Solved: Simple routing question - its been a long time...

Huw Davies · ‎06-19-2015

Hi guys,

Sorry for such a lame post, its been years since I've had to configure a Cisco device.

I have an Ethernet internet connection presented to me that i'd like to test. I have a useable public address for that connection. I want to connect an old 1841 to it.

I want FE0/0 to have the public IP (and hence the gateway to the interweb)

I want FE0/1 to have an internal IP, and the 1841 to dole out DHCP.

So basically I want all internet traffic to go out via FE0/0.

This is where I've got to, but no joy. I suspect NAT is my issue, its been my arch enemy.

Can you point out where i'm going wrong?

Thanks!

version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Mary_Celeste
!
boot-start-marker
boot-end-marker
!
enable secret 5 blablabla
!
no aaa new-model
!
resource policy
!
ip cef
!
!
ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.250 255.255.255.0
!
ip dhcp pool DHCP
   network 192.168.1.0 255.255.255.0
   dns-server 194.150.201.22
   lease 2
!
!
!
!
controller E1 0/0/0
!
!
interface FastEthernet0/0
ip address 188.111.222.33 255.255.255.224
ip nat outside
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.1.250 255.255.255.0
ip nat inside
duplex auto
speed auto
!
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
!
no ip http server
ip nat pool NAT 192.168.1.0 192.168.1.100 netmask 255.255.255.0
ip nat outside source list 1 pool NAT add-route
!
disable-eadi
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
login
!
scheduler allocate 20000 1000
end

Jon Marshall · ‎06-19-2015

If that is your public IP can you blank out the middle octets eg. 188.x.x.33 as this is a public forum.

That aside not sure what the NAT pool is for but for a basic configuration -

1) remove your current NAT configuration

2) add this configuration -

access-list 101 permit ip 192.168.1.0 0.0.0.255 any

ip nat inside source list 101 interface fa0/0 overload

Jon

View solution in original post

Jon Marshall · ‎06-19-2015

If that is your public IP can you blank out the middle octets eg. 188.x.x.33 as this is a public forum.

That aside not sure what the NAT pool is for but for a basic configuration -

1) remove your current NAT configuration

2) add this configuration -

access-list 101 permit ip 192.168.1.0 0.0.0.255 any

ip nat inside source list 101 interface fa0/0 overload

Jon

Richard Burts · ‎06-19-2015

Jon is quite right that the NAT pool as configured will not work because it would attempt to translate the private address into a private address (and in the same subnet range).

Aside from the NAT issue there may be another aspect to consider which is the default route

ip route 0.0.0.0 0.0.0.0 FastEthernet0/0

At best it is not a good practice and it is quite possible that this default route could cause failure to access the Internet. The issue is that when a static route points just to the exit interface (and the interface is Ethernet) then the router must ARP for every destination address. And it will work only if the next hop router has enabled proxy arp. If the next hop does not enable proxy arp (and increasingly providers are not enabling proxy arp because of security concerns) then the router can not access the Internet. So it would be much better if the default route specified the next hop address rather than just the exit interface.

HTH

Rick

HTH

Rick

Huw Davies · ‎06-19-2015

OK Richard i'll alter that thanks

Huw Davies · ‎06-19-2015

Hi Jon - yep I made that public IP range up.

cheers for the reply i'll give those a go