Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
447
Views
10
Helpful
6
Replies

1841 interface routing

jordanmfarmer
Level 1
Level 1

‎07-01-2018 10:19 PM - edited ‎03-05-2019 10:41 AM

I am trying to get traffic from fa0/1 to fa0/0 for my wan. I have a comcast modem attached to fa0/0 and then I have a cisco 3750 attached to fa0/1 with a couple PC's attached to it. Currently the switch can ping 10.10.10.1 (1841 router) and 10.0.0.135(comcast modem fa0/0 interface) however it can't ping 10.0.0.1(comcast modem)

 

1841r1#show running-config
Building configuration...

Current configuration : 1553 bytes
!
! Last configuration change at 04:58:43 UTC Mon Jul 2 2018
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname 1841r1
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $1$hB1U$LV3y9.vgMLl.**bleep**nSOWMV/
!
no aaa new-model
!
dot11 syslog
ip source-route
!
!
!
!
ip dhcp pool default-pool
network 10.10.10.0 255.255.255.0
dns-server 8.8.8.8
default-router 10.10.10.1
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
crypto pki token default removal timeout 0
!
!
!
!
license udi pid CISCO1841 sn FTX1036W2HR
!
redundancy
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
description comcast modem
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface FastEthernet0/1
description lan
ip address 10.10.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
shutdown
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip route 0.0.0.0 0.0.0.0 10.0.0.1
!
access-list 1 permit 10.10.10.0 0.0.0.255
access-list 101 permit ip 10.10.10.0 0.0.0.255 host 10.0.0.1
access-list 101 deny ip 10.10.10.0 0.0.0.255 10.0.0.0 0.0.0.255
access-list 101 permit ip 10.10.10.0 0.0.0.255 any
!
!
!
!
!
!
control-plane
!
!
!
line con 0
exec-timeout 30 0
password admin
logging synchronous
login
line aux 0
line vty 0 4
exec-timeout 30 0
password admin
logging synchronous
login
transport input all
!
scheduler allocate 20000 1000
end

Labels:
0 Helpful
6 Replies 6

Georg Pauwen
VIP
VIP

‎07-01-2018 10:38 PM

Hello,

 

add the two lines marked in bold to your configuration:

 

1841r1#show running-config
Building configuration...

Current configuration : 1553 bytes
!
! Last configuration change at 04:58:43 UTC Mon Jul 2 2018
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname 1841r1
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$hB1U$LV3y9.vgMLl.**bleep**nSOWMV/
!
no aaa new-model
!
dot11 syslog
ip source-route
!
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool default-pool
network 10.10.10.0 255.255.255.0
dns-server 8.8.8.8
default-router 10.10.10.1
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
crypto pki token default removal timeout 0
!
license udi pid CISCO1841 sn FTX1036W2HR
!
redundancy
!
interface FastEthernet0/0
description comcast modem
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface FastEthernet0/1
description lan
ip address 10.10.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
shutdown
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip nat inside source list 1 interface FastEthernet0/0 overload
!
ip route 0.0.0.0 0.0.0.0 10.0.0.1
!
access-list 1 permit 10.10.10.0 0.0.0.255
access-list 101 permit ip 10.10.10.0 0.0.0.255 host 10.0.0.1
access-list 101 deny ip 10.10.10.0 0.0.0.255 10.0.0.0 0.0.0.255
access-list 101 permit ip 10.10.10.0 0.0.0.255 any
!
control-plane
!
line con 0
exec-timeout 30 0
password admin
logging synchronous
login
line aux 0
line vty 0 4
exec-timeout 30 0
password admin
logging synchronous
login
transport input all
!
scheduler allocate 20000 1000
end

jordanmfarmer
Level 1
Level 1
In response to Georg Pauwen

‎07-01-2018 10:49 PM

That fixed it, thank you!

 

May I ask what ip nat inside source list 1 interface FastEthernet0/0 overload
does?

0 Helpful

Georg Pauwen
VIP
VIP
In response to jordanmfarmer

‎07-01-2018 10:52 PM

Hello,

 

basically, it tells the router which inside IP addresses (the ones specified in access list 1) are going to be translated (NATted) by the outside interface. Without that line, neither inside nor outside interface know what to NAT...

 

Does that make sense  ? You will see a similar line in every single NAT configuration...

jordanmfarmer
Level 1
Level 1
In response to Georg Pauwen

‎07-01-2018 10:54 PM

That makes total sense, thanks for getting me all setup and taking the time to answer.
0 Helpful

Georg Pauwen
VIP
VIP
In response to jordanmfarmer

‎07-01-2018 10:55 PM

Good luck !

0 Helpful

jordanmfarmer
Level 1
Level 1
In response to Georg Pauwen

‎07-09-2018 04:06 PM

Georg,

 

With this setup how would I tell 10.10.10.5 to port forward port 3443 out the public interface?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card