Solved: Connecting two networks

Gregaku · ‎10-15-2024

Hey Guys

I'm actually practicing in my home lab, I have 3 networks : 172.16.50.0/24, 203.10.115.0/24 and 10.10.20.0/24. my ISP router is 192.168.1.0/24.

My DHCP is working fine, all my computer are able to ping each other, the internet works but only on the 172.16.50.0/24 I'm trying to route the internet to 10.10.20.1/0 but it doesn't' work. I will copy running config from 2 routers, let me know what's wrong in my config

R2 config

R2#sh
*Oct 16 02:13:12.935: %SYS-5-CONFIG_I: Configured from console by console run
Building configuration...

Current configuration : 1929 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
!
no aaa new-model
clock timezone EST -5
no network-clock-participate wic 0
no network-clock-participate aim 0
!
dot11 syslog
ip source-route
!
!
ip cef
ip dhcp excluded-address 172.16.50.1 172.16.50.5
ip dhcp excluded-address 203.10.115.1
ip dhcp excluded-address 10.10.20.1 10.10.20.5
!
ip dhcp pool LAB
network 172.16.50.0 255.255.255.0
dns-server 8.8.8.8
domain-name aku-sys.local
default-router 172.16.50.1
!
ip dhcp pool LINK
network 203.10.115.0 255.255.255.252
!
ip dhcp pool LAB2
network 10.10.20.0 255.255.255.0
dns-server 8.8.8.8
domain-name aku-sys.local
default-router 10.10.20.1
!
!
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
voice-card 0
no dspfarm
!
!
!
!
!
archive
log config
hidekeys
!
!
!
!
!
controller T1 0/0/0
framing esf
linecode b8zs
!
!
!
!
!
interface FastEthernet0/0
ip address 203.10.115.1 255.255.255.252
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
ip address dhcp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/2/0
ip address 172.16.50.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
router ospf 10
log-adjacency-changes
network 172.16.50.0 0.0.0.255 area 0
network 192.168.1.0 0.0.0.255 area 0
network 203.10.115.0 0.0.0.3 area 0
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1
no ip http server
no ip http secure-server
!
!
ip nat inside source list 1 interface FastEthernet0/1 overload
!
access-list 1 permit 172.16.50.0 0.0.0.255
!
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
login
!
scheduler allocate 20000 1000
end

R2 pinging ISP router

R2#ping 192.168.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
R2#

R1 pinging ISP

R1#ping 192.168.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
R1#

M02@rt37 · ‎10-15-2024

Hello @Gregaku

It seems that the main issue is with routing and NAT configuration.

Currently, the NAT configuration is set up to translate traffic only for the 172.16.50.0/24 network (access-list 1 permit 172.16.50.0 0.0.0.255). Since you want to provide internet access for the 10.10.20.0/24 network as well, you need to modify the NAT access list to include this network. You can update the ACL:

access-list 1 permit 172.16.50.0 0.0.0.255
access-list 1 permit 10.10.20.0 0.0.0.255

This change will allow NAT to translate traffic from both 172.16.50.0/24 and 10.10.20.0/24 networks.

Also, make sure that R2 and ISP router know how to reach the 10.10.20.0/24 network. Since you have OSPF on R2 configured, ensure that the network statement for 10.10.20.0/24 is included in R2 routing table

#sh ip route

On ISP router, ensure network 10.10.20.0/24 is known also. Default route ?

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

View solution in original post

M02@rt37 · ‎10-15-2024

Hello @Gregaku

It seems that the main issue is with routing and NAT configuration.

Currently, the NAT configuration is set up to translate traffic only for the 172.16.50.0/24 network (access-list 1 permit 172.16.50.0 0.0.0.255). Since you want to provide internet access for the 10.10.20.0/24 network as well, you need to modify the NAT access list to include this network. You can update the ACL:

access-list 1 permit 172.16.50.0 0.0.0.255
access-list 1 permit 10.10.20.0 0.0.0.255

This change will allow NAT to translate traffic from both 172.16.50.0/24 and 10.10.20.0/24 networks.

Also, make sure that R2 and ISP router know how to reach the 10.10.20.0/24 network. Since you have OSPF on R2 configured, ensure that the network statement for 10.10.20.0/24 is included in R2 routing table

#sh ip route

On ISP router, ensure network 10.10.20.0/24 is known also. Default route ?

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

Richard Burts · ‎10-16-2024

I believe that M02@rt37 has correctly identified the main problem as the arp configuration.

I would like to comment on one aspect of the posted config "ip route 0.0.0.0 0.0.0.0 FastEthernet0/1" It is possible that this will work ok, especially in a lab environment. But it is also possible that it will not work, especially in a live/production environment. The issue is that a static route which specifies only the output interface (and the output interface is Ethernet) then the router must arp for EVERY remote address. And many production ISP routers do not respond to requests for arp for remote addresses. And even if it does work it is not a good idea. It forces the router to arp for every remote address which takes more CPU cycles, consumes more bandwidth, requires more memory for the arp table, requires more cpu cycles to maintain the arp table.

HTH

Rick

Gregaku · ‎10-16-2024

I'm actually working on real Cisco devices, I just used Packet Tracer for the Network Topology. and for the router it's just a home router that is connected to my Comcast modem.

Gregaku · ‎10-16-2024

Ok, I will try that later, my ISP router is one of these small home routers that is conneted to my comcast modem, I will check to see if there's a way for it to route to 10.10.20.0/24, I will keep you posted.

Gregaku · ‎10-17-2024

You were absolutely right, the main issue was with NAT and routing, I added access-list 1 permit 10.10.20.0 0.0.0.255, deleted all NAT configurations and ACL o R1, then issued ip route 0.0.0.0 0.0.0.0 192.168.1.1 which is my ISP router ip address connected to f0/1 on R2 and now all my clients on the network 10.10.20.0/24 and 172.16.50.0/24 are connected to the inernet.

Richard Burts · ‎10-18-2024

Thanks for the update. Glad to know that all your clients on the network 10.10.20.0/24 and 172.16.50.0/24 are connected to the internet.

HTH

Rick