NAT configration

nbnamp · ‎02-20-2017

Hello

Can you help me with an issue with my home setup?

Here is the setup:

Internet SP router <---> R2 Cisco 1841 <---> R3 WiFi :

R1 (192.168.2.1/24) <---> R2 (192.168.2.200/24) F0/0 <--> R2 (192.168.3.220/24) F0/1 <--> R2 (192.168.1.1/24)

no config change allowed on the SP R1

R2 has basic inside/ outside NAT attached config file

R3 simple config for wifi

Issue host C in the network diagram is not able to connect to any of the internal subnets 192.168.1.0 or 192.168.3.0

i think it is related to the NAT config on cisco router:

!
interface FastEthernet0/0
description ++++TOBELLRT-WAN++++
ip address 192.168.2.220 255.255.255.0
ip nat outside
duplex auto
speed auto
!
interface FastEthernet0/1
description ++++LAN++++
ip address 192.168.3.220 255.255.255.0
ip nat inside
duplex auto
speed auto

!

ip route 0.0.0.0 0.0.0.0 192.168.2.1

!
ip nat inside source list 100 interface FastEthernet0/0 overload
!
access-list 100 permit ip any any
!
!

full config file is attached

Please help

Thanks

ik

Georg Pauwen · ‎02-20-2017

Hello,

post the config of the service provider router as well.

nbnamp · ‎02-20-2017

Hi George

I cannot, I dont have access to the SP router to pull the config file.. it is a new router from Bell Canada ( Home Hub 3000)

https://www.bell.ca/Bell_Internet/HomeHub3000

https://discourse.pi-hole.net/t/bell-home-hub-3000-setup-problems/1012

Georg Pauwen · ‎02-20-2017

Hello,

Host C has IP address 192.168.2.222, the same address range is used for the link between the service provider router and your Cisco 1841. Do you know how the file server is connected to the SP router ?

So host A and B ping ping C ? What is the output of a traceroute from Host C to F0/0 ?

nbnamp · ‎02-20-2017

Hi George

Host C is connected via cable to SP router..

host A and B can ping C but C can only ping F0/0 of cisco router..

Tracert F0/0

+++++++++++++++++++++++++++++++++++++

C:\Users\user>tracert 192.168.2.220

Tracing route to 192.168.2.220 over a maximum of 30 hops

1 * * * Request timed out.
2 <1 ms <1 ms <1 ms 192.168.2.220

Trace complete.

C:\Users\user>

+++++++++++++++++++++++++++++++++++++

I also added 2 static routes to host C to tell him to use F0/0 to reach the other 2 subnets

route add 192.168.1.0 255.255.255.0 192.168.2.220

route add 192.168.3.0 255.255.255.0 192.168.2.220

but still host C goes to SP router to reach them:

Tracert 192.168.1.1

+++++++++++++++++++++++++++++++++++++

C:\Users\user>tracert 192.168.1.1

Tracing route to 192.168.1.1 over a maximum of 30 hops

1 * * * Request timed out.
2 1 ms <1 ms <1 ms SAGEMCOM [192.168.2.1]
3 2 ms 1 ms 1 ms loop0.6cw.ba17.aliant.net
]
4 * * * Request timed out.

+++++++++++++++++++++++++++++++++++++

Thanks

ik

Georg Pauwen · ‎02-20-2017

Hello,

if A and B can ping C, then there must be a route back from C to A and B. What does a traceroute from A or B to C show ?

nbnamp · ‎02-20-2017

Hi Georg

this is the tracert from A

C:\Users\user>tracert 192.168.2.222

Tracing route to 192.168.2.222

over a maximum of 30 hops:

1 1 ms <1 ms <1 ms unknown [192.168.1.1]

2 1 ms 1 ms 1 ms 192.168.3.220

3 1 ms 1 ms 1 ms 192.168.2.222

Trace complete.

same results from host B

Thanks

Iyas

Georg Pauwen · ‎02-20-2017

Hello,

weird traceroute to be honest, as the last hop is 192.168.3.220.

Either way, try to add the static routes below to Host C (the file server)

route add 192.168.1.0 255.255.255.0 192.168.3.220

route add 192.168.3.0 255.255.255.0 192.168.3.220

nbnamp · ‎02-20-2017

Hi George, I tried that.. it didnt work!!

any other thoughts?

thanks

Georg Pauwen · ‎02-21-2017

Hello,

looking at your setup again, I think the only way to get this to work is to put your Bell Home Hub in bridge mode (Networking --> DMZ), and to then configure the Cisco with a dialer. You probably have to spoof the MAC address of the Bell. The config would look something like this:

interface FastEthernet0/0
description ++++TOBELLRT-WAN++++
mac-address aaaa.bbbb.cccc
no ip address
duplex auto
speed auto

interface FastEthernet0/1
description ++++LAN++++
ip nat inside
ip address 192.168.3.220 255.255.255.0
duplex auto
speed auto

interface FastEthernet0.35
encapsulation dot1Q 35
pppoe enable group global
pppoe-client dial-pool-number 1

interface Dialer1
description ++++TOBELL_PPPOE++++
mtu 1492
ip dhcp client default-router distance 5
ip address negotiated
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication pap callin
ppp chap hostname belluser@bell.ca
ppp chap password
ppp chap refuse
ppp pap sent-username belluser password
ppp ipcp route default
ppp ipcp address accept
no cdp enable

ip route 0.0.0.0 0.0.0.0 Dialer1

ip nat inside source list 1 interface Dialer1 overload

access-list 1 permit 192.168.0.0 0.0.255.255

dialer-list 1 protocol ip permit

nbnamp · ‎02-21-2017

Hi Georg

i don't have the username and password for pppoe I wil, have to request them from Bell and try it

in them meantime I'm going to try connecting host A on the SP router subnet and ping host B.. maybe the issue is with The file server (host c)

thanks

paul driver · ‎02-20-2017

Hello
File server
Looks like the SP rtr interface, files server and Cisco 1841 are on the same broadcast segment so if file servers default-gateway isnt pointing to Cisco 1841 (192.168.2.220) fa0/0 then connection will be failing as the Cisco 1841 nat global addressing is using this subnet.

FS

ip address 192.168.2.222

Subnet 255.255.255.0

default gateway 192.168.2.220

Cisco 1841
Also your nat acl is not correct - ip any any isnt recommended, change this to:

no access-list 100
access-list 100 permit 192.168.3.0 0.0.0.255
access-list 100 permit 192.168.1.0 0.0.0.255

Lastly this rtr require a route to the 192.168.1.0/24 (it can be either via static or via an IGP) and a default route towards the SP rtr.

res
Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

nbnamp · ‎02-20-2017

hi Paul

I changed the FS default gateway to 192.168.2.220

and I added the a static route on cisco 1841, it is now as follows:

ip route 0.0.0.0 0.0.0.0 192.168.2.1
ip route 192.168.1.0 255.255.255.0 192.168.3.1

no luck so far..

i think it has something to do the nat config , when I removed the IP NAT outside form F0/0 Host C started pinging to host A and B but they also lost internet connectivity and stopped pinging host C or SP router

any thoughts?

Thanks

paul driver · ‎02-21-2017

Hello

Humm this should work unless we are missing something!

As stated I see the SP-FS and Cisco1841 are on the same subnet but in your topology you have the FS and Cisco connecting to the SP router with having two interface connnections which isn't correct

So what and how are these connected together?

res

paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

nbnamp · ‎02-21-2017

Hi Paul

Both FS and Cisco 1841 are connected via cable to the SP router eth0 and eth1

thanks