Hi guys, hope someone can help with this. I'm sure its very simple but the kit is in a remote site and I want to make sure I have it right before calling the onsite guy there tomorrow
The reason there are 2 x Cisco's is rather ridiculous. The ISP is unable to offer any NAT configuration on their Cisco 800 which is why we have had to introduce our own NAT friendly Cisco 1900 on the inside.
Would appreciate your thoughts :-)
I find it surprising that the ISP is unable to offer any NAT configuration on their 800 router. But if that is the case then using your own 1941 is an appropriate solution. On the 800 the connection would be on the inside interface and so is classified as LAN. On the 1941 they do not use classifications in quite the same way. But gig0/0 is the outbound interface and so in logical terms it would be WAN and gig0/1 is the inbound interface and so in logical terms it would be LAN. gig0/0 has its IP address and would need to be configured as the nat outside interface. gig0/1 would need an IP address in a different subnet, would need to be configured as nat inside and this would be where users etc are connected.
Hi Richard, thanks for your response. I've finally got around to doing this so hopefully it will work without major glitches. Unfortunately, it's something to do with their core routers but I've never seen this before. Regardless, this is what I have so far:
Cisco 800 has LAN address of 10.88.24.1 /24
ip nat pool BOATCLUB 10.88.24.20 10.88.24.254 netmask 255.255.255.0
ip nat inside source list 1 pool BOATCLUB
ip nat inside source static 184.108.40.206 10.88.24.15
ip route 172.18.0.0 255.255.0.0 220.127.116.11
How does that look to you?
There are several things in this to address:
- both interfaces are currently shutdown. That means they will not transmit or receive anything. You need to no shutdown on both interfaces.
- Gi0/1 has a secondary address but no primary address. Do you intend to have two IP addresses associated with this interface?
- the IP address assigned to Gi0/1 is a public IP address. It is not clear why you have a public IP here. Since you will be doing address translation I would have expected a private address.
- you have a pretty large pool of addresses for translation and they are in the subnet used by the ISP. Is this intentional? Does the ISP expect to receive traffic from that many addresses in this subnet?
Thanks for coming back
- I've put them in shutdown state for now, will enable them tomorrow morning
- That's a typo, GE-0/0 does not have a secondary address
This is the information I have received regarding the public IP, let's assume the 62 range is correct...
Proxy-server performs NAT for 172.18.0.0/24 network. This private network translates to real IP 18.104.22.168
So, the local network is 22.214.171.124 /24. The Cisco 1900 sees this network through Interface Gi0/1, which has an IP address from this it 126.96.36.199 /24 network
So does that mean I should be Natting the 172.18.0.0 /24 range?
I am glad that you are aware of the shutdown state and that it is intentional. I can only comment on what I see in the config since I have no information about your environment or about your plans.
I understand that the IP address is really primary and not secondary. I am still not understanding what is the intention for the LAN connected to Gi0/1. Are the devices connected in the LAN to be in network 172.18.0.0/24 and then to be translated to 188.8.131.52? Or are the connected devices in network 184.108.40.206? And if so then where is 172.18.0.0?
No worries, I do appreciate your feedback.
Yes you are right. The actual LAN is 172.18.0.0 /24 but is Natted by the local proxy to 220.127.116.11 /24
All PC's connected to Gi-0/1 will require Internet access via the Cisco 800's LAN (10.48.124.0 /24) hence the Natting on the Cisco 1900
Hopefully that makes sense :)
I'm having a problem at the moment in that I'm not learning routes for 10.88.24.0 /24
Would I need to add a route on the Cisco 1900 directing all traffic to Cisco 800 (10.88.24.1)?
Here are my current routes:
C 10.88.24.0/24 is directly connected, GigabitEthernet0/0
L 10.88.24.2/32 is directly connected, GigabitEthernet0/0
L 10.88.24.12/32 is directly connected, GigabitEthernet0/0
18.104.22.168/8 is variably subnetted, 2 subnets, 2 masks
C 22.214.171.124/24 is directly connected, GigabitEthernet0/1
L 126.96.36.199/32 is directly connected, GigabitEthernet0/1
S 172.18.0.0/16 [1/0] via 188.8.131.52
I am not clear what you are saying here. You say that you are not learning routes for 10.88.24.0. But the route table that you show clearly has an entry for 10.88.24.0. Is there an issue about 10.88.24.0?
You certainly do need a default route on the 1900 with the IP of the 800 as the next hop.
Hi Richard, thanks for that. I have a similar scenario again whereby the Cisco 800 is unable to do NAT. Do you think this would do the trick?
Cisco 800 interface: 10.88.20.2
ip address 10.88.20.1 255.255.255.0
no ip redirects
no ip proxy-arp
no cdp enable
ip address 172.16.24.133 255.255.255.252 secondary
ip address 192.168.28.1 255.255.252.0
no ip redirects
no ip proxy-arp
ip nat inside
ip virtual-reassembly in
ip forward-protocol nd
no ip http server
no ip http secure-server
ip nat pool BOWLA 10.88.20.60 10.88.20.200 netmask 255.255.255.0
ip nat inside source list 10 pool BOWLA
ip nat inside source static 192.168.188.12 10.88.20.11
ip nat inside source static 192.168.188.13 10.88.20.12
ip route 0.0.0.0 0.0.0.0 10.88.20.2
ip route 10.58.104.0 255.255.255.0 10.88.20.50
ip route 192.168.188.0 255.255.252.0 GigabitEthernet0/0 10.88.20.50