Re: connect cisco router 9600 to home isp router

Marco Bertagnolli · ‎10-21-2023

Hi,

I'm trying to install a Cisco Router 2900 by connecting it to my Fastweb Fastgate ISP router.

These are the configurations on the 2900 router:

interface GigabitEthernet0/0
ip address 192.168.100.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/0.10
!
interface GigabitEthernet0/1
ip address 192.168.1.253 255.255.255.0
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1.10
encapsulation dot1Q 10
ip address 10.10.10.254 255.255.255.0
!
interface GigabitEthernet0/1.20
encapsulation dot1Q 20
ip address 10.10.20.254 255.255.255.0
!
interface GigabitEthernet0/1.30
encapsulation dot1Q 30
ip address 10.10.30.254 255.255.255.0
!
interface GigabitEthernet0/1.40
encapsulation dot1Q 40
ip address 10.10.40.254 255.255.255.0
!
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source list 1 interface GigabitEthernet0/1 overload
ip route 0.0.0.0 0.0.0.0 192.168.1.254
ip route 10.10.10.0 255.255.255.0 192.168.100.253
ip route 10.10.20.0 255.255.255.0 192.168.100.253
ip route 10.10.30.0 255.255.255.0 192.168.100.253
ip route 10.10.40.0 255.255.255.0 192.168.100.253
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 10.10.10.0 0.0.0.255
access-list 1 permit 10.10.20.0 0.0.0.255
access-list 1 permit 10.10.30.0 0.0.0.255

configuration on Fastweb Fastgate ISP router:

ip = 192.168.1.254 /24

2900
gb 0/1 connected to ISP router
gb 0/0 connected to 2960 switch

Thanks in advance.

M02@rt37 · ‎10-21-2023

Hello @Marco Bertagnolli,

What is your question ?

Your configuration seems to be correct.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

Marco Bertagnolli · ‎10-21-2023

The problem is that if I try to ping a host inside the Cisco router network from the ISP router's network I get no response, the same as if I ping from inside the Cisco router's network outside. In practice, the two networks do not communicate

Richard Burts · ‎10-21-2023

There are several things in this config that puzzle me. First and most important why are there vlan subintefaces on Gig0/1 with private IP addresses. If Gig0/1 connects to the ISP router what are these subnets?

Also why are these static routes in the config?

ip route 10.10.10.0 255.255.255.0 192.168.100.253
ip route 10.10.20.0 255.255.255.0 192.168.100.253
ip route 10.10.30.0 255.255.255.0 192.168.100.253
ip route 10.10.40.0 255.255.255.0 192.168.100.253

Those subnets are directly connected subnets in the config and as such the static routes will be ignored.

Also why does access list 1 not have an entry for 10.10.40.0?

Also why does this subinterface have no configuration?

interface GigabitEthernet0/0.10

HTH

Rick

Marco Bertagnolli · ‎10-22-2023

Thank you very much for the help
I had actually made a lot of configuration mistakes but unfortunately even after fixing the network does not work, I still cannot connect from the ISP's network to the Cisco router one and the same from the network of the Cisco router to the ISP one.

this is the configuration on the cisco 2900 now:

interface GigabitEthernet0/0
ip address 192.168.100.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/0.10
encapsulation dot1Q 10
ip address 10.10.10.254 255.255.255.0
!
interface GigabitEthernet0/0.20
encapsulation dot1Q 20
ip address 10.10.20.254 255.255.255.0
!
interface GigabitEthernet0/0.30
encapsulation dot1Q 30
ip address 10.10.30.254 255.255.255.0
!
interface GigabitEthernet0/0.40
encapsulation dot1Q 40
ip address 10.10.40.254 255.255.255.0
!
interface GigabitEthernet0/1
ip address 192.168.1.253 255.255.255.0
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto

I think the problem is that my ISP router doesn't know how to route the cisco network ip (10.10.10.x, 10.10.20.x, etc.) but I don't know if there are any fixes because my ISP router (fastweb fastgate) doesn't have a feature for static routing. Maybe I'm totally wrong though.

Again thank you so much for the help.

Richard Burts · ‎10-22-2023

The ISP router does not need to know how to route to the 10.10.x.y networks. When you configure ip nat it translates those addresses and they would appear to be from the 192.168.1.253 address. The most important issue I see here is that you need to add ip nat inside to the vlan subinterfaces.

