Solved: Cisco 1841 not routing between interfaces - Page 2

Tom Johnson · ‎05-28-2015

I have a Cisco 1841 with FA0/0 and FA0/1. Both are connected to separate networks with different subnets . Each network has its own gateway to the internet. I am trying to configure the 1841 to separate traffic for both subnets so general internet traffic goes over one gateway and only certain subnets go over the other. So no matter which side you are on it will route properly. The catch, the gateways on both ends can NOT get any routes from the 1841. It has to stay hidden on the network. Obviously all PCs on both subnets will need to have the 1841 as their gateway. I have one side working, but the other does not. I have not setup any access-lists. Not sure what to use if I need them. Suspect I do for NAT to work properly. Here is the important part of my config (with the IPs changed to protect the innocent):

!
interface FastEthernet0/0
description Network C
ip address 192.168.20.120 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface FastEthernet0/1
description To Network P
ip address 10.10.10.120 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
shutdown
!
router eigrp 1
network 10.10.10.0
network 192.168.20.0
no auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.20.1
ip route 10.10.0.0 255.255.0.0 10.10.10.1
ip route 192.168.20.0 255.255.255.0 192.168.20.1
ip route 8.8.0.0 255.255.0.0 10.10.10.1
!
no ip http server
no ip http secure-server
!
control-plane

Basic Map:

PC1 - Switch - Router 10.10.10.1 -> Internet
             |
Router 1841 (between the switches)    FA0/0: 192.168.20.120    FA0/1: 10.10.10.120
             |
PC2 - Switch - Router 192.168.20.1 -> Internet

Desired Effect:
PC1 and PC2 should both go out over 192.168.20.1 for most all internet traffic.
PC1 and PC2 should only use 10.10.10.1 if destination is on 10.10.0.0 networks, or if specifically routed that way (as demonstrated with 8.8.0.0).
PC1 and PC2 will both have 1841 router as their gateway (with proper IP for each subnet)

What works:
Right now, PC2 routes right, seeing both networks. PC1 can ping the 192.168.20.120 interface but cannot access past it. Works fine on its own subnet.

I know it is not normal, but I have good reason to do it this way. Any thoughts on how to fix the configuration to make the routing work for both subnets as needed and keep the 1841 from advertising its routes to the other two routers?

Thanks!

Jon Marshall · ‎05-29-2015

Tom

No problem, I know that feeling myself :-)

Jon

Jon Marshall · ‎05-29-2015

One last point.

With the updated acl you won't be able to ping 192.168.20.1 which isn't an issue for internet connectivity.

If you want to be able to though, for testing, then just let me know.

Jon

Jon Marshall · ‎05-29-2015

Just an additional point -

before you make any decisions I don't understand -

1) why you needed to add EIGRP for it to route between the PC subnets ie. they are directly connected interfaces so you shouldn't need a dynamic routing protocol

2) I understand the static default route and the one for 8.8.8.0 and also the 10.10.0.0/16 route (sorry I misread the subnet mask originally) but not the 192.168.20.0/24 route.

Because it's still not clear you may want to fully understand what is happening currently before making any changes.

Jon