Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
509
Views
0
Helpful
4
Replies

a NATing problem

Dale_Bosley
Level 1
Level 1

‎07-21-2005 09:43 AM - edited ‎03-03-2019 10:06 AM

I have 3 cisco 1720 routers. I am running RIP and advertising all attached networks. I can ping all interfaces from all interfaces. I can get to any Host from network A to B and vice versa and from network A to C and vice versa but I cannot get from a host on network B to network C through A.

The 3 networks are connected via 2 T1 lines. Here are the configs. If you have any suggestions please let me know

User Access Verification

Password:

Router A>en

Password:

JCW#sh ru

Building configuration...

Current configuration : 1376 bytes

!

version 12.2

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname Router A

!

enable secret xxxx

!

memory-size iomem 25

ip subnet-zero

ip name-server 205.171.3.65

ip name-server 205.171.2.65

interface Tunnel1

no ip address

interface FastEthernet0

ip address 10.6.18.4 255.255.255.0

speed auto

interface Serial0

ip address 192.168.101.2 255.255.255.0

ip accounting output-packets

no fair-queue

service-module t1 clock source internal

service-module t1 timeslots 1-24

!

interface Serial1

ip address 192.168.100.4 255.255.255.0

ip accounting output-packets

no fair-queue

service-module t1 clock source internal

service-module t1 timeslots 1-24

!

router rip

network 10.0.0.0

network 192.168.100.0

network 192.168.101.0

!

ip classless

ip forward-protocol udp 5631

ip forward-protocol udp 5632

ip route 0.0.0.0 0.0.0.0 10.6.18.2

ip http server

!

access-list 1 permit 192.168.0.0 0.0.0.255

access-list 2 permit 10.6.18.0 0.0.0.255

access-list 3 permit 192.168.100.0 0.0.0.255

access-list 4 permit 192.168.1.0 0.0.0.255

access-list 5 permit 192.168.101.0 0.0.0.255

access-list 131 permit ip 192.168.101.0 0.0.0.255 10.6.18.0 0.0.0.255

arp 10.6.18.5 00c0.b607.d30b ARPA

!

line con 0

logging synchronous

line aux 0

line vty 0 4

session-timeout 60

login

Router C#sh ru

Building configuration...

Current configuration : 1338 bytes

version 12.2

hostname Router C

memory-size iomem 25

ip subnet-zero

ip name-server 205.171.3.65

ip name-server 205.171.2.65

!

interface Tunnel1

no ip address

!

interface FastEthernet0

ip address 192.168.1.4 255.255.255.0

ip nat inside

speed auto

!

interface Serial0

ip address 192.168.100.1 255.255.255.0

ip nat outside

no fair-queue

service-module t1 timeslots 1-24

!

router rip

network 192.168.1.0

network 192.168.100.0

!

ip nat inside source list 130 interface Serial0 overload

ip classless

ip forward-protocol udp 5631

ip forward-protocol udp 5632

ip route 0.0.0.0 0.0.0.0 192.168.1.1

ip route 10.6.18.0 255.255.255.0 192.168.100.4

ip http server

!

access-list 2 permit 10.6.18.0 0.0.0.255

access-list 3 permit 192.168.100.0 0.0.0.255

access-list 121 permit ip 10.6.18.0 0.0.0.255 any

access-list 130 permit ip any host 10.6.18.5

access-list 133 permit ip 192.168.0.0 0.0.0.255 192.168.1.0 0.0.0.255

arp 10.6.18.5 00c0.b607.d30b ARPA

Router B#sh ru

Current configuration : 1123 bytes

version 12.2

service timestamps debug uptime

service timestamps log uptime

memory-size iomem 25

ip subnet-zero

ip name-server 205.171.3.65

ip name-server 205.171.2.65

interface FastEthernet0

ip address 192.168.0.4 255.255.255.0

ip nat inside

speed auto

interface Serial0

ip address 192.168.101.1 255.255.255.0

ip nat outside

no fair-queue

service-module t1 timeslots 1-24

router rip

network 192.168.0.0

network 192.168.101.0

ip nat inside source list 130 interface Serial0 overload

ip classless

ip route 0.0.0.0 0.0.0.0 192.168.0.1

ip route 192.168.1.0 255.255.255.0 192.168.100.1

ip http server

access-list 130 permit ip any host 10.6.18.5

access-list 131 permit ip 10.6.18.0 0.0.0.255 192.168.101.0 0.0.0.255

access-list 133 permit ip 192.168.1.0 0.0.0.255 192.168.0.0 0.0.0.255

Labels:
0 Helpful
4 Replies 4

vdadlaney
Level 1
Level 1

‎07-21-2005 12:30 PM

Hi Dale,

Could you please specify which subnet you are unable to access from where. At the same time just noticed you have a nat access-list 130 on your Routers B and C that point to the same host. Can you elaborate on what connectivity (from which ip to which ip, and how(pings, telnet etc)) you are trying to achieve.

0 Helpful

Dale_Bosley
Level 1
Level 1
In response to vdadlaney

‎07-22-2005 08:05 AM

vdadlaney,

Thanks for your response.

I am unable to get from a host on subnet 192.168.0.0 to a host on 192.168.1.0 I am, for whatever reason able to go from a host on 192.168.1.0 to a host on 192.168.0.0.

The other NAT, access-list 130, is because there is a non windows server on subnet 10.6.18.0 that absolutely will not work unless the addresses are NATed, THe route that a host would have to take from network .0.0 to .1.0 and vice versa would be:

192.168.0.4 fa0 int Router B

192.168.101.1 S0 int Router B

192.168.101.2 S0 int Router A

192.168.100.4 S1 int Router A

192.168.100.1 S0 int Router C

192.168.1.4 fao int Router C

I can ping from fa0 int on router B to the fa0 int on router C but when I tried to ping an inside host on Router C I got no response, when I did a traceroute from int fa0 on router B to a host on router C I hit the 192.168.101.2 int on Router A and it tossed it back to 192.168.101.1 on Router B where it failed the other 27 hops.

Let me know if you need any other info

Thanks

Dale

0 Helpful

vdadlaney
Level 1
Level 1
In response to Dale_Bosley

‎07-25-2005 11:02 AM

Hi Dale,

Can you post the output of the ping and traceroute. Also it seems assuming that you are able to ping from Router B's ethernet to Router C's ethernet that routing appears to be correct. It doesn't look like from your config that the traffic is going to hit the NAT access-list and hence its not going to be natted unless u already have a nat entry from before. Can you also post a output of show ip nat translation. Finally check your hosts to see if they are correctly configured with the subnet mask, default gateway etc. HTH

Regards,

Vikram

0 Helpful

Dale_Bosley
Level 1
Level 1
In response to vdadlaney

‎07-27-2005 09:26 AM

Sorry its taken so long to get back to you on this. Turns out it is certain hosts and 1 server in particular that I can't get to. I stripped the routers back down to bare bones, IP Address and RIP and I can get to most hosts. I had to put in the NAT command like the one for host 10.6.18.5 in order for it to work. I don't know what it is about some of these hosts not responding to anything outside there own subnet but the NATing seems to take care of it.

Thanks for your time again

Dale

0 Helpful
Customers Also Viewed These Support Documents