Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Routing to a T1 through 2620 Router

I currently have a primary Internet circuit setup through Comcast.  Modem is connected to an ASA5515X and Internet is working fine.

 

We installed a T1 that terminates in the same CO as a client's Internet service so we can route certain IPs from this office to their datacenter so we're all in the same network with less hops. 

 

2620 router is setup and configured.  I have a test route setup to my corporate website that is in a different location.  I am able to ping the Internet and this site from the router and the core switch that is handling the routing, but cannot ping or access the site from the local VLAN.  Config is faily simple for this site, so I'm not sure what's going on.

 

To troubleshoot, I attempted to route all traffic from the network to this T1 circuit, but that does not work.  I have another site that is setup similarly with no issues.

 

Any ideas?  Configs attached...if you need more, I can upload the full thing.

2 ACCEPTED SOLUTIONS

Accepted Solutions
New Member

do below configuration

do below configuration

!

interface vlan 100

ip nat inside 

!

!

interface gi 0/48

ip nat outside

!

 

 

ip accessl-list standard 1

permit ip 192.168.16.0 0.0.0.0255

!

!

ip nat inside source list 1 interface ge 0/48 overload

!

 

it should take care of NAT issue.

Hall of Fame Super Blue

int fa0/0ip nat insideint s0

int fa0/0

ip nat inside

int s0/0

ip nat outside

access-list 101 permit ip 192.168.16.0 0.0.0.255 host 3.3.3.5

ip nat inside source list 101 interface s0/0 overload

Note instead of specifying the host in the acl you can use "any" if there are more destinations.

Jon

25 REPLIES
New Member

Hi Bryandyal,Are you NATing

Hi Bryandyal,

Are you NATing the traffic for network 192.168.16.0?

Does the ASA has a route to reach this network?

Thanks,

Vishal--

New Member

I wouldn't think the ASA

I wouldn't think the ASA needs a route since traffic to 3.3.3.5 is being routing from the core switch to the T1 router (2.2.2.105).

 

I shouldn't have even mentioned the ASA since any traffic that needs to route to the T1 never hits it.

New Member

If possible could you please

If possible could you please upload the full config, and please highlight the new T1 line which you have installed.

New Member

T1 is connected via 2620 FE0

T1 is connected via 2620 FE0/0 (2.2.2.105) to 3560E "Core Switch" via Gig0/48 (2.2.2.106).  You'll see the rest :)

 

Thanks again.

New Member

I am presuming that serial

I am presuming that serial link with an ip address 1.1.1.254 is a T1 link 

so your network is like 

t1-->router/seriallink-->router ethlink-->switch ethlink --> vlan

If this is correct can you tell me who provide you 1.1.1.254 address is that from ISP?

Does you ISP do NATing for 192.168.0.0 private addressing or you need to do NATing?

I can help you to setup your network via Teamviewer if thats fine with you.

New Member

Switch ethlink does not go to

Switch ethlink does not go to vlan.  It's no switchport with an IP on Gig0/48.  I did try VLANing it and I get the same results.

1.1.1.154 is provided by AT&T as the serial interface to our router.  Default route goes to 1.1.1.253.

There is a route on the router to send all 192.168.16.0 traffic to 2.2.2.206 (GIG0/48).

 

ISP presumably does not provide NATing.  I don't think there's a NAT issue because from the core switch (192.168.16.1) I can ping to the Internet (when I changed the default route to send all traffic to the T1 vs the primary Comcast connection) and 3.3.3.5 which is set to route through the T1 as it stands today.

 

This site is remote so I'd prefer not making any major changes that could implicate their Internet access, especially during business hours.

 

I am hoping that someone sees something that looks out of the ordinary, however, like I mentioned, this site is pretty basic when it comes to the network setup.

New Member

First of the thing I dont see

First of the thing I dont see any interface assgined on switch withch is going to 3.3.3.5. 

If possible could yoou send the output of # sh ip route and ping ouputs from switch and router.

New Member

3.3.3.5 is just a route to a

3.3.3.5 is just a route to a web service in another location for me to test traffic across the T1.  The route tells 3.3.3.5 to go to 2.2.2.105 (Router FE 0/0).

 

Trace Route from the core switch (192.168.16.1) to 3.3.3.5 successfully goes out the T1 router, across the Internet and terminates at 3.3.3.5.

 

Trace Route from a computer on the LAN (192.168.16.15) to 3.3.3.5 successfully goes to FE 0/0 on T1 router (2.2.2.205) but then dies.

 

Testing attached.

Hall of Fame Super Blue

What happens if you do an

What happens if you do an extended ping from the core switch and use the vlan 100 SVI IP address as the source IP ?

Jon

New Member

Timeout

Timeout

New Member

try to ping following from

try to ping following from switch

#ping 3.3.3.5 source 2.2.2.106

#ping 3.3.3.5 source 192.168.16.1

if first one works and second one does not then it mostly the issue with NAT

New Member

First one was successful, 2nd

First one was successful, 2nd one was not per Jon's request.

 

Where is the issue with the NAT?

New Member

192.168.16.0/24 is consider

192.168.16.0/24 is consider as a private ip address range which is not routable over internet. In order to route that traffic to internet you need to translate private ips' in to public ips' by using NAT.

Hall of Fame Super Blue

I think i may have missed

I think i may have missed something here.

If the traffic is going across the internet via this T1 then yes NAT is probably the issue.

I assumed, maybe wrongly, that this wasn't going across the internet.

Jon

New Member

OK...should've seen that. So

OK...should've seen that.

 

So does the NAT need to take place on the router or switch?

Hall of Fame Super Blue

You can do it on the router

You can do it on the router as i doubt the switch supports.

Jon

New Member

How would I accomplish this? 

How would I accomplish this?  I'm not that versed on NAT'ing when it comes to router and CLI.

Hall of Fame Super Blue

int fa0/0ip nat insideint s0

int fa0/0

ip nat inside

int s0/0

ip nat outside

access-list 101 permit ip 192.168.16.0 0.0.0.255 host 3.3.3.5

ip nat inside source list 101 interface s0/0 overload

Note instead of specifying the host in the acl you can use "any" if there are more destinations.

Jon

New Member

Thank you both for your input

Thank you both for your input and working through this with me! :)

New Member

do below configuration

do below configuration

!

interface vlan 100

ip nat inside 

!

!

interface gi 0/48

ip nat outside

!

 

 

ip accessl-list standard 1

permit ip 192.168.16.0 0.0.0.0255

!

!

ip nat inside source list 1 interface ge 0/48 overload

!

 

it should take care of NAT issue.

Hall of Fame Super Blue

That would work but it

That would work but it depends on the switch ie. most L3 switches don't support NAT.

Jon

New Member

No, it does not work.  ip nat

No, it does not work.  ip nat isn't a valid command when editing an interface.

Hall of Fame Super Blue

So the next hop router at the

So the next hop router at the other end of the T1, what does it's IP routing table show ?

Jon

New Member

https://supportforums.cisco

https://supportforums.cisco.com/sites/default/files/attachments/discussion/ar_testing.txt

Hall of Fame Super Blue

I  meant the router at the

I  meant the router at the other end of the T1 link.

Does it have a route back to the 192.168.16.0/24 network ?

Jon

103
Views
0
Helpful
25
Replies
CreatePlease to create content