Hi Rick.

Thanks for the reply. My ISP router is a re badged Netgear wireless router on the private network 192.168.0.0 /24

unfortunately the GUI is very limited to what you can see is going on.

But surely the netgear router must be using NAT to translate the private network to the Web.

so my question was my Cisco 800 router its configured WAN port DHCP on the 192.168.0.0 network and my vlan 1 is on 192.168.1.0 /24 so the way i am thinking is why won't the NAT process  just work through the Netgear side of the network.

Thank you for the additional explanation which is helpful. I believe that this is what is going on. Your ISP router (Netgear) is configured to provide address translation for the network 192.168.0.0. So any IP packets arriving on its inside/private interface with source address of 192.16.0.x will be translated. But what about a packet that arrives with source address 192.168.1.x? If my understanding is correct then Netgear will not translate that. This is why you needed to do a translation on your 800 router. And when you introduce another network on the other 800 router (perhaps it might be 192.168.2.0?) then you will also need to provide translation for these addresses so that they will all look like 19.168.0.0 when they get to Netgear.

HTH

Rick

HI Rick. can i use Rip between the to Cisco routers rather than NAT

Thanks in advance 

I find this question puzzling. RIP is a routing protocol that advertises available networks/subnets. You certainly could use RIP so that the first 800 router knows about the networks/subnets used on the other router. NAT is about translating addresses. It does not have anything to do with what networks/subnets are available on other devices, but only deals with what addresses need to be translated. So the choice of how to know about available networks/subnets is not at all related to the choice of where to translate addresses.

So yes you certainly can use RIP to advertise what networks/subnets are reachable by which router. And you need to decide which device will be doing NAT. But the two things are quite separate.

HTH

Rick

Sorry for the puzzling question, i am just at a stage of confusion regarding routing internally and externally.

So what your saying every different network range address on different routers has to use NAT no mater were in the network they might be to access the web. see i was thinking it was the router facing the WAN side Only. 

Sorry for the daft questions.

i am just trying to solidify it in my own mined.    

I remember when I was a beginner and was trying to figure out things like this. I trust that you will continue to work on understanding these issues and that as you learn more they will get easier. First let us separate the consideration of routing and of nat. Routing is concerned with figuring out where various networks and subnets are and of identifying the best way to get to them. Within an enterprise network we generally know where the various networks and subnets are and can figure out the best way to reach them. The solution might use static routing but frequently uses a dynamic routing protocol. We generally do not know where the external networks are and use default routes to tell us how to get to them.

nat does not deal with where networks are or how to reach them. nat has to do with what addressing we need to use when we are going outside of our enterprise network. Let us start with a brief review about basics of IP addressing. We have public network addresses and private network addresses. Public network addresses are uniquely assigned to an enterprise. For example there is a class B network of 130.131.0.0 and there is only one enterprise that is entitled to use those addresses. Private addresses are different. There are thousands of enterprises that use network 192.18.1.0. If you were to send traffic into the Internet which had a source address of 192.168.1.56 it would be possible to send it to the destination but it would be impossible for the source to send a response (how do you know which of the thousands of networks using that address to send to). So enterprises that use private addresses need to use address translation which translates the source address (private address) to some public address that is associated with you. If you think about it that applies not only to the private network at the edge of your network, but applies to all of the private networks used in your network.

HTH

Rick

Hi Rick. Thanks for your detailed analysis, this must be frustrating for you.

So I get what your saying regarding public and Private address, and NAT needs to be in place on every private network address to get out on the web.

So going back to my issue on my Cisco routers.

Both routers are configured and do work independently by swapping them around. both fa4 Wan ports are configured to receive DHCP from the netgear router 192.168.0.0 and the Vlan1 on one Cisco router is on 192.168.1.0 and the other Cisco router Vlan1 192.168.2.0 Both Cisco routers are configured with a DHCP pool, with NAT enabled inside vlan1 and outside on the fa4 ports.

The routers do work independently but when i plug them together using a crossover cable from WAN fa4 to fa0 I am getting the addresses allocated by the DHCP pools on both routers and my PC i can allso ping from the IOS on both routers but i just cant get any internet access

Iv Been racking my brain for a while now and i must have configured the routers 20 times to see if i have missed something iv been watching YouTube and reading books on this subject but with no avail.

Rick am i missing something oblivious here.

Thanks for your time.       

To me it is fairly obvious but I understand that to you it is not obvious. So let me suggest something for you to do that I hope will help your understanding. Draw a diagram of your network. Show a PC connected to a router (or perhaps PC connected to switch connected to router if that is what is in your network). Show the first router connected to the second router. Show the second router connected to the Netgear provider device. Then on the drawing put in the various network/subnets that are assigned (PC to router is 192.168.2.0, router to router is 192.168.1.0, router to Netgear is 192.168.0.0, Netgear to Internet is some public address). Then think about where address translation is being done and about what is being translated. For starters you have address translation done on the Netgear and it is set up to translate any packet whose source address is 192.168.0.0 and to translate it to a public address. For now probably that is the only address translation being done.

Then using this drawing think about an IP packet generated by the PC and going to the Internet. Think about the source address of that packet as it goes through the network. When it is generated the source address is 192.168.2.x. Does anything change as it goes through the first router? (no it does not change) Then think what happens as it goes through the second router. Does it change? (no it does not change) Then think what happens as it goes through the Netgear? (this one may be a bit tricky for you - will the Netgear translate this address?? remember that Netgear is set up to translate source address of 192.168.0.x, so no it does not change as it goes through Netgear). So what is the source address of that packet as it goes into the Internet?

Think about what happens when that packet does get to its Internet destination. (it will get to the destination) That server in the Internet is trying to send a response to 192.168.2.x. But how can the server do this? It has no knowledge of where 192.168.2.0 is (and in fact there are thousands of networks using that address - so which one is the right one?).

For your packet from the PC to work it must have a source address of 192.168.0.0 when it gets to Netgear. And the logical place to do that is on the router that connects to Netgear. On that router you would want to set up address translation so that any packet with source address in 192.168.1.0 or in 192.168.2.0 is translated using the address that it learned on its interface connecting to Netgear.

HTH

Rick

Hi Rick, me again.

I have taken your advice on board. I have wrote down a topology. still can not get traffic access through the routers. I have taken the Nat out of router 2 and created a access list in router 1 of 192.168.2.x network. I have even tried creating a access list in router 2 nothing! do i need to bridge fa4 in router 2 to the vlan1 in R2. What is it i am missing here.

Please put me out of my misery here.

I can ping from my PC to the Netgear, so i am pinging through the network ok just no ip traffic.  

Since I do not know what you have done I can not know what you are missing. If it is not working the most likely explanations are either an issue in routing or an issue in address translation. Assuming that the topology is ISP connected to R1 and R1 connected to R2 then you should have the following subnets:

Internet

subnet connecting ISP to R1

perhaps a subnet connected on R1 for hosts

subnet connecting R1 to R2

subnet on R2 for hosts

If routing is configured correctly then the ISP has routing to reach the Internet and to reach R1.

R1 has routing to reach the Internet using the ISP and has routing for subnets on R2

R2 has routing to reach the Internet using R1 and has routing to reach subnets on R1.

You can verify if these are working by pinging from R1 and R2 to the various subnets (remember that one of the tests should be an extended ping on R2 to the subnet connecting R1 to ISP and in the extended ping specify that the source address is the interface for the user subnet)

For address translation I suggest that it should be done on R1 and should certainly translate the subnets where users are connected and perhaps should translate the subnet connecting R1 to R2.

I hope that these suggestions are enough for you to be able to get your configs to work. If not then post the complete config of both routers.

HTH

Rick

Hi Rick.

I Have figured it out, it was to do with the BVI in R1 because of the wireless interface Dot11Radio0

i couldn't and still can't route through the BV Interface, so i have switched the two routers around to make the wifi 800 router R2. I will have another Crack at it at some stage. 

I Am just looking into the VLAN Ideology at the moment seems pretty straight forward so far.

I am just up to the stage of trying to work out what the difference between just VLAN1, and Interface VLAN1 and what the differences actually are, so far iv realized and worked out that vlan1 is layer 2 and interface vlan1 is layer 3.

Thanks for all your help Rick.

Thanks for the update. I am glad that you figured out that the issue was about the BVI. I am not sure why you could not route through it and perhaps not so important now that you have switched the routers and they are working.

As for the concepts of vlan and vlan interface you are spot on. A vlan is a layer 2 implementation which can only process at layer 2. A vlan interface is the layer 3 capability to process the data passing through the vlan and providing access to networks outside of that vlan.

HTH

Rick

Hi Rick, Hope your well.

Well its been a year now. Iv been studing every day almost since we last spoke. I failed My CCNA in november... 730 points.

I have a new issue for you if you dont mined looking into it for me.

I have a DHCP pool configured on my Cisco router that is connected to a switch [3750]  then from the switch to my PlayStation.

I have three VLANs set up, and router on a stick configured on the router, this is probably not relevant.

when I staticly assign an ip address to my PlayStation the IP address does not show up in my DHCP bindings on the router.

I have looked in the obvious places to find the static bindings but with no luck.

Can you please help Rick.