cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
762
Views
0
Helpful
2
Replies

Can't Access Non-Pingable Resources On The Web Through C1700

Keegan Santos
Level 1
Level 1

                   Hello Everyone,

Was wondering if someone could help me out, I have a Cisco C1700 doing nat/pat.  since there is only one physical interface on it I have two subinterfaces setup, one thats the inside and one that is the outside and i have a 2950 that i have the main lan switch hooked up to and the cable modem hooked up to.  it works pretty well but for some reason i can't access resources such as web pages and remote desktops on non-pingable client servers and networks.  if i can ping the ip address i can access the resources for example, on two different domains (and ips of course) i have an exchange 2010 server setup.  one of the domains is pingable, the other is not, on the one that is pingable i can access owa without a problem from within my network, but on the one that isn't, i can't access owa, when i know it is accessible becuase i can access it from another network.  if i can provide anymore information let me know.  below are the configs, thank you in advance for any help that ya'll can offer

ROUTER -

Building configuration...

Current configuration : 1622 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname rt1
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$7lQ/$5YK9785QnrUoczhF7EgQt1
!
no aaa new-model
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef
!
!
no ip dhcp use vrf connected
!
ip dhcp pool trtpool
   network 192.168.176.0 255.255.255.0
   domain-name xxxxxxx
   dns-server X.X.X.X
   default-router 192.168.176.254
!
!
ip name-server X.X.X.X
ip name-server X.X.X.X
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
username xxxxx secret 5 xxxxxxxxxxxxxxxxxxxxx
!
!
!
!
!
!
interface FastEthernet0
no ip address
speed auto
!
interface FastEthernet0.1
encapsulation dot1Q 2
ip address 192.168.176.254 255.255.255.0
ip nat inside
ip virtual-reassembly
no snmp trap link-status
!
interface FastEthernet0.2
encapsulation dot1Q 1 native
ip address X.X.X.X 255.255.255.252
ip nat outside
ip virtual-reassembly
no snmp trap link-status
!
interface Serial0
no ip address
shutdown
!
interface Serial1
no ip address
shutdown
!
ip classless
ip route 0.0.0.0 0.0.0.0 X.X.X.X
!
!
no ip http server
no ip http secure-server
ip nat pool trt X.X.X.X X.X.X.X prefix-length 30
ip nat inside source list 7 pool trt overload
ip nat inside source static tcp 192.168.176.241 3389 X.X.X.X 3389 extendable
!
access-list 7 permit any
!
!
control-plane
!
!
!
!
!
!
!
!
!
line con 0
login local
line aux 0
line vty 0 4
login local
line vty 5 15
login local
!
end

SWITCH -

Building configuration...

Current configuration : 1432 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname sw3
!
enable secret 5 $1$0jRd$8H/1x37e29qCOLGhr7d6V1
!
username xxxxxxxxx secret 5 xxxxxxxxxxxxxxxxxxxxxx
ip subnet-zero
!
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
!
!
interface FastEthernet0/1
switchport access vlan 2
!
interface FastEthernet0/2
switchport access vlan 2
!
interface FastEthernet0/3
switchport mode trunk
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
switchport mode trunk
spanning-tree vlan 1 cost 19
!
interface Vlan1
no ip address
no ip route-cache
shutdown
!
interface Vlan2
ip address 192.168.176.10 255.255.255.0
no ip route-cache
!
ip http server
!
line con 0
login local
line vty 0 4
login local
line vty 5 15
login local
!
!
end

2 Replies 2

John Blakley
VIP Alumni
VIP Alumni

Keegan,

I'd tighten up the acl that's used for identifying what's being natted. Try this:

no access-list 7

access-list 7 permit 192.168.176.0 0.0.0.255

Unless you're trying to nat out as a certain address, you don't need to use a pool. You could try:

ip nat inside source list 7 interfa f0/0.2 overload

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

Yea, I left it like that to eliminate the ACL as a variable.

So you're saying that because I'm using a pool is the reason that its not working?

Review Cisco Networking for a $25 gift card