12-02-2009 11:46 AM - edited 03-04-2019 06:51 AM
Hi everyone
I have a 2514 and I´m using both ethernet ports (config below).
One is attached to the LAN and the other to a cable modem with a FIXED ip address.
I can make the router see the internet (pings anything) by just adding the classic "ip route 0.0.0.0 0.0.0.0 (gateway´s ip address)"
The PCs can ping both of the router´s ethernet interfaces, but CANNOT go beyond that.
I know it´s a simple matter to solve (probably just another "ip route" command) and thus I thank you!
Cisco Internetwork Operating System Software
IOS (tm) 2500 Software (C2500-IS-L), Version 12.0(28c), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2005 by cisco Systems, Inc.
Compiled Wed 30-Mar-05 16:33 by pwade
Image text-base: 0x0303E2D4, data-base: 0x00001000
ROM: System Bootstrap, Version 11.0(10c), SOFTWARE
BOOTFLASH: 3000 Bootstrap Software (IGS-BOOT-R), Version 11.0(10c), RELEASE SOFTWARE (fc1)
189-57-241-178 uptime is 19 hours, 52 minutes
System restarted by reload
System image file is "flash:c2500-is-l.120-28c.bin"
cisco 2500 (68030) processor (revision L) with 6144K/2048K bytes of memory.
Processor board ID 05689092, with hardware revision 00000000
Bridging software.
X.25 software, Version 3.0.0.
2 Ethernet/IEEE 802.3 interface(s)
2 Serial network interface(s)
32K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash (Read ONLY)
Configuration register is 0x2102
Solved! Go to Solution.
12-02-2009 12:36 PM
galongagalonga wrote:
No, I do not own the address 189.57.etc
But since I´m a total ******* when it comes to routing I guess that means I did not know I just can´t use that address and have to retort to the 192.168....blablabla
Actually, I did try that as well with the same results, but I can do it again and let you know in a coupla minutes
You do own the 201.17.6.x addressing though right ?
Assuming your internal addressing for PCs was changed to 192.168.1.0/24 your config should look like
int eth0
ip address 192.168.1.1 255.255.255.0
ip nat inside
int eth1
ip address 201.17.6.16 255.255.255.0
ip nat outside
ip nat inside source list 101 interface eth1 overload
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
Jon
12-02-2009 11:51 AM
galongagalonga wrote:
Hi everyone
I have a 2514 and I´m using both ethernet ports (config below).
One is attached to the LAN and the other to a cable modem with a FIXED ip address.
I can make the router see the internet (pings anything) by just adding the classic "ip route 0.0.0.0 0.0.0.0 (gateway´s ip address)"
The PCs can ping both of the router´s ethernet interfaces, but CANNOT go beyond that.
I know it´s a simple matter to solve (probably just another "ip route" command) and thus I thank you!
Cisco Internetwork Operating System Software
IOS (tm) 2500 Software (C2500-IS-L), Version 12.0(28c), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2005 by cisco Systems, Inc.
Compiled Wed 30-Mar-05 16:33 by pwade
Image text-base: 0x0303E2D4, data-base: 0x00001000ROM: System Bootstrap, Version 11.0(10c), SOFTWARE
BOOTFLASH: 3000 Bootstrap Software (IGS-BOOT-R), Version 11.0(10c), RELEASE SOFTWARE (fc1)189-57-241-178 uptime is 19 hours, 52 minutes
System restarted by reload
System image file is "flash:c2500-is-l.120-28c.bin"cisco 2500 (68030) processor (revision L) with 6144K/2048K bytes of memory.
Processor board ID 05689092, with hardware revision 00000000
Bridging software.
X.25 software, Version 3.0.0.
2 Ethernet/IEEE 802.3 interface(s)
2 Serial network interface(s)
32K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash (Read ONLY)Configuration register is 0x2102
If the PCs are using private addressing then have you set up NAT on the router. You will need to because private addressing is not routable on the Internet.
Can you post router config and also the addressing used by the PCs.
Jon
12-02-2009 12:04 PM
Yes, I know that in order to be able to use intranet numbers such as (192.168.0.1-255) it´s necessary to use NAT.
But I tried with both IP intranet numbers (using the commands ip nat inside etc) and regular IP numbers and got the same results: the router can ping everyone, but the internet users can only ping both ethernet ports and do not even reach the default gateway
12-02-2009 12:19 PM
galongagalonga wrote:
Yes, I know that in order to be able to use intranet numbers such as (192.168.0.1-255) it´s necessary to use NAT.
Good, glad to hear it
Now could you post details as per last post ie. config + pc addressing.
Jon
12-02-2009 12:19 PM
The PC that I want to access the internet has an IP number of 189.57.231.227 mask 255.255.255.0 and a gateway 189.57.231.22
The 2514 has the following configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router
!
!
ip subnet-zero
!
!