I am not clear why you are having issues communicating with the ISP router. To investigate this would you post the output of these commands on your router:

show ip interface brief

show arp

show ip route

HTH

Rick

Marco Bertagnolli · ‎10-23-2023

I added the ip nat inside on all the gi0/0 sub interfaces, those are the outputs of the commands you asked

R1#show ip interface brief
Any interface listed with OK? value "NO" does not have a valid configuration

Interface IP-Address OK? Method Status Protocol
Embedded-Service-Engine0/0 unassigned YES unset administratively down down
GigabitEthernet0/0 192.168.100.254 YES manual up up
GigabitEthernet0/0.10 10.10.10.254 YES manual up up
GigabitEthernet0/0.20 10.10.20.254 YES manual up up
GigabitEthernet0/0.30 10.10.30.254 YES manual up up
GigabitEthernet0/0.40 10.10.40.254 YES manual up up
GigabitEthernet0/1 192.168.1.253 YES manual up up
GigabitEthernet0/1.10 unassigned YES manual deleted down
GigabitEthernet0/1.20 unassigned YES manual deleted down
GigabitEthernet0/1.30 unassigned YES manual deleted down
GigabitEthernet0/1.40 unassigned YES manual deleted down
NVI0 unassigned NO unset up up

R1#show arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.10.10.1 3 7486.7ad6.d2b8 ARPA GigabitEthernet0/0.10
Internet 10.10.10.254 - fc99.4791.2860 ARPA GigabitEthernet0/0.10
Internet 10.10.20.254 - fc99.4791.2860 ARPA GigabitEthernet0/0.20
Internet 10.10.30.254 - fc99.4791.2860 ARPA GigabitEthernet0/0.30
Internet 10.10.40.254 - fc99.4791.2860 ARPA GigabitEthernet0/0.40
Internet 192.168.1.76 0 bcd0.744f.057c ARPA GigabitEthernet0/1
Internet 192.168.1.253 - fc99.4791.2861 ARPA GigabitEthernet0/1
Internet 192.168.1.254 0 086a.0a64.45d8 ARPA GigabitEthernet0/1
Internet 192.168.100.254 - fc99.4791.2860 ARPA GigabitEthernet0/0

R1#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override

Gateway of last resort is 192.168.1.254 to network 0.0.0.0

S* 0.0.0.0/0 [1/0] via 192.168.1.254
10.0.0.0/8 is variably subnetted, 8 subnets, 2 masks
C 10.10.10.0/24 is directly connected, GigabitEthernet0/0.10
L 10.10.10.254/32 is directly connected, GigabitEthernet0/0.10
C 10.10.20.0/24 is directly connected, GigabitEthernet0/0.20
L 10.10.20.254/32 is directly connected, GigabitEthernet0/0.20
C 10.10.30.0/24 is directly connected, GigabitEthernet0/0.30
L 10.10.30.254/32 is directly connected, GigabitEthernet0/0.30
C 10.10.40.0/24 is directly connected, GigabitEthernet0/0.40
L 10.10.40.254/32 is directly connected, GigabitEthernet0/0.40
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.0/24 is directly connected, GigabitEthernet0/1
L 192.168.1.253/32 is directly connected, GigabitEthernet0/1
192.168.100.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.100.0/24 is directly connected, GigabitEthernet0/0
L 192.168.100.254/32 is directly connected, GigabitEthernet0/0

thank you very much for helping me!

Marco

Richard Burts · ‎10-24-2023

Thank you for the requested outputs. Based on these it looks like your router should have connectivity with the ISP router. You tell us ", I still cannot connect from the ISP's network to the Cisco router one and the same from the network of the Cisco router to the ISP one". Is this SSH or telnet, or is it ping or traceroute, or is it some other type of connection?

HTH

Rick

Marco Bertagnolli · ‎10-24-2023

I usualy try with ping but even ssh or http doesn't work at all

thank you for helping

Marco

Richard Burts · ‎10-24-2023

In investigating this type of problem ping or traceroute are better than ssh or http (which are much more likely to have access controlled). Are you attempting ping from the router itself or from some device in your network? And better to test from the router than from some device in the network.

When you attempt ping and it does not work can you check and see if your router has generated any log messages?

HTH

Rick

Giuseppe Larosa · ‎10-23-2023

Hello @Marco Bertagnolli ,

you need to add the

ip nat inside

under each subif of gi0/0 to trigger NAT operations

Hope to help

Giuseppe