05-02-2013 10:59 AM - edited 03-04-2019 07:47 PM
I have a Cisco 1841 that has an ADSL (ATM) card installed. It was previously used with an ADSL line to provide NAT routing for an office. Now I want to use it witha cable modem, which would mean abandoning the ADSL interface and instead routing between the two Ethernet ports.
Between the Cisco and the LAN is a Linux transparent proxy. It provides routing between 192.168.1.0 (LAN) and 192.168.2.111 (Cisco LAN interface).
The network looks like this:
Cable Modem(174.76.21.1)(gateway) --- (174.76.21.10)(WAN) Cisco 1841 (LAN)(192.168.2.111) --- (192.168.2.11) Linux Proxy (192.168.1.10) --- (192.168.1.0) LAN
For testing and diagnostics, I've connected a laptop to each FastEthernet port on the router. One laptop is configured with the IP 174.76.21.1 to simulate the cable modem gateway and the other laptop has the IP 192.168.2.11 to simulate the Linux proxy. From those systems I've performed the following diagnostics with the following results:
From 192.168.2.11
Ping 192.168.2.111 - OK
Ping 174.76.21.15 - OK
Ping 174.76.21.1 - Timed out
From 174.76.21.1
Ping 174.76.21.15 - OK
NAT translation to LAN IP's failing
There are some vestiges of the ADSL configuration, but I've cleaned most of it out and shut down the ATM interfaces. Here's my config:
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
no logging buffered
!
no aaa new-model
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef
!
!
no ip dhcp use vrf connected
!
!
ip name-server 209.244.0.3
ip name-server 209.244.0.4
!
bridge irb
!
interface FastEthernet0/0
description LAN0$FW_INSIDE$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$$ETH-LAN$
ip address 192.168.2.111 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip tcp adjust-mss 1452
duplex auto
speed auto
no mop enabled
!
interface FastEthernet0/1
description WAN$ETH-WAN$
ip address 174.76.21.10 255.255.255.224
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
duplex auto
speed auto
!
interface ATM0/0/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
shutdown
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0/0/0.1 point-to-point
shutdown
!
interface ATM0/0/0.2 point-to-point
shutdown
pvc 0/35
pppoe-client dial-pool-number 1
!
!
interface BVI1
mtu 1492
no ip address
!
ip classless
ip route 0.0.0.0 0.0.0.0 174.76.21.1
ip route 192.168.1.0 255.255.255.0 192.168.2.11
!
ip http server
ip nat inside source list 1 interface FastEthernet0/1 overload
ip nat inside source list 2 interface FastEthernet0/1 overload
ip nat inside source static tcp 192.168.1.13 1723 interface FastEthernet0/1 1723
ip nat inside source static tcp 192.168.1.14 6004 interface FastEthernet0/1 6004
!
ip access-list extended sdm_bvi1_out
remark SDM_ACL Category=1
permit ip any any
remark SDM_ACL Category=1
ip access-list extended sdm_dialer0_out
remark SDM_ACL Category=1
permit ip any any
remark SDM_ACL Category=1
!
access-list 1 permit 192.168.2.0 0.0.0.255
access-list 2 remark SDM_ACL Category=2
access-list 2 permit 192.168.1.0 0.0.0.255
dialer-list 1 protocol ip permit
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
!
line con 0
line aux 0
line vty 0 4
login
!
end
Where am I going wrong?
05-02-2013 12:06 PM
As you have traffic fro 1.0 you do not need the nat for 2.0
Sent from Cisco Technical Support Android App
05-02-2013 01:05 PM
Okay. But the .1.0 LAN is still not getting out to the internet. It can see as far as the WAN Ethernet interface, but no further. It seems like the router isn't forwarding to the final hop - the ISP's gateway.
05-03-2013 01:45 AM
try to connect directly to interface f0/0 and take an IP from the 192.168.2.0/24 range, if you get internet connection then it might be an issue with the linux box
after that connect behind the linux proxy and take an IP from the 192.168.1.0/24 range and do a traceroute and provide the output of show ip nat translation
05-03-2013 07:02 AM
Thank you for the suggestion, Ahmad. I am currently doing as you suggest - testing with a system hooked directly to f0/0 with a 2.x address and the Linux proxy removed from the picture. The system with the 2.x address is unable to get any further than the f0/1 interface on the router.
05-03-2013 07:09 AM
Can you provide the output of show ip nat translation
Sent from Cisco Technical Support iPhone App
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide