cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
21032
Views
28
Helpful
14
Replies

Setting up NAT between 2 routers to access internet.

AlexALawdie
Level 1
Level 1

Heya, Im having issues setting up my routers ( self learning before the CCNA and uni course comes along ).

On to the topic, The issue I have is that I want to hook multiple devices up to my switch and then run it through my public IP for the internet, I have tried setting up NAT on both routers ( which appears to fail ). The internet is supplied via Ethernet which results in me having to chain 2 routers via serial to allow me to plug a switch into the network.

The primary router ( the one connected to the internet) is able to ping the outside world fine however anything found later in the network is unable to access any of the internet.

Im not the best at explaining this so ill attach an image to this post explaining the layout of the network.

(Note im limited to 1 FA and 1 Serial connection in both routers and the internet must come via FA)

Many Thanks,

Alex

1 Accepted Solution

Accepted Solutions

Hi,

the NAT must be done on the router connected to ISP 

Do this:

r1: attached to ISP

ip dhcp excluded-address 192.168.0.1

no ip dhcp conflict logging

ip dhcp pool mypool

import all

network 192.168.0.0 255.255.255.0

default-router 192.168.0.1

int s0/0

ip nat inside

int f0/0

ip nat outside

r2:attached tp PCs

ip route 0.0.0.0 0.0.0.0 10.0.0.1

int f0/0

ip helper-address 10.0.0.1

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

View solution in original post

14 Replies 14

AhmedSonba
Level 1
Level 1

Hello Alex,

Let's assume the following R1 is the router that is connecting to the internet via FastEthernet R2 is the the Router that is connecting to R1 from one side and to the LAN from the other side so you will need to do the following :

First on R1 you need to do a default route that points to the interent

IP route 0.0.0.0  0.0.0.0 fastethernet 0/0

and then you will need a static route that points back to your LAN network like the following

ip route 192.168.0.0 255.255.255.0 serial 0/0 which is the Serial interface that is conneting you to R2

now on R2 you willl need to add a Default route like this

ip route 0.0.0.0 0.0.0.0 serial 0/0 " which is the interface that is connecting you to R1 "

and you will need to add an access list for the LAN ip network

access-list 1 permit 1192.168.0.0  0.0.0.255

ip nat inside source list 1 interface serial 0/0 overload

ip classless

and I think you will be done

Please try it and let me now if you faced any problems

Hope it will help

Ahmed Sonba        

I would configure it slightly differently.

On R1:

!

int s0/0

ip nat inside

!

int fa0/0

ip nat outside

!

ip nat inside source list 101 interface fa0/0 overload

!

access-list 101 permit ip 192.168.0.0 0.0.0.255 any

!

ip route 0.0.0.0 0.0.0.0 fa0/0

ip route 192.168.0.0 255.255.255.0 ser0/0

On R2:

!

ip route 0.0.0.0 0.0.0.0 ser0/0

Hello Vineet,

Yes it will work also Since its the same but up side down

Hi,

I would not configure the default static route with the outgoing interface but rather with the next-hop because if the other side has got proxy-arp disabled it won't work with the outgoing interface and anyway it's best to use the next-hop when  the outgoing interface is multiaccess.

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

Alain,

Do you mean change ip route 0.0.0.0 0.0.0.0 fa0/0 on R1? If yes, then he can't know the next hop address because it's using DHCP?

Also I didn't understand why is it better to use next hop rather than an interface.

Regards,

Haji

Hi,

DHCP should advertise the default route and next-hop with an AD of 254 so technically there isn't no need for any manually configured default static route in this case but  I prefer to set the AD to 1 and see it appear in the running-config so I would do following in this case:

no ip route 0.0.0.0 0.0.0.0 f0/0

ip route 0.0.0.0 0.0.0.0 dhcp

Concerning the outgoing interface:

static routes pointing multiaccess interfaces like ethernet or Frame-Relay physical or multipoint subinterface should always point towards the next-hop.This is because of the way  the router treats the routes pointing towards interface vs next-hop.

in former case it will consider all destinations as reachable out this link and will in case of ethernet arp request for every destinations, if the next-hop router is not doing proxy-arp it won't work and if it supports it then you'll have a large arp cache, you will have a lot of broadcast on your link and it will consume more CPU. For Frame-relay it will never work because there is no such thing as proxy InARP( at least on Cisco devices).

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

Amazing. Thanks for info.

AlexALawdie
Level 1
Level 1

Thanks for the suggestions but im still having issues chances are im missing something really obvious, so ill attach both config files for router 1 and 2

https://dl.dropbox.com/u/44896033/configs.txt

Hi,

The serial link between your routers must be  on an IP subnet: so configure an IP address on both ends

eg: 10.0.0.0/30 ---> 10.0.0.1 255.255.255.252  and 10.0.0.2 255.255.255.252

also remove the static default pointing to outgoing fastethernet and replace by one pointing to ip next-hop

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

AlexALawdie
Level 1
Level 1

Really appeciate the help you are all giving me however it still appears im having issues, so im guessing it is something to do with the connection containing the internet.

Bascially the router's are able to ping the DHCP address asigned on the internet port, the main router directly connected to the internet is able to connect to ip addresses on the internet ( using 8.8.8.8 as an example connection ) however the internal router  and the PC's located on the lan are unable to get further the IP address asigned by the ISP.

Updated configs:

https://dl.dropbox.com/u/44896033/configs.txt

Many Thanks

Why are you connecting the two routers via serial and adding more complication to it?  If they are both your routers then configure HSRP or GLBP on them and then connect them to the switch.

i don't know how to configure that

 

Hi,

the NAT must be done on the router connected to ISP 

Do this:

r1: attached to ISP

ip dhcp excluded-address 192.168.0.1

no ip dhcp conflict logging

ip dhcp pool mypool

import all

network 192.168.0.0 255.255.255.0

default-router 192.168.0.1

int s0/0

ip nat inside

int f0/0

ip nat outside

r2:attached tp PCs

ip route 0.0.0.0 0.0.0.0 10.0.0.1

int f0/0

ip helper-address 10.0.0.1

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

I can't connect Router R2 with Router R1 ISP , i need to send requests from Host B1 or else in that routers that are connected to the web server, but problem is that ISP router1 , doesnt know Router R2.  Router R1 is fine. Can you help me how to solve this problem

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: