02-19-2015 12:11 PM - edited 03-05-2019 12:50 AM
Greetings,
I have a cisco 1841 with is attached to the internet via ethernet.
From within the config on the router, i can ping servers on the internet.
However, from within the config, i can not perform a trace from the fast ethernet0/1(private side) to fast ethernet0/0 (public side).
It's as if there is no routing between the new nic cards.
If you can shine light on this issue, please do.
I have called cisco but the unit is eol so my contract has been dropped as of the end of 2014.
02-19-2015 12:34 PM
Are you just trying to get access for clients to the internet ?
Or do you have access and you are just trying to traceroute from one interface to the other (for some reason).
If it access to the internet for clients can you post your config.
Jon
02-19-2015 01:36 PM
interface FastEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$
ip address 64.223.xx 255.255.255.252
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 10.171.15.11 255.255.255.0
ip nat inside
no ip virtual-reassembly
duplex auto
speed auto
!
ip local pool ippool 10.173.174.4 10.173.174.35
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 64.223.x.x
!
!
ip http server
ip http access-class 23
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat pool net64 172.16.151.100 172.16.151.254 netmask 255.255.255.0
ip nat outside source list 1 pool net64 add-route
!
access-list 1 permit 64.223.x.x 0.0.0.255
!
02-19-2015 01:39 PM
Are you trying to give access to the internet for your 172.16.151.x clients ?
If so you have the NAT the wrong way round.
Can you clarify (as i have already asked) what you are trying to do ?
Jon
02-19-2015 01:43 PM
i'm giving access to the internet to the 10.171.15.11 users.
02-19-2015 01:57 PM
Okay for internet access for your 10.171.15.x clients you need to add these lines -
access-list 101 permit ip 10.171.15.0 0.0.0.255 any
ip nat inside source list 101 interface fa0/0 overload
you can use a standard acl if you like instead of an extended one, I just always use extended acls.
I'm not sure what all this configuration is meant to be doing -
ip local pool ippool 10.173.174.4 10.173.174.35
ip nat pool net64 172.16.151.100 172.16.151.254 netmask 255.255.255.0
ip nat outside source list 1 pool net64 add-route
!
access-list 1 permit 64.223.x.x 0.0.0.255
was this all just to try and get the internet access working ?
If so you can remove it all as it isn't needed.
If you are trying to do something else as well then please let me know as we may need to modify the configuration.
Jon
02-19-2015 02:02 PM
i'll email you a beer.
thanks
02-20-2015 09:32 AM
one last question... i hope
i have established a vpn tunnel on this router.
the tunnel come up but it reports the public ip address to the remote user not the tunnel ip address.
a tunnel ip has been assigned to the remote user from the pool.
however, if i ping the server at the end of the tunnel, the ping shows the public ip of the router.
if i perform a tracert to the server at the end of the tunnel, each hope shows the public ip address.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide