3800RG, Cisco Routers and Static IPs

!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
memory-size iomem 10
no aaa new-model
ip subnet-zero
ip cef
!
!
ip name-server xxx.xxx.xxx.xxx
ip name-server xxx.xxx.xxx.xxx
!
!
!
!
!
!
interface FastEthernet0/0
 ip address 172.16.1.1 255.255.255.0
 ip nat inside
 duplex auto
 speed auto
!
interface Serial0/0
 ip address 10.0.0.1 255.255.255.252
 clock rate 64000
!
interface FastEthernet0/1
 ip address xxx.xxx.xxx.66 255.255.255.248
 ip nat outside
 duplex auto
 speed auto
!
interface Serial0/1
 ip address 10.0.0.10 255.255.255.252
!
router eigrp 10
 redistribute static
 network 10.0.0.0
 network xxx.xxx.xxx.64 0.0.0.7
 no auto-summary
!
ip default-gateway xxx.xxx.xxx.70
ip nat inside source list 1 interface FastEthernet0/1 overload
ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 xxx.xxx.xxx.70
!
!
access-list 1 permit 172.16.1.0 0.0.0.255
!
line con 0
 logging synchronous
line aux 0
line vty 0 4
 login
!
!
end



!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
ip cef
!
!
!
!
!
!
!
!
interface FastEthernet0/0
 ip address 172.16.2.1 255.255.255.0
 duplex auto
 speed auto
!
interface Serial0/0
 ip address 10.0.0.2 255.255.255.252
 no fair-queue
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/1
 ip address 10.0.0.5 255.255.255.252
 clock rate 64000
!
router eigrp 10
 network 10.0.0.0
 network 172.16.0.0
 no auto-summary
!
ip http server
ip classless
!
!
!
line con 0
 logging synchronous
line aux 0
line vty 0 4
 login
!
!
end



!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R3
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
!
!
ip cef
!
!
no ip domain lookup
!
!
!
!
interface FastEthernet0/0
 ip address 172.16.3.1 255.255.255.0
 duplex auto
 speed auto
!
interface Serial0/0
 ip address 10.0.0.9 255.255.255.252
 clock rate 64000
 no dce-terminal-timing-enable
 no fair-queue
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/1
 ip address 10.0.0.6 255.255.255.252
 no dce-terminal-timing-enable
!
router eigrp 10
 network 10.0.0.0
 network 172.16.0.0
 no auto-summary
!
ip http server
!
!
!
!
!
control-plane
!
!
line con 0
 logging synchronous
line aux 0
line vty 0 4
 login
!
end

 thanks so much for looking at this... Gary

OK, so I assume by looking at the serial IP addresses that your 3 Cisco routers are connected in a triangle formation:

R1 S0/0 -> R2 S0/0

R1 S0/1 -> R3 S0/0

R2 S0/1 -> R3 S0/1

and the goal is to make all serial interfaces and the FastEthernet interfaces on R2 and R3 able to access the internet through R1.

The key here is that you must tell R1 that all of those addresses and the interfaces that those packets arrive on are eligible for NAT, because all packets must be NATted to the xxx.xxx.xx.66 address.

So, on R1:

1. Add the following line to the Serial0/0 interface:

ip nat inside

2. Add the following line to the Serial 0/1 interface:

ip nat inside

3. Adjust the NAT source list to include the other subnets that will need NAT:

access-list 1 permit 172.16.0.0 0.0.31.255

access-list 1 permit 10.0.0.0 0.255.255.255

(I cheated here, I added all private IP addressing in the 10.x and 176.16.x blocks to the access list rather than adding your in-use subnets.)

After you do this, all your routers should be able to access the internet, assuming your EIGRP is working correctly.

Once again, you were dead-on, it is working great!!

Thank you so much... now, I gotta get my homework done, I am working on CCNA, I'm taking the Routing Protocols class currently so I am about halfway through. I find this all to be most fascinating.

We have been so satisfied with AT&T's U-verse... coming from Comcast running on coax, this has been a refreshing change. Last night we were watching only the second movie that we have rented from OnDemand, it had a few glitches but other than that, our service over the entire two months has been outstanding. We have FTTH at our new home and have just outstanding Internet and I think it is so cool to run the set-top boxes from Ethernet. We also have AT&T wireless and iPhones... I am VERY quickly becoming a huge AT&T fan and am considering seeking employment with them.

-Gary

I notice that I can no longer remote in to the router from the Interent as I could before turning on NAT, is that becasue it now has more than one option for a route? I tried using xxx.xxx.xxx.66/R1 to specify the address and the router's name to see if that would do but it doesn't work. Is there still a way to address the router from the Internet?

I can only telnet in from the LAN that R1 is on, I made sure that the firewall is off in the RG for R1; seems like it should be accessible from the outside but it's not.

Aaaaccckk, I'm a dope, I had the first source list set to 172.162.0.0 instead of 172.16.0.0, I am surprised it worked at all. What was interesting was that after I had typed in "10.0.0.0" the router had changed it to "any" for the second surce list. I deleted both of them and put them back in  and now they both read exactly as I typed them. And now, I can use both the telnet and the html interface again.