each network
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide