one last question... i hopei

enorman · ‎02-19-2015

Greetings,

I have a cisco 1841 with is attached to the internet via ethernet.

From within the config on the router, i can ping servers on the internet.

However, from within the config, i can not perform a trace from the fast ethernet0/1(private side) to fast ethernet0/0 (public side).

It's as if there is no routing between the new nic cards.

If you can shine light on this issue, please do.

I have called cisco but the unit is eol so my contract has been dropped as of the end of 2014.

Jon Marshall · ‎02-19-2015

Are you just trying to get access for clients to the internet ?

Or do you have access and you are just trying to traceroute from one interface to the other (for some reason).

If it access to the internet for clients can you post your config.

Jon

enorman · ‎02-19-2015

interface FastEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$
ip address 64.223.xx 255.255.255.252
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 10.171.15.11 255.255.255.0
ip nat inside
no ip virtual-reassembly
duplex auto
speed auto
!
ip local pool ippool 10.173.174.4 10.173.174.35
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 64.223.x.x
!
!
ip http server
ip http access-class 23
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat pool net64 172.16.151.100 172.16.151.254 netmask 255.255.255.0
ip nat outside source list 1 pool net64 add-route
!
access-list 1 permit 64.223.x.x 0.0.0.255
!

Jon Marshall · ‎02-19-2015

Are you trying to give access to the internet for your 172.16.151.x clients ?

If so you have the NAT the wrong way round.

Can you clarify (as i have already asked) what you are trying to do ?

Jon

enorman · ‎02-19-2015

i'm giving access to the internet to the 10.171.15.11 users.

Jon Marshall · ‎02-19-2015

Okay for internet access for your 10.171.15.x clients you need to add these lines -

access-list 101 permit ip 10.171.15.0 0.0.0.255 any

ip nat inside source list 101 interface fa0/0 overload

you can use a standard acl if you like instead of an extended one, I just always use extended acls.

I'm not sure what all this configuration is meant to be doing -

ip local pool ippool 10.173.174.4 10.173.174.35

ip nat pool net64 172.16.151.100 172.16.151.254 netmask 255.255.255.0
ip nat outside source list 1 pool net64 add-route
!
access-list 1 permit 64.223.x.x 0.0.0.255

was this all just to try and get the internet access working ?

If so you can remove it all as it isn't needed.

If you are trying to do something else as well then please let me know as we may need to modify the configuration.

Jon

enorman · ‎02-19-2015

i'll email you a beer.

thanks

enorman · ‎02-20-2015

one last question... i hope

i have established a vpn tunnel on this router.

the tunnel come up but it reports the public ip address to the remote user not the tunnel ip address.

a tunnel ip has been assigned to the remote user from the pool.

however, if i ping the server at the end of the tunnel, the ping shows the public ip of the router.

if i perform a tracert to the server at the end of the tunnel, each hope shows the public ip address.

what appears to be a routing issue.