10-10-2012 04:25 PM - edited 03-07-2019 09:23 AM
Heya, Im having issues setting up my routers ( self learning before the CCNA and uni course comes along ).
On to the topic, The issue I have is that I want to hook multiple devices up to my switch and then run it through my public IP for the internet, I have tried setting up NAT on both routers ( which appears to fail ). The internet is supplied via Ethernet which results in me having to chain 2 routers via serial to allow me to plug a switch into the network.
The primary router ( the one connected to the internet) is able to ping the outside world fine however anything found later in the network is unable to access any of the internet.
Im not the best at explaining this so ill attach an image to this post explaining the layout of the network.
(Note im limited to 1 FA and 1 Serial connection in both routers and the internet must come via FA)
Many Thanks,
Alex
Solved! Go to Solution.
10-11-2012 10:25 AM
Hi,
the NAT must be done on the router connected to ISP
Do this:
r1: attached to ISP
ip dhcp excluded-address 192.168.0.1
no ip dhcp conflict logging
ip dhcp pool mypool
import all
network 192.168.0.0 255.255.255.0
default-router 192.168.0.1
int s0/0
ip nat inside
int f0/0
ip nat outside
r2:attached tp PCs
ip route 0.0.0.0 0.0.0.0 10.0.0.1
int f0/0
ip helper-address 10.0.0.1
Regards.
Alain
Don't forget to rate helpful posts.
10-10-2012 05:20 PM
Hello Alex,
Let's assume the following R1 is the router that is connecting to the internet via FastEthernet R2 is the the Router that is connecting to R1 from one side and to the LAN from the other side so you will need to do the following :
First on R1 you need to do a default route that points to the interent
IP route 0.0.0.0 0.0.0.0 fastethernet 0/0
and then you will need a static route that points back to your LAN network like the following
ip route 192.168.0.0 255.255.255.0 serial 0/0 which is the Serial interface that is conneting you to R2
now on R2 you willl need to add a Default route like this
ip route 0.0.0.0 0.0.0.0 serial 0/0 " which is the interface that is connecting you to R1 "
and you will need to add an access list for the LAN ip network
access-list 1 permit 1192.168.0.0 0.0.0.255
ip nat inside source list 1 interface serial 0/0 overload
ip classless
and I think you will be done
Please try it and let me now if you faced any problems
Hope it will help
Ahmed Sonba
10-10-2012 06:03 PM
I would configure it slightly differently.
On R1:
!
int s0/0
ip nat inside
!
int fa0/0
ip nat outside
!
ip nat inside source list 101 interface fa0/0 overload
!
access-list 101 permit ip 192.168.0.0 0.0.0.255 any
!
ip route 0.0.0.0 0.0.0.0 fa0/0
ip route 192.168.0.0 255.255.255.0 ser0/0
On R2:
!
ip route 0.0.0.0 0.0.0.0 ser0/0
10-10-2012 06:13 PM
Hello Vineet,
Yes it will work also Since its the same but up side down
10-10-2012 11:15 PM
Hi,
I would not configure the default static route with the outgoing interface but rather with the next-hop because if the other side has got proxy-arp disabled it won't work with the outgoing interface and anyway it's best to use the next-hop when the outgoing interface is multiaccess.
Regards.
Alain
Don't forget to rate helpful posts.
10-11-2012 04:32 AM
Alain,
Do you mean change ip route 0.0.0.0 0.0.0.0 fa0/0 on R1? If yes, then he can't know the next hop address because it's using DHCP?
Also I didn't understand why is it better to use next hop rather than an interface.
Regards,
Haji
10-11-2012 05:14 AM
Hi,
DHCP should advertise the default route and next-hop with an AD of 254 so technically there isn't no need for any manually configured default static route in this case but I prefer to set the AD to 1 and see it appear in the running-config so I would do following in this case:
no ip route 0.0.0.0 0.0.0.0 f0/0
ip route 0.0.0.0 0.0.0.0 dhcp
Concerning the outgoing interface:
static routes pointing multiaccess interfaces like ethernet or Frame-Relay physical or multipoint subinterface should always point towards the next-hop.This is because of the way the router treats the routes pointing towards interface vs next-hop.
in former case it will consider all destinations as reachable out this link and will in case of ethernet arp request for every destinations, if the next-hop router is not doing proxy-arp it won't work and if it supports it then you'll have a large arp cache, you will have a lot of broadcast on your link and it will consume more CPU. For Frame-relay it will never work because there is no such thing as proxy InARP( at least on Cisco devices).
Regards.
Alain
Don't forget to rate helpful posts.
10-11-2012 05:36 AM
Amazing. Thanks for info.
10-11-2012 03:34 AM
Thanks for the suggestions but im still having issues chances are im missing something really obvious, so ill attach both config files for router 1 and 2
10-11-2012 03:56 AM
Hi,
The serial link between your routers must be on an IP subnet: so configure an IP address on both ends
eg: 10.0.0.0/30 ---> 10.0.0.1 255.255.255.252 and 10.0.0.2 255.255.255.252
also remove the static default pointing to outgoing fastethernet and replace by one pointing to ip next-hop
Regards.
Alain
Don't forget to rate helpful posts.
10-11-2012 09:30 AM
Really appeciate the help you are all giving me however it still appears im having issues, so im guessing it is something to do with the connection containing the internet.
Bascially the router's are able to ping the DHCP address asigned on the internet port, the main router directly connected to the internet is able to connect to ip addresses on the internet ( using 8.8.8.8 as an example connection ) however the internal router and the PC's located on the lan are unable to get further the IP address asigned by the ISP.
Updated configs:
https://dl.dropbox.com/u/44896033/configs.txt
Many Thanks
10-11-2012 09:38 AM
Why are you connecting the two routers via serial and adding more complication to it? If they are both your routers then configure HSRP or GLBP on them and then connect them to the switch.
03-13-2015 07:32 AM
i don't know how to configure that
10-11-2012 10:25 AM
Hi,
the NAT must be done on the router connected to ISP
Do this:
r1: attached to ISP
ip dhcp excluded-address 192.168.0.1
no ip dhcp conflict logging
ip dhcp pool mypool
import all
network 192.168.0.0 255.255.255.0
default-router 192.168.0.1
int s0/0
ip nat inside
int f0/0
ip nat outside
r2:attached tp PCs
ip route 0.0.0.0 0.0.0.0 10.0.0.1
int f0/0
ip helper-address 10.0.0.1
Regards.
Alain
Don't forget to rate helpful posts.
03-12-2015 05:14 PM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: