cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Cisco Community Designated VIP Class of 2020

432
Views
0
Helpful
22
Replies
VIP Mentor

Re: No Internet Access?

Hello

The Mapped ip subnet/range in the picture needs to be the object used for the wan public ip addressing and not the other lan subnet

I think you would already have an object created for this public ip address/range, if not then create one if so then just append that to the the  Mapped ip subnet/range 



kind regards
Paul

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future
Beginner

Re: No Internet Access?

Okay so I added the NAT rule to the Firewall and removed the NAT rule from the Cisco 1841 router. I still can not access the the internet from the 10.10.11.0/24 network, but for the first time I can PING the 10.10.11.254/24 IP address from the 10.10.10.0/24 network. 

 

Just to add I did receive a message when configuring the NAT rule for the 10.10.11.0/24 network on the Firewall.

reach max.JPGwan-nat.JPG 

VIP Mentor

Re: No Internet Access?

Hello

Ive just noticed that says many1:1 nat not many:1 nat which is  different. as many:1 basically means using port address translation (PAT)

Can you try deleting that rule and recreate it again the same way BUT select 1:1 NAT



kind regards
Paul

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future
Hall of Fame Master

Re: No Internet Access?

This discussion seems to be progressing along 2 tracks. One approach is to have the firewall configure a route for subnet 10.10.11.0 and configure address translation for that subnet. There seems to be some confusion about how to accomplish this  or whether it has been done correctly. The second approach is to have the 1841 perform address translation for the 10.10.11.0 subnet. The posted configuration of the 1841 does have address translation configured and I am puzzled about why that seems not to be working. Perhaps showing the translation table might shed some light on this?

 

HTH

 

Rick

If you found this post helpful, please let the community know by clicking the helpful button!
By doing so, and until end of January, you are helping Doctors Without Borders
Beginner

Re: No Internet Access?

I deleted this one post because I did not want it to confuse people viewing this thread. It was a duplicate post on the Route's running configurations.

VIP Mentor

Re: No Internet Access?

looking at your post
try the following:

1)click on many:1 nat
2) rule name - rtr-nat

3) incoming interface = wan

4) Original/mapped ip range -  need to create an object

5) create object -  = name rtr1 subnet start 10.10.11.1 end ip - 10.10.11.254

6) create object -  = name wan subnet start 1.1.1.1 end ip - 1.1.1.1  ( public ip address)

7) original ip range = rtr1 subnet

8) mapped ip range = wan subnet

9) port mapping type = any
10) enable rule



kind regards
Paul

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future
Highlighted
VIP Mentor

Re: No Internet Access?

Hello


@keithhampshire wrote:

Isn't NAT for routing internal private IP address out to the internet (Public IP address)?

 

Why would I use NAT when I'm using private IP addresses on both sides of the router? Remember my FireWall is facing the internet and then my router is behind that. 

 


No it isn't - It sounds like your FW is natting on 10.10.10.254/24 ONLY.
Regards your fw its ONLY aware of its lan facing subnet (10.10.10.254/24) which is the rtrs wan facing interface
It is most probably as i stated before unaware of that rtrs own lan facing subnet (10.10.11.254/24) So you need to do either of those 2 options suggested.

 

1) On the FW - add a static route to point to its lan facing interface (the rtrs wan interface) and its ip address and then append its existing nat ruling to incorporate the rtr lan subnet 10.10.11.0/24

or

2) On the rtr apply nat @Georg Pauwen suggested



kind regards
Paul

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future
VIP Mentor

Re: No Internet Access?

Hello


@keithhampshire wrote:

Router setup:

-fa0/0 10.10.10.254 255.255.255.0 (directly connected to my Zywall)

       -no shut

-fa0/1 10.10.11.254 255.255.255.0 (directly connected to my laptop)

       -no shut

Why can't I get out to the internet with my laptop directly connected to the router with static IP of 10.10.11.1/24?


Probably because the Fw isn't aware of the 10.10.11.0/24 subnet, you need to add a static route on the FW for that subnet to point towards the rtr and also add this subnet to the NAT FW rule.

Alternatively you can perform NAT on the rtr just for that subnet as stated by @Georg Pauwen  

 



kind regards
Paul

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future
CreatePlease to create content
Content for Community-Ad
FusionCharts will render here