Re: from 2nd Network to Internet?

kyaw_thu · ‎06-23-2004

I have 2 Routers connected to each other via Serial. Let say Router A and B. Router A is the one that connected with ISP.

From Router B, I can ping anywhere within the intranet but can't go out to Internet.

From Router A, I can go anywhere including Intranet and Internet.

Router A...........

interface FastEthernet0/0

ip address 202.147.38.193 255.255.255.192 secondary

ip address 192.168.65.1 255.255.255.0

ip route-cache flow

duplex auto

speed auto

no cdp enable

!

interface Serial1/0:0

ip address 192.168.66.1 255.255.255.0

ip route-cache flow

ip mroute-cache

fair-queue

no cdp enable

Router B..........

interface FastEthernet0/0

ip address 192.168.63.1 255.255.255.0

ip route-cache flow

duplex auto

speed auto

no cdp enable

!

interface Serial1/0:0

ip address 192.168.66.2 255.255.255.0

ip route-cache flow

no fair-queue

serial restart_delay 0

ip route 0.0.0.0 0.0.0.0 Serial1/0:0

How can i config to let network behind Router B to go to Internet?

Georg Pauwen · ‎06-24-2004

Hello,

do you have any device performing NAT in between your router A and the Internet ? In your config I do not see any NAT, I guess that would be a way to allow hosts from router B to access the Internet.

How are your hosts on router A currently accessing the Internet ?

Regards,

Georg

kyaw_thu · ‎06-24-2004

yep..there is a firewall doing the NAT.

Georg Pauwen · ‎06-24-2004

Hello,

can you try and allow network 192.168.63.0/24 in your firewall rule ? I guess if you configure that network in your firewall the same way as the network in Router A, NAT should translate address from 192.168.63.0/24. Which firewall do you have ?

Regards,

Georg

kyaw_thu · ‎06-24-2004

Hi Georg,

This 2 Routers are in the different locations. I have no idea how to add that 192.168.63.0/24 in Firewall rules and I dont wanna touch main network. Btw I am using netscreen 50.

User Access Verification

Password:

Router A>en

Password:

Router A#sh run

Building configuration...

Current configuration : 3324 bytes

!

! Last configuration change at 10:40:15 SIN Fri Jun 25 2004

!

version 12.2

no service timestamps debug uptime

service timestamps log datetime localtime

service password-encryption

!

hostname Gerann

!

boot system flash c3640-ix-mz_122-8_T1.bin

logging buffered 4096 debugging

!

clock timezone SIN 8

ip subnet-zero

ip cef

!

ip name-server 203.192.133.4

ip name-server 203.192.133.3

!

controller E1 1/0

framing NO-CRC4

clock source internal

channel-group 0 timeslots 1-31

description "2Mbps link to MY"

!

controller E1 1/1

clock source internal

channel-group 0 timeslots 1-31

description "Channel E1 to ANC"

!

interface FastEthernet0/0

bandwidth 100000

ip address 202.147.38.193 255.255.255.192 secondary

ip address 192.168.65.1 255.255.255.0

ip nat inside

ip route-cache flow

duplex auto

speed auto

no cdp enable

!

interface Serial1/0:0

description To Malaysia Office 2Mb link

bandwidth 2048

ip address 192.168.66.1 255.255.255.0

ip route-cache flow

ip mroute-cache

fair-queue

no cdp enable

!

interface Serial1/1:0

description To AsiaNetCom E1 CircuitID:0494000X

bandwidth 1984

ip address 203.192.163.170 255.255.255.252

ip nat outside

ip route-cache flow

ip mroute-cache

fair-queue

no cdp enable

!

ip classless

ip route 0.0.0.0 0.0.0.0 203.192.163.169

ip route 192.168.62.2 255.255.255.255 192.168.66.2

ip route 192.168.63.0 255.255.255.0 192.168.66.2

ip route 192.168.65.21 255.255.255.255 192.168.66.2

no ip http server

ip pim bidir-enable

!

no cdp run

!

dial-peer cor custom

!

line con 0

login

line aux 0

line vty 0 4

access-class 10 in

exec-timeout 5 0

login

history size 50

!

end

User Access Verification

Password:

Router B>en

Password:

Router B#sh run

Building configuration...

Current configuration : 2370 bytes

!

version 12.2

service timestamps debug datetime msec localtime

service timestamps log datetime msec localtime

service password-encryption

!

hostname Charminn

!

boot system flash c3640-ix-mz_122-8_T1.bin

!

clock timezone SIN 8

ip subnet-zero

ip cef

!

controller E1 1/0

framing NO-CRC4

clock source internal

channel-group 0 timeslots 1-31

description "2 Mbps link to SG"

!

controller E1 1/1

framing NO-CRC4

clock source internal

channel-group 0 timeslots 1-31

description "Spare"

!

interface FastEthernet0/0

ip address 192.168.63.1 255.255.255.0

ip route-cache flow

duplex auto

speed auto

no cdp enable

!

interface Serial1/0:0

bandwidth 2048

ip address 192.168.66.2 255.255.255.0

ip route-cache flow

no fair-queue

serial restart_delay 0

!

interface Serial1/1:0

no ip address

!

interface Serial2/0

!

interface Serial2/1

!

interface Serial2/2

!

interface Serial2/3

!

ip classless

ip route 0.0.0.0 0.0.0.0 Serial1/0:0

ip route 192.168.62.2 255.255.255.255 FastEthernet0/0

ip route 192.168.65.21 255.255.255.255 FastEthernet0/0

no ip http server

ip pim bidir-enable

!

dial-peer cor custom

!

line con 0

login

line aux 0

line vty 0 4

exec-timeout 35791 0

login

!

end

mpeter · ‎06-25-2004

Can you explain where the firewall is located. Is there a static route from the firewall to the remote network