Re: Cisco 2514 IOS 12.2 new setup

jaykelly01 · ‎04-27-2003

I have just installed a 2514 router using both AUI's with transceivers. eth0 is my outside connection (internet) and eth1 is the inside lan. I have configured both interfaces but I cant remember how to route all inside traffic out. IOS installed is "IP protocol with Cisco IOS firewall feature setS is 12.2(16)". Will I need to setup a access-list or should I just use the firewall set of rule?

Here is my config:

!

version 12.2

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname kellyemail

!

logging queue-limit 100

no logging console

enable password ****

!

ip subnet-zero

!

partition flash 2 8 8

!

interface Ethernet0

ip address 66.215.146.170 255.255.255.128

!

interface Ethernet1

ip address 192.168.100.1 255.255.255.0

!

interface Serial0

no ip address

shutdown

!

interface Serial1

no ip address

shutdown

!

ip default-gateway 66.215.146.129

ip classless

ip http server

!

line con 0

logging synchronous

line aux 0

line vty 0 4

password ****

login

!

end

I have taken my cisco CCNA class but I have forgotten alot of the commands so any tips or help would be appreciated.

andifur · ‎04-27-2003

On your client PC's they should have a gateway of 192.168.100.1.

On the router I would get rid of the ip default gateway and specify an IP route.

ip route 0.0.0.0 0.0.0.0 66.215.146.129

For the access-lists it all depends on what you want to do.

Need to be a little more specific.

At least this will get you out to the internet.

jaykelly01 · ‎04-27-2003

Ok, I have removed the default gateway and used a ip route. I still can't hit the internet. Here is the changed cfg file

!

version 12.2

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname Router

!

logging queue-limit 100

no logging console

enable password ****

!

ip subnet-zero

!

partition flash 2 8 8

!

interface Ethernet0

ip address 66.215.146.170 255.255.255.128

!

interface Ethernet1

ip address 198.168.100.1 255.255.255.0

!

interface Serial0

no ip address

shutdown

!

interface Serial1

no ip address

shutdown

!

ip classless

ip route 0.0.0.0 0.0.0.0 66.215.146.129

ip http server

!

line con 0

logging synchronous

line aux 0

line vty 0 4

password ****

login

!

end

Im able to ping 66.215.146.170 from my lan 192.168.100.X but I cant ping the gateway 66.215.146.129.

What am I missing to get this working?

a.manosca · ‎04-27-2003

I guess you're missing NAT. You're using private addresses (RFC 1918) for your internal network which is not recognized on the internet. The following is a link for more information about NAT:

http://www.cisco.com/pcgi-bin/Support/browse/psp_view.pl?p=Internetworking:NAT&viewall=true

And I would also suggest that you first configure your router against outside attacks (e.g., DoS).

Goodluck.

jaykelly01 · ‎04-27-2003

I have setup Nat but Im still stuck. Im sorry if I am buggin you but I cant seem to figure this out. Anyways here is the cfg file

Current configuration : 785 bytes

!

version 12.2

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname kellyemail

!

logging queue-limit 100

enable password *****

!

ip subnet-zero

!

partition flash 2 8 8

!

interface Ethernet0

ip address 66.215.146.170 255.255.255.128

ip nat outside

!

interface Ethernet1

ip address 192.168.100.1 255.255.255.0

ip nat inside

!

interface Serial0

no ip address

shutdown

!

interface Serial1

no ip address

shutdown

!

ip nat pool no-overload 192.168.100.10 192.168.100.50 prefix-length 24

ip nat inside source list 7 pool no-overload

ip classless

ip route 0.0.0.0 0.0.0.0 66.215.146.129

ip http server

!

access-list 7 permit 192.168.100.24

!

line con 0

logging synchronous

line aux 0

line vty 0 4

password ****

login

!

end

a.manosca · ‎04-27-2003

- You should use the public ip addresses assigned by the ISP instead of the private addresses (192.168.100.10 to .50).

- access-list 7 ONLY permits the single host 192.168.100.24 to be translated. Try using 'access-list 7 permit 192.168.100.0 0.0.0.255'. (This will work only if you have already replaced the private IP's with public IP's)

jaykelly01 · ‎04-28-2003

Let me make sure I understand this. The ip address my ips assigned me is 66.215.146.170. I have that assigned to eth0(outside). so I would nat that ip? i.e (ip nat pool no-overload 66.215.146.170 prefix 25). would that nat the outside eth0? so I dont need to nat the inside eth1? Then all I would need to do is change the access-list toaccess-list 7 permit 192.168.100.0 0.255.255.255. If I remember right that would be the correct wildcard but let me know if Im wrong.

Thanks Again for all your help