04-27-2003 01:55 PM - edited 03-02-2019 06:56 AM
I have just installed a 2514 router using both AUI's with transceivers. eth0 is my outside connection (internet) and eth1 is the inside lan. I have configured both interfaces but I cant remember how to route all inside traffic out. IOS installed is "IP protocol with Cisco IOS firewall feature setS is 12.2(16)". Will I need to setup a access-list or should I just use the firewall set of rule?
Here is my config:
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname kellyemail
!
logging queue-limit 100
no logging console
enable password ****
!
ip subnet-zero
!
partition flash 2 8 8
!
!
!
!
interface Ethernet0
ip address 66.215.146.170 255.255.255.128
!
interface Ethernet1
ip address 192.168.100.1 255.255.255.0
!
interface Serial0
no ip address
shutdown
!
interface Serial1
no ip address
shutdown
!
ip default-gateway 66.215.146.129
ip classless
ip http server
!
!
line con 0
logging synchronous
line aux 0
line vty 0 4
password ****
login
!
end
I have taken my cisco CCNA class but I have forgotten alot of the commands so any tips or help would be appreciated.
04-27-2003 04:28 PM
On your client PC's they should have a gateway of 192.168.100.1.
On the router I would get rid of the ip default gateway and specify an IP route.
ip route 0.0.0.0 0.0.0.0 66.215.146.129
For the access-lists it all depends on what you want to do.
Need to be a little more specific.
At least this will get you out to the internet.
04-27-2003 06:36 PM
Ok, I have removed the default gateway and used a ip route. I still can't hit the internet. Here is the changed cfg file
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router
!
logging queue-limit 100
no logging console
enable password ****
!
ip subnet-zero
!
partition flash 2 8 8
!
!
!
!
interface Ethernet0
ip address 66.215.146.170 255.255.255.128
!
interface Ethernet1
ip address 198.168.100.1 255.255.255.0
!
interface Serial0
no ip address
shutdown
!
interface Serial1
no ip address
shutdown
!
ip classless
ip route 0.0.0.0 0.0.0.0 66.215.146.129
ip http server
!
!
line con 0
logging synchronous
line aux 0
line vty 0 4
password ****
login
!
end
Im able to ping 66.215.146.170 from my lan 192.168.100.X but I cant ping the gateway 66.215.146.129.
What am I missing to get this working?
04-27-2003 07:10 PM
I guess you're missing NAT. You're using private addresses (RFC 1918) for your internal network which is not recognized on the internet. The following is a link for more information about NAT:
http://www.cisco.com/pcgi-bin/Support/browse/psp_view.pl?p=Internetworking:NAT&viewall=true
And I would also suggest that you first configure your router against outside attacks (e.g., DoS).
Goodluck.
04-27-2003 08:02 PM
I have setup Nat but Im still stuck. Im sorry if I am buggin you but I cant seem to figure this out. Anyways here is the cfg file
Current configuration : 785 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname kellyemail
!
logging queue-limit 100
enable password *****
!
ip subnet-zero
!
partition flash 2 8 8
!
!
!
!
interface Ethernet0
ip address 66.215.146.170 255.255.255.128
ip nat outside
!
interface Ethernet1
ip address 192.168.100.1 255.255.255.0
ip nat inside
!
interface Serial0
no ip address
shutdown
!
interface Serial1
no ip address
shutdown
!
ip nat pool no-overload 192.168.100.10 192.168.100.50 prefix-length 24
ip nat inside source list 7 pool no-overload
ip classless
ip route 0.0.0.0 0.0.0.0 66.215.146.129
ip http server
!
access-list 7 permit 192.168.100.24
!
line con 0
logging synchronous
line aux 0
line vty 0 4
password ****
login
!
end
04-27-2003 09:48 PM
- You should use the public ip addresses assigned by the ISP instead of the private addresses (192.168.100.10 to .50).
- access-list 7 ONLY permits the single host 192.168.100.24 to be translated. Try using 'access-list 7 permit 192.168.100.0 0.0.0.255'. (This will work only if you have already replaced the private IP's with public IP's)
04-28-2003 05:14 AM
Let me make sure I understand this. The ip address my ips assigned me is 66.215.146.170. I have that assigned to eth0(outside). so I would nat that ip? i.e (ip nat pool no-overload 66.215.146.170 prefix 25). would that nat the outside eth0? so I dont need to nat the inside eth1? Then all I would need to do is change the access-list toaccess-list 7 permit 192.168.100.0 0.255.255.255. If I remember right that would be the correct wildcard but let me know if Im wrong.
Thanks Again for all your help
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide