Internet access from 1841 router

fmatrine · ‎01-03-2007

Hi All,

refer the attached topology and config file for the routers.

Requirement is to serve the internet for both the lan subnets as shown in the diagram.

Will this config work or is anything else reuqires in terms of interface natting.

Regards

network.king · ‎01-03-2007

Hi

As per your Config , you have allowed only access to one ip and it also requires some addition

interface Fa0/1

Description Connected to Private_Router

ip address 192.168.165.30 255.255.255.252

ip nat inside --- add

interface Serial0/0/1

Description Connected to Service Provider

ip address 220.227.113.5 255.255.255.252

ip nat outside --- add

If you require for your lan also internet access , then you need to do PAT .

1.Configure a access-list to allow the source ips

access-list 1 permit 199.30.1.0 0.0.0.255

access-list 1 permit 172.16.2.0 0.0.1.255

2.Configure a PAT

ip nat inside source list 1 interface Serial0/0/1 overload

3.Configure nat inside in ur Internet router LAN interface

interface FastEthernet0/0

description Connected to Private Segment

ip address 199.30.1.10 255.255.255.0

ip nat inside

But Iam not sure 199.30.1.10 is ur public ip , but its not a private ip

Hope this helps

regards

vanesh k

pallavireddy. · ‎01-04-2007

I believe this is the configuration u can apply on your routers according to your network setup in the network diagram.

here it goes:

Internet_Router#

hostname Internet_Router

interface FastEthernet0/0

description Connected to Private Segment

ip address 199.30.1.10 255.255.255.0( any reason for using a public range ???)

no ip proxy-arp

no ip mroute-cache

no ip redirects

duplex full

speed 100

interface Serial0/0/0

Description Connected to Private_Router

ip address 192.168.165.30 255.255.255.252

ip nat inside

no ip proxy-arp

no ip mroute-cache

no ip redirects

duplex full

speed 100

interface Serial0/0/1

Description Connected to Service Provider

ip address 220.227.113.5 255.255.255.252

ip nat outside

no ip proxy-arp

no ip mroute-cache

no ip redirects

duplex full

speed 100

ip classless

ip route 172.16.2.0 255.255.255.0 192.168.165.29

ip route 0.0.0.0 0.0.0.0 220.227.113.6

ip nat inside source list 1 interface se0/0/1 overload

access-list 1 permit 192.168.165.28 0.0.0.3

access-list 1 permit 172.16.2.0 0.0.0.255

line con 0

line aux 0

line vty 0 4

line vty 5 15

Internet_Router#

Private_Router#

hostname Private_Router

!

interface FastEthernet0/0

description Private Lan

ip address 172.16.2.1 255.255.255.0

no ip proxy-arp

no ip mroute-cache

no ip redirects

duplex full

speed 100

!

interface S0/0/0

ip address 192.168.165.29 255.255.255.252

no ip proxy-arp

no ip mroute-cache

no ip redirects

duplex full

speed 100

!

ip classless

ip route 0.0.0.0 0.0.0.0 192.168.165.30

!

line con 0

line aux 0

line vty 0 4

Private_Router#

Hope this is clear.

Please rate if it does.

Cheers

Pallavi

jitesh1982 · ‎01-04-2007

Hi Martin

i have gone through ur configuration .u havent define which interface is inside and which one is outside .

any way if u want to use internet from both lan do config as such

1)ip nat outside ( Serial Connecting Reliance ISP)

2)ip nat inisde ( for local lan and wan connecting other location )

3) access-list 1 permit 199.30.1.0 0.0.0.255 (permitting local lan)

access-list 1 permit 172.16.2.0 0.0.0.255 (permitting remote local lan)

access-list 1 permit 192.168.165.28 0.0.0.3 (permitting wan network so that u can ping ointernet from remote router also .it is optional )

4) ip nat inside source list 1 inteface serial0(outgoing interface) overload

No need of doing any config at remote end

If this doesnt work .then let me know so that i can give other solution