cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
430
Views
0
Helpful
2
Replies

877 internal NATed subnet

                   Hi Guys,

My name is Paul and I work as a Junior Network Engineer for a small company based in South London. I have been tasked with adding a NATed subnet to our internal LAN (for testing purposes) which I have managed to achieve but I have run into a roadblock when trying to establish communications to the internet. From the NATed subnet, I can ping out to our office LAN and the ping reaches our Firewall (default gateway), but I am unable to go past that. For instance I am unable to ping to the google dns server (8.8.8.8) and from the server based on the NATed LAN, I cannot reach the web via Internet Explorer. I can ping all units in our office LAN from the NATed subnet with no issues. Would it be neccessary to configure port forwarding for http and ICMP to communicate with anything on the internet? Apolgies if this question sounds very simplistic - I am a bit of a networking noob so any advice would be greatly appreciated. Ps The router I have added internally is a Cisco 877. I can also post the configuration applied to the 877 if necessary.

Thanks very much for your help in advance.

Paul

2 Replies 2

Seb Rupik
VIP Alumni
VIP Alumni

Hi Paul,

Please can you provide the whole of the 877 config?

cheers,

Seb.

Hi Seb,

Thanks for your reply - sorry I have taken so long to respond, I was tasked with asnother project and have only just been able to return to this. the config of the 877 is as follows:

Router>en
Router#show run
Building configuration...

Current configuration : 3105 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
crypto pki trustpoint TP-self-signed-2633516328
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2633516328
revocation-check none
rsakeypair TP-self-signed-2633516328
!
!
crypto pki certificate chain TP-self-signed-2633516328
certificate self-signed 01
  3082023E 308201A7 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 32363333 35313633 3238301E 170D3032 30333031 30363530
  34395A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 36333335
  31363332 3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  81008940 7EB4F252 2A2D0051 79EF5CAC 1BE0B269 2E9E6D98 EEFFF523 4B757AA5
  08DC45FE B14D83E0 6F9EFE30 D233A93D 86C2490F DCFED0EB 7B8E0A6E 0DC8B1CB
  01F2BE72 C11CAB28 1378E6DC 63BB2685 68334B17 0091108F 0C54D3F2 51F7C526
  8DF829B7 D0AFCABD 0A446393 6FB7A536 158D0E65 BEF62F01 25BEBDA1 352B6687
  8D190203 010001A3 66306430 0F060355 1D130101 FF040530 030101FF 30110603
  551D1104 0A300882 06526F75 74657230 1F060355 1D230418 30168014 D1A22543
  81BBEE36 754E0914 1BC44D0B BB049C5C 301D0603 551D0E04 160414D1 A2254381
  BBEE3675 4E09141B C44D0BBB 049C5C30 0D06092A 864886F7 0D010104 05000381
  81007B59 03F96B8A 8A7EB5CB 36B4FB58 8131DE75 BCF08EC0 C40728F9 3BA29F64
  BFAFEA4A 0EBF7189 88F06E27 8D2CCF6B A91C71D0 3224D80A 476F1949 E9590FA1
  21E6A94B 306C4003 9AB78A2A 1E0B0BFF BAAFB516 51D7C394 20458AD7 5C438781
  64EFC576 916D9F1D 79CE2FB6 5CDE4253 66D97E6A 9F7DBC98 6270BF2D DE3A4F59 58C0
        quit
dot11 syslog
ip cef
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
no spanning-tree vlan 1
username ******** password 0 *********
!
!
archive
log config
  hidekeys
!
!
!
!
!
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
dsl operating-mode auto
!
interface FastEthernet0
switchport access vlan 2
!
interface FastEthernet1
!
interface FastEthernet2
switchport access vlan 2
!
interface FastEthernet3
!
interface Vlan1
ip address 172.16.0.104 255.255.255.0
ip nat outside
ip virtual-reassembly
!
interface Vlan2
ip address 10.2.122.1 255.255.255.128
ip nat inside
ip virtual-reassembly
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Vlan1
!
!
ip http server
ip http secure-server
ip nat inside source route-map ROUTE-MAP1 interface Vlan1 overload
!
access-list 100 remark IPSec Tunnel Rule
access-list 100 permit ip 10.2.122.0 0.0.0.127 172.16.0.0 0.0.0.255
access-list 100 permit ip 10.2.122.0 0.0.0.127 192.168.2.0 0.0.0.15
access-list 101 deny   ip 10.2.122.0 0.0.0.127 192.168.2.0 0.0.0.15
access-list 101 permit ip 10.2.122.0 0.0.0.127 any
!
!
!
route-map ROUTE-MAP1 permit 10
match ip address 101
!
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
login
!
scheduler max-task-time 5000
end

Since my last post I have discovered that we are unable to ping outside through our firewall (this is the way that the Firewall has been configured) but we but am still unable to get internet access through a web browser.

Thanks for your help,

paul

Review Cisco Networking for a $25 gift card