Thanks for your reply, Yes they are communicating across the Serial interface 0 There is another router on S1 but that one is working fine as is, and I see where I messed up with the access-lists now. Man I was staring at it the whole time and never saw it. This is basically a unidirectional setup so I didn't put any NAT on the Router B.

Thanks for your help again

Johansens,

OK, i don't know whats not working here. I put in that access-list and lost connection between the 2 routers. Here's what I'm trying to accomplish in a nut shell.

Network 192.168.0.0 (Internal routerA) needs to cross

Network 192.168.101.0 (External RouterA & B) this is the T1 line,to get to:

Network 10.6.18.0 (Internal routerB)

What NATing needs to take place and where?

Any config commands would be greatly appreciated.

Thanks

Dale

First I have to ask a question:

Why do you think you need NAT in the first place?

I could understand the need if you are having either (or both)

a) overlapping IP-addresses somewhere in one (or both) of the sides deeper into the networks

b) gateways on the LAN-sides of each side which doesn't support internal routing on the same interface (ie. older PIX etc) and you don't want to change the default gateway to your router and you don't want to put static routes in your clients/servers to reach the other site either.

Basically I would need to understand your whole picture before I could give you a working setup because the placement of NAT statements and routing all depends on what your end-goal is.

If you don't need NAT, then plain and simple routing does the trick.

Now for a sample config which will solve what you are saying you are trying to accomplish:

Router A:

!

interface FastEthernet0

ip address 192.168.0.4 255.255.255.0

ip nat inside

!

interface Serial0

ip address 192.168.101.1 255.255.255.0

ip nat outside

!

ip nat inside source list 131 interface Serial0 overload

!

ip route 10.6.18.0 255.255.255.0 192.168.101.2

!

access-list 131 permit 192.168.0.0 0.0.0.255 10.6.18.0 0.0.0.255

!

no arp 10.6.18.5 00c0.b607.d30b ARPA

no arp 10.6.18.1 0010.e004.6ccb ARPA

!

Router B:

interface FastEthernet0

ip address 10.6.18.4 255.255.255.0

ip nat inside

!

interface Serial0

ip address 192.168.101.2 255.255.255.0

ip nat outside

!

ip nat inside source list 131 interface Serial0 overload

!

no ip route 192.168.1.0 255.255.255.0 192.168.100.3

no ip route 192.168.1.0 255.255.255.0 192.168.100.1

ip route 192.168.1.0 255.255.255.0 192.168.101.1

!

access-list 131 permit 10.6.18.0 0.0.0.255 192.168.0.0 0.0.0.255

!

no arp 10.6.18.5 00c0.b607.d30b ARPA

!

Remember now that the NAT overload will use the 192.168.101.0/24 network which the should be known in the LAN-sides of your routers. If this network isn't known, you'll have to use the LAN interface to do the NAT'ing.. and it could be done like this:

Router A:

!

interface FastEthernet0

ip address 192.168.0.4 255.255.255.0

ip nat outside

!

interface Serial0

ip address 192.168.101.1 255.255.255.0

ip nat inside

!

ip nat inside source list 131 interface FastEthernet0 overload

!

ip route 10.6.18.0 255.255.255.0 192.168.101.2

!

access-list 131 permit 10.6.18.0 0.0.0.255 192.168.0.0 0.0.0.255

!

no arp 10.6.18.5 00c0.b607.d30b ARPA

no arp 10.6.18.1 0010.e004.6ccb ARPA

!

Router B:

interface FastEthernet0

ip address 10.6.18.4 255.255.255.0

ip nat outside

!

interface Serial0

ip address 192.168.101.2 255.255.255.0

ip nat inside

!

ip nat inside source list 131 interface FastEthernet overload

!

no ip route 192.168.1.0 255.255.255.0 192.168.100.3

no ip route 192.168.1.0 255.255.255.0 192.168.100.1

ip route 192.168.1.0 255.255.255.0 192.168.101.1

!

access-list 131 permit 192.168.0.0 0.0.0.255 10.6.18.0 0.0.0.255

!

no arp 10.6.18.5 00c0.b607.d30b ARPA

!

You will see I have turned the inside/outside around and done the NAT'ing likewise.

Did this help?

Thanks I will try these configs and let you know. The reason for the NAT is because we are using an old Linux server and a Quantum server and for whatever reason users from the 192.168.0.0 network are unable to reach these servers in the 10.6.18.0 network unless NAT is in place. That is also the reason for the static ARP. Back when these routers were under warranty I was using TAC and the configs are what they came up with to make this kaka work. That was the reason for the access-list ### permit ip any host command.

I will give these commands a shot and see what happens.

Thanks again

Dale

OK I tried both of the configs that you gave me and the router's still can't ping from LAN int to LAN int. I have reattached my current configs. FYI S1 on Router A is to another Cisco 1720 on another T1 and that one works fine. I had originally copied the configs to Router B from that other 1720 and just changed the IP addresses and it would not work.I can ping from the S0 interface of Router B to the Fa0 int of Router A, but when I try to ping the other way from the the S0 int. of Router A to the Fa0 int. of Router B I get U.U.U as a response. Thanks for taking the time to help me out I really appreciate it. Here are the current configs.

User Access Verification

Password:

Router A>en

Password:

Router A#sh ru

Building configuration...

Current configuration : 1487 bytes

version 12.2

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

memory-size iomem 25

ip subnet-zero

ip name-server 205.171.3.65

ip name-server 205.171.2.65

interface Tunnel1

no ip address

!

interface FastEthernet0

ip address 10.6.18.4 255.255.255.0

ip nat outside

speed auto

!

interface Serial0

ip address 192.168.101.2 255.255.255.0

ip accounting output-packets

ip nat inside

no fair-queue

service-module t1 clock source internal

service-module t1 timeslots 1-24

interface Serial1

ip address 192.168.100.4 255.255.255.0

ip accounting output-packets

no fair-queue

service-module t1 clock source internal

service-module t1 timeslots 1-24

ip nat inside source list 131 interface FastEthernet0 overload

ip classless

ip forward-protocol udp 5631

ip forward-protocol udp 5632

ip route 0.0.0.0 0.0.0.0 10.6.18.2

ip route 192.168.0.0 255.255.255.0 192.168.101.1

ip route 192.168.1.0 255.255.255.0 192.168.100.3

ip http server

!

access-list 1 permit 192.168.0.0 0.0.0.255

access-list 2 permit 10.6.18.0 0.0.0.255

access-list 3 permit 192.168.100.0 0.0.0.255

access-list 4 permit 192.168.1.0 0.0.0.255

access-list 131 permit ip 192.168.0.0 0.0.0.255 10.6.18.0 0.0.0.255

arp 10.6.18.5 00c0.b607.d30b ARPA

!

line con 0

logging synchronous

line aux 0

line vty 0 4

session-timeout 60

absolute-timeout 60

login

!

no scheduler allocate

end

===================================================================================================================

===================================================================================================================

Router B>en

Password:

Router B#sh ru

Building configuration...

Current configuration : 878 bytes

!

version 12.2

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

memory-size iomem 25

ip subnet-zero

ip name-server 205.171.3.65

ip name-server 205.171.2.65

interface FastEthernet0

ip address 192.168.0.4 255.255.255.0

ip nat outside

speed auto

!

interface Serial0

ip address 192.168.101.1 255.255.255.0

ip nat inside

no fair-queue

service-module t1 timeslots 1-24

!

ip nat inside source list 131 interface FastEthernet0 overload

ip classless

ip route 10.6.18.0 255.255.255.0 192.168.101.2

ip http server

!

access-list 131 permit ip 10.6.18.0 0.0.0.255 192.168.0.0 0.0.0.255

arp 10.6.18.5 00c0.b607.d30b ARPA

arp 10.6.18.1 0010.e004.6ccb ARPA

!

line con 0

logging synchronous

line aux 0

line vty 0 4

absolute-timeout 60

login

!

end

Ok, here's what you should do:

First off, on Router B:

- remove the "ip nat inside" on Serial0

- remove the "ip nat outside" on FastEthernet0

- remove the arp-statements

On Router A:

- remove the "ip nat inside" on Serial0

- remove the "ip nat outside" on FastEthernet0

When you have done this, test if you can ping all interfaces between the routers:

From Router A:

ping 192.168.101.1

ping 192.168.0.4

ping ip 192.168.101.1 source FastEthernet0

ping ip 192.168.0.4 source FastEthernet0

From Router B:

ping 192.168.101.2

ping 10.6.18.4

ping ip 192.168.101.2 source FastEthernet0

ping ip 10.6.18.4 source FastEthernet0

All of these should now work. If they don't work, there is something very wrong...

When they now work, do the following:

On Router A:

- configure "ip nat inside" on Serial0

- configure "ip nat outside" on FastEthernet0

After this, do the ping-tests from RouterB once again:

ping 192.168.101.2

ping 10.6.18.4

ping ip 192.168.101.2 source FastEthernet0

ping ip 10.6.18.4 source FastEthernet0

All of these should now work. If not, there is something strange going on..

If everything works so far, go on..

Now, do the following test from RouterA:

ping ip 192.168.0.xxx source FastEthernet0

where 192.168.0.xxx is a host on the LAN-side of RouterB.

If this doesn't work, you have an issue with the return-routes from the LAN on RouterB...

If this works, go on.

Now do the following test from RouterB:

ping ip 10.6.18.1 source FastEthernet0

If this works, then all is good...

If it doesn't work, check the NAT-tables on Router A to see if it got NAT'ed correctly:

show ip nat translations

Can you do this and report back on the progress?

OK I think I found the culprit. On router B I checked to make sure all interfaces were not in a shut down mode and they all showed up and up. So I tried to ping the Fa0 int 192.168.0.4 and it failed. I tried the shut and then no shut just to make sure and it still fails, so I guess I have a dead ethernet port. I am going to swap routers and see if this solves the problem.

Now once this is up and going should I be able to get connectivity all the way through the 3 routers. In other words will I be able to get from router B through router A to Router C? or am I looking at a nightmare here. Router C is on the S1 of router A.

All I can say is Thank you, you da man and where do I send the check ;-)

Thanks again

Dale

OK swapping out the routers worked, thanks again for all your help. The only thing I can't do is get from Router B through Router A to Router C what do I need to do to make this happen, anytime I make the T1 interfaces on the routers in the same network i.e. 192.168.100.1--RouterC S0 int

192.168.100.4--RouterA S1 int

192.168.100.2--RouterA S0 int

192.168.100.3--RouterB S0 int

The whole thing crashes and or locks up. If you'd like to continue helping me I'd sure appreciate it, if not could you point me in the right direction.

Thanks

Dale

You can't let the same subnet span over several interfaces like that.. The router will allow you to configure it, but if the traffic doesn't go to the same router in the other end, the packets will get lost.

Ok that said, here's the how the configs should look (w/o NAT):

Router A (I have assumed the Serial0 on Router C has the 192.168.100.3 address):

interface FastEthernet0

ip address 10.6.18.4 255.255.255.0

!

interface Serial0

ip address 192.168.101.2 255.255.255.0

!

interface Serial1

ip address 192.168.100.4 255.255.255.0

!

ip route 192.168.0.0 255.255.255.0 192.168.101.1

ip route 192.168.1.0 255.255.255.0 192.168.100.3

!

Router B:

interface FastEthernet0

ip address 192.168.0.4 255.255.255.0

!

interface Serial0

ip address 192.168.101.1 255.255.255.0

!

ip route 192.168.1.0 255.255.255.0 192.168.101.2

ip route 10.6.18.0 255.255.255.0 192.168.101.2

!

Router C (I assume you have connected to T1 on Serial0 towards Router A, and I have put the 192.168.100.3 address on this interface):

interface FastEthernet0

ip address 192.168.1.3 255.255.255.0

!

interface Serial0

ip address 192.168.100.3 255.255.255.0

!

ip route 192.168.0.0 255.255.255.0 192.168.100.4

ip route 10.6.18.0 255.255.255.0 192.168.100.4

!

I have also assumed the FastEthernet0 address at Router C is 192.168.1.4/24... :)

Now it's just to apply the NAT'ing as I showed you before.

Did it help?

OK apparently I need my hand held here. I put in the static routes on all 3 routers.

First of all is it absolutely necessary to do the NAT?

I can ping from routerA inside int. to either of the inside interfaces of the other two routers, but not from RouterB to Router C at all, not even the outside interfaces. I'm assuming that most of the NATing would have to be done on RouterA. I tried this NAT with no success

Router B access-list 133 permit ip 192.168.1.0 0.0.0.255 192.168.101.0 0.0.0.255

ip nat inside source list 133 int s0 overload

Router A access-list 4 permit 192.168.1.0 0.0.0.255

ip nat inside source list 4 int s1 overload

Again, any help is appreciated

Forget the NAT for now... given that you configured as I specified in the last post, add the following to Router B and Router C to make sure the linknets also are known:

Router B:

ip route 192.168.100.0 255.255.255.0 192.168.101.2

Router C:

ip route 192.168.101.0 255.255.255.0 192.168.100.4

As an alternative, you could simply do this on all routers:

Router A:

router rip

version 2

network 10.0.0.0

network 192.168.100.0

network 192.168.101.0

Router B:

router rip

version 2

network 192.168.0.0

network 192.168.101.0

Router C:

router rip

version 2

network 192.168.1.0

network 192.168.100.0

This would enable a dynamic routing-protocol on your routers, and would make sure the routing-tables are correct.. (you won't need any more static routes except for leaving this interconnected network, f.ex. default routes at each location as you already have)

There are other routing-protocols as well (OSPF, EIGRP, IS-IS etc.), but RIPv2 is at least supported in all relevant versions/featuresets..

Now the NAT (if you really still need it because of your strange servers) should only be applied on Router A. But make sure your basic routing and connectivity is OK before you go on with the special NAT-setup.

Did it help?

SUCCESS!!!!!!.

Funny thing. I borrowed a routing simulation program over the weekend and tried using RIP which is exactly what you recommended, without any NATing or static routes and everything works great. I do have to keep the NATing on routers B and C in order to talk to the server on A but other than the IP any host command and the access-list that refers to it the rest have been removed. Thanks again you have been a tremendous help.

Thanks

Dale