!
interface Ethernet0
ip address 189.57.231.225 255.255.255.248
no ip directed-broadcast
!
interface Ethernet1
ip address 201.17.6.16 255.255.255.0
no ip directed-broadcast
!
interface Serial0
no ip address
no ip directed-broadcast
no ip mroute-cache
shutdown
no fair-queue
!
interface Serial1
no ip address
no ip directed-broadcast
shutdown
!
ip classless
ip route 0.0.0.0 0.0.0.0 201.17.6.1
!
!
line con 0
transport input none
line aux 0
line vty 0 4
!
end
12-02-2009 12:28 PM
galongagalonga wrote:
The PC that I want to access the internet has an IP number of 189.57.231.227 mask 255.255.255.0 and a gateway 189.57.231.22
The 2514 has the following configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router
!
!
ip subnet-zero
!
!
!
interface Ethernet0
ip address 189.57.231.225 255.255.255.248
no ip directed-broadcast
!
interface Ethernet1
ip address 201.17.6.16 255.255.255.0
no ip directed-broadcast
!
interface Serial0
no ip address
no ip directed-broadcast
no ip mroute-cache
shutdown
no fair-queue
!
interface Serial1
no ip address
no ip directed-broadcast
shutdown
!
ip classless
ip route 0.0.0.0 0.0.0.0 201.17.6.1
!
!
line con 0
transport input none
line aux 0
line vty 0 4
!
end
Firstly, have these addresses been allocated to you ie. both public on eth0 and eth1 ?
I suspect the issue is that there is no route back to your LAN addressing. So when you ping from the router itself it works because the router uses the source address of eth1. Try doing an extended ping on the router using the source ip on eth0 and see if ping works.
If the 189.57 addressing has been allocated to you then you can either -
1) Nat them to the eth1 ip address
OR
2) add a route to the next hop device ie. 201.17.6.1 for your LAN addressing pointing back to 201.17.6.16
if you don't own the 189.57 addressing you only have the choice of natting your LAN addresses to eth1
You say you have tried NAT already, what was the config you tried ?
Jon
12-02-2009 12:33 PM
No, I do not own the address 189.57.etc
But since I´m a total dumbass when it comes to routing I guess that means I did not know I just can´t use that address and have to retort to the 192.168....blablabla
Actually, I did try that as well with the same results, but I can do it again and let you know in a coupla minutes
12-02-2009 12:36 PM
galongagalonga wrote:
No, I do not own the address 189.57.etc
But since I´m a total ******* when it comes to routing I guess that means I did not know I just can´t use that address and have to retort to the 192.168....blablabla
Actually, I did try that as well with the same results, but I can do it again and let you know in a coupla minutes
You do own the 201.17.6.x addressing though right ?
Assuming your internal addressing for PCs was changed to 192.168.1.0/24 your config should look like
int eth0
ip address 192.168.1.1 255.255.255.0
ip nat inside
int eth1
ip address 201.17.6.16 255.255.255.0
ip nat outside
ip nat inside source list 101 interface eth1 overload
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
Jon
12-02-2009 12:48 PM
THANK YOU THANK YOU THANK YOU THANK YOU THANK YOU THANK YOU THANK YOU THANK YOU THANK YOU THANK YOU THANK YOU THANK YOU THANK YOU THANK YOU THANK YOU THANK YOU THANK YOU THANK YOU THANK YOU THANK YOU THANK YOU THANK YOU THANK YOU THANK YOU THANK YOU THANK YOU THANK YOU THANK YOU THANK YOU THANK YOU THANK YOU THANK YOU THANK YOU THANK YOU THANK YOU THANK YOU THANK YOU THANK YOU THANK YOU THANK YOU THANK YOU THANK YOU!!!!!!!!!!!!!!!!!
(SOB) BOHOOOOO (TEARS)
12-02-2009 12:52 PM
I take it that it's working now then
Glad to have helped.#
Jon
12-02-2009 01:11 PM
Yes it is and I thank you again.
I get the feeling the problem was the lack of the "access-list 101 permit ip 192.168.1.0 0.0.0.255 any" command
my gut tells me that cisco products policy are "you can´t do jack unless you especifically allow so", which is nice for security but sucks if you are a newbie
tomorrow I´m going to try to connect the serial port as well (have 2 internet connections): hope I can count on your support should you be around ok?
12-02-2009 01:19 PM
galongagalonga wrote:
Yes it is and I thank you again.
I get the feeling the problem was the lack of the "access-list 101 permit ip 192.168.1.0 0.0.0.255 any" command
my gut tells me that cisco products policy are "you can´t do jack unless you especifically allow so", which is nice for security but sucks if you are a newbie
tomorrow I´m going to try to connect the serial port as well (have 2 internet connections): hope I can count on your support should you be around ok?
The acl as you probably realised is what tells the router which packets to NAT. Without that having "ip nat inside" and "ip nat outside" configured wasn't actually doing anything.
It certainly can be a steep learning curve if your'e new to Cisco products
I'll be glad to help out if i'm around but the good news is that there are loads of people on these forums that can do the same so you should be able to get help no matter.
If you do need help make sure you post the config you are working with as this saves both you and the people who might answer some time.
