Re: Issue with ISP and Cisco 1841 router

rafabricant · ‎08-27-2013

I have a Cisco 1841 router and a Cisco 2950 switch. I am unable to get out of my network. I have ran various scripts and still no luck. Here are my Scripts maybe someone see what im missing. Thanks

Cisco 1841:

Int fa0/0

no shutdown

exit

int fa0/0.99

description Native VLAN 99

encapsulation dot1q 99 native

ip address 172.16.99.1 255.255.255.224

exit

int fa0/0.100

description Home-Network

encapsulation dot1q 100

ip address 172.16.100.1 255.255.255.0

ip nat inside

no snmp trap link-status

exit

int fa0/0.200

description Server

encapsulation dot1q 200

ip address 172.16.200.1 255.255.2550

ip nat inside

no snmp trap link-status

exit

int fa0/1

Description to Modem

ip address 192.168.1.2 255.255.255.0

ip nat inside

no snmp trap link-status

exit

ip route 0.0.0.0 0.0.0.0 192.168.1.1

ip nat inside source list home interface fastethernet0/1 overload

ip nat inside source list server interface fastethernet0/1 overload

Cisco 2950:

VLAN 100

name Home-Network

VLAN 200

name Server

VLAN 99

name Management

exit

int vlan 99

ip address 172.16.99.2 255.255.255.224

exit

int fa0/1

description Trunk to router

switchport mode trunk

exit

int range fa0/2 - 8

description Home-Network VLAN 100

switchport mode access

switchport access vlan 100

exit

int range fa0/9 - 12

description sales VLAN 200

switchport mode access

switchport access vlan 200

exit

paolo bevilacqua · ‎08-27-2013

Outside interface needs nat outside, not inside.

Note these are configurations not scripts.

rafabricant · ‎08-27-2013

ok thank you, I have switched int fa0/1 to ip nat outside but still can not get out of my network.

paolo bevilacqua · ‎08-27-2013

Use only one global NAT command and check related ACL.

rafabricant · ‎08-27-2013

I'm not sure if im following. On fa0/1 run the command of

ip nat outside source static 192.168.1.1 192.168.1.2

rafabricant · ‎08-27-2013

Here is my Run Command if this helps.

interface FastEthernet0/0

no ip address

duplex auto

speed auto

!

interface FastEthernet0/0.99

description Native VLAN 99

encapsulation dot1Q 99 native

ip address 172.16.99.1 255.255.255.224

!

interface FastEthernet0/0.100

description Home-Network

encapsulation dot1Q 100

ip address 172.16.100.1 255.255.255.0

ip nat inside

!

interface FastEthernet0/0.200

description Server

encapsulation dot1Q 200

ip address 172.16.200.1 255.255.255.0

ip nat inside

!

interface FastEthernet0/1

description to Modem

ip address 192.168.1.2 255.255.255.0

ip nat outside

duplex auto

speed auto

no snmp trap link-status

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 192.168.1.1

!

ip http server

ip nat inside source list home interface FastEthernet0/1 overload

ip nat inside source list server interface FastEthernet0/1 overload

!

control-plane

!

line con 0

login

line aux 0

line vty 0 4

login

!

scheduler allocate 20000 1000

end

rafabricant · ‎08-27-2013

access-list 101 permit tcp any any

access-list 101 permit udp any any

access-list 101 permit icmp any any

access-list 101 permit tcp any any established

access-list 101 permit tcp any any ack

access-list 101 permit tcp any any psh

access-list 101 permit udp any eq 53 any

access-list 101 permit tcp any eq53

i am unsure with acl, i have never done this before. please let me know if this is correct. and i am still unable to get outside my network.

paolo bevilacqua · ‎08-27-2013

Your best choice is to refer to documents or examples of which there are many.

rafabricant · ‎08-27-2013

I used my CCNA Portable Command guide and used the following commands but still nothing

ip nat pool home 192.168.1.1 192.168.1.2 netmask 0.0.0.255

access-list 1 permit 172.16.100.0 0.0.0.255

ip nat pool server 192.168.1.1 192.168.1.2 netmask 0.0.0.255

access-list 1 permit 192.16.200.0 0.0.0.255

ip route 0.0.0.0 0.0.0.0 192.168.1.1

ip nat inside source list home interface fastethernet0/1 overload

ip nat inside source list server interface fastethernet0/1 overload