cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5981
Views
0
Helpful
5
Replies

Cisco 2821 Inter-Vlan Routing and IP NAT to ISP

Joe Carey
Level 1
Level 1

       Good day all,

I have just bought myself a Cisco 2821 ISR.

At present in my home I have a Cisco 2621XM. Fast Ethernet 0/0 is connected to a 3524XL as a trunk to provide my LAN with inter-vlan routing. it works great. Fast Ethernet 0/1 is connected to my ISP's cable modem and uses the command "Ip address dhcp" to get an IP and all other info from my ISP.

FA 0/1 is Ip nat outside and the FA 0/0 and all sub interface like 0/0.1 .24 .168 etc all ip nat inside.

I get intervlan routing and access to the internet via this router.

I have this 2821 to replace the 2621XM as I plan to run CME on it and want gigabit routing on my vlans as at the moment on the 2621 routing between vlans it at half duplex or seems to be.

I have configured the 2821 to ip nat outside on  gig 0/0 and ip nat inside on gig 0/1 and all of the sub interfaces (same setup as my 2621 but with gig ethernet)

I have no access to the internet at all but I can ping www.google.co.uk and other domain names from the terminal session when I am connected to the 2821 via the console or telnet/SSH. the gig 0/0 has an IP assigned from my ISP too but no other nodes on the network can ping outside.

Am I missing something here? the version of IOS is V 15.

My access list goes someting like

access-list 1 permit 10.0.0.0 0.255.255.255

access-list 1 permit 192.168.1.0 0.0.0.255

access-list 100 permit ip 10.0.0.0 0.255.255.255 any

access-list 100 permit ip 192.168.1.0 0.0.0.255 any

and so on

I still cannot access the internet.....

Can someone tell me if I am doing something wrong or if something has changed between v12.4 IOS and 15.

Many thanks in advance

5 Replies 5

John Blakley
VIP Alumni
VIP Alumni

Can you post the config?

HTH, John *** Please rate all useful posts ***

Sure config is as follows;

I have removed my user names ans secrets from it and also the HTTPS RSA key

Building configuration...

Current configuration : 4902 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
!
ip cef
!
!
ip domain name enfield.carey-systems.local
ip name-server 10.1.100.100
!
multilink bundle-name authenticated
!
!
voice-card 0
no dspfarm
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!

  quit
!
!

!
!
!
!
!
!
!
interface GigabitEthernet0/0
ip address dhcp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface GigabitEthernet0/1
no ip address
ip helper-address 10.1.100.100
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface GigabitEthernet0/1.1
encapsulation dot1Q 1 native
ip address 10.1.100.254 255.255.255.0
ip helper-address 10.1.100.100
ip nat inside
ip virtual-reassembly
!
interface GigabitEthernet0/1.24
encapsulation dot1Q 24
ip address 10.1.24.254 255.255.255.0
ip helper-address 10.1.100.100
ip nat inside
ip virtual-reassembly
!
interface GigabitEthernet0/1.168
encapsulation dot1Q 168
ip address 192.168.1.1 255.255.255.0
ip helper-address 10.1.100.100
ip nat inside
ip virtual-reassembly
!
interface GigabitEthernet0/1.224
encapsulation dot1Q 224
ip address 10.2.24.254 255.255.255.0
ip helper-address 10.1.100.100
ip nat inside
ip virtual-reassembly
!
!
!
ip http server
ip http authentication local
ip http secure-server
ip nat inside source list 1 interface GigabitEthernet0/0 overload
ip nat inside source list 2 interface GigabitEthernet0/0 overload
ip nat inside source static tcp 10.1.100.100 3389 interface GigabitEthernet0/0 3389
ip nat inside source static udp 10.1.100.100 80 interface GigabitEthernet0/0 80
ip nat inside source static tcp 10.1.100.100 80 interface GigabitEthernet0/0 80
ip nat inside source static tcp 10.1.100.100 443 interface GigabitEthernet0/0 443
ip nat inside source static udp 10.1.100.100 443 interface GigabitEthernet0/0 443
ip nat inside source static tcp 10.1.100.100 21 interface GigabitEthernet0/0 21
ip nat inside source static udp 192.168.1.254 5060 interface GigabitEthernet0/0 5060
ip nat inside source static udp 192.168.1.254 5004 interface GigabitEthernet0/0 5004
ip nat inside source static udp 192.168.1.254 10000 interface GigabitEthernet0/0 10000
ip nat inside source static udp 192.168.1.254 8006 interface GigabitEthernet0/0 8000
ip nat inside source static udp 192.168.1.254 8016 interface GigabitEthernet0/0 8016
ip nat inside source static tcp 10.1.100.100 2525 interface GigabitEthernet0/0 2525
!
access-list 1 permit 10.0.0.0 0.255.255.255
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 172.16.0.0 0.0.255.255
access-list 100 permit ip 10.0.0.0 0.255.255.255 any
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
access-list 101 permit ip 192.168.0.0 0.0.255.255 any
access-list 102 permit ip 10.0.0.0 0.255.255.255 any
access-list 102 permit ip 192.168.1.0 0.0.0.255 any
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
login local
transport input telnet ssh
line vty 5 15
login local
transport input telnet ssh
!
scheduler allocate 20000 1000
!
end

Router(config)#

BTW I downgraded last night from V15 to V12.4

I put my original 2621XM back online so I could get internet back and assigned G0/0 a DHCP 10.1.100.20/24 to that interface then assigned a static 172.16.32.0 address to G0/1 and connected my PC to that port and set the PC to 172.16.32.50 then created an access list and a default route of 0.0.0.0 0.0.0.0 10.1.100.30 and on the 2621 I added the 172.16.0.0 0.0.255.255 to the access-list and also a static route for 172.16.32.0 255.255.0.0 to 10.1.100.30 and natted inside and out on the correct interfaces on the 2821 and I was getting connection to the net and all accross my LAN from my pc and from other nodes on my network back to my pc.

Happy days.

When my wife doesn't mind me taking the internet down I will swap out the routers using the config I have just posted. if it works great! I will then upgrade back to V15 IOS and see if it still works!

Joseph

Hi Joe, in your config-file I noticed that your router dosn't know how to get to the next hoop, so you might be able to fix your transmission out to the internet with:

IP ROUTE     0.0.0.0      0.0.0.0   (ISP DNS IP)   OR  (ISP GATEWAY IP)

hope this helps,

Regards,

Willy

Hi Willy,

This is provided for me by my isp when the router is allocated an ip address by dhcp. I checked this by doing show ip route.

I have my router working now using the config I posted. I'm going to upgrade to version 15 tomorrow and see if it still works but so far I am happy.

I just need to get Callmanager express on it now and use my vic2-2fxo card for pstn

Thanks for your reply,

Joe

Review Cisco Networking for a $25 gift card