Jon
12-05-2009 12:44 PM
ok I´m back (this time with another moniker as cisco´s site keeps deleting mine)
This time I´ve also set up the serial connection in order to allow 2 connections to the internet (one cable and the other optic)
The config is as follows:
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router
!
enable password abc123
!
ip subnet-zero
!
!
!
interface Ethernet0
ip address 192.168.1.1 255.255.255.0
no ip directed-broadcast
ip nat inside
!
interface Ethernet1
ip address 201.17.6.16 255.255.255.0
no ip directed-broadcast
ip nat outside
!
interface Serial0
ip address 189.57.241.178 255.255.255.252
no ip directed-broadcast
no ip mroute-cache
no fair-queue
!
interface Serial1
no ip address
no ip directed-broadcast
shutdown
!
ip nat inside source list 101 interface Ethernet1 overload
ip nat inside source static tcp 192.168.1.21 80 201.17.6.16 80 extendable
ip nat inside source static tcp 192.168.1.21 21 201.17.6.16 21 extendable
ip nat inside source static tcp 192.168.1.21 25 201.17.6.16 25 extendable
ip nat inside source static tcp 192.168.1.21 110 201.17.6.16 110 extendable
ip nat inside source static tcp 192.168.1.21 5060 201.17.6.16 5060 extendable
ip nat inside source static tcp 192.168.1.21 65000 201.17.6.16 65000 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 201.17.6.1
!
!
ip access-list extended WebServer
permit tcp any host 201.17.6.16 eq www
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
!
line con 0
password abc123
login
transport input none
line aux 0
line vty 0 4
password abc123
login
The router is a 2514 with the following config:
Cisco Internetwork Operating System Software
IOS (tm) 2500 Software (C2500-IS-L), Version 12.0(28c), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2005 by cisco Systems, Inc.
Compiled Wed 30-Mar-05 16:33 by pwade
Image text-base: 0x0303E2D4, data-base: 0x00001000
ROM: System Bootstrap, Version 11.0(10c), SOFTWARE
BOOTFLASH: 3000 Bootstrap Software (IGS-BOOT-R), Version 11.0(10c), RELEASE SOFT
WARE (fc1)
Router uptime is 19 minutes
System restarted by power-on
System image file is "flash:c2500-is-l.120-28c.bin"
cisco 2500 (68030) processor (revision L) with 6144K/2048K bytes of memory.
Processor board ID 05689092, with hardware revision 00000000
Bridging software.
X.25 software, Version 3.0.0.
2 Ethernet/IEEE 802.3 interface(s)
2 Serial network interface(s)
32K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash (Read ONLY)
Configuration register is 0x2102
I can´t seem to make both work. It only accesses through the cable and it seems that after a while it loses connection so I have to reboot the router (rebooting the cable modem will not do the trick)
I really tried everything because I hate bothering others, but newbies + cisco = trouble!
12-05-2009 03:50 PM
ok I´m back (this time with another moniker as cisco´s site keeps deleting mine)
This time I´ve also set up the serial connection in order to allow 2 connections to the internet (one cable and the other optic)
The config is as follows:
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router
!
enable password abc123
!
ip subnet-zero
!
!
!
interface Ethernet0
ip address 192.168.1.1 255.255.255.0
no ip directed-broadcast
ip nat inside
!
interface Ethernet1
ip address 201.17.6.16 255.255.255.0
no ip directed-broadcast
ip nat outside
!
interface Serial0
ip address 189.57.241.178 255.255.255.252
no ip directed-broadcast
no ip mroute-cache
no fair-queue
!
interface Serial1
no ip address
no ip directed-broadcast
shutdown
!
ip nat inside source list 101 interface Ethernet1 overload
ip nat inside source static tcp 192.168.1.21 80 201.17.6.16 80 extendable
ip nat inside source static tcp 192.168.1.21 21 201.17.6.16 21 extendable
ip nat inside source static tcp 192.168.1.21 25 201.17.6.16 25 extendable
ip nat inside source static tcp 192.168.1.21 110 201.17.6.16 110 extendable
ip nat inside source static tcp 192.168.1.21 5060 201.17.6.16 5060 extendable
ip nat inside source static tcp 192.168.1.21 65000 201.17.6.16 65000 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 201.17.6.1
!
!
ip access-list extended WebServer
permit tcp any host 201.17.6.16 eq www
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
!
line con 0
password abc123
login
transport input none
line aux 0
line vty 0 4
password abc123
login
Okay, first things first - do you own the address on your serial interface
Assuming you do there are a couple of things you need to add to your config
1) you need an "ip nat outside" statement under the serial interface ie.
int serial0
ip nat outside
2) You only have one default route on our router pointing to 201.17.6.1 so it will only ever use that link. You need to add another default route so the router will alternate between the -
ip route 0.0.0.0 0.0.0.0 189.57.241.77
Also bear in mind, your static NATs use 201.17.6.16 so any inbound traffic to your servers will use that link.
Jon
12-05-2009 03:51 PM
oops !
you also need another nat line ie.
ip nat inside source list 101 interface serial0 overload
Jon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide