Mentor
•
36 Messages
3800RG, Cisco Routers and Static IPs
I've got a block of 8 static IPs, one A.B.C.64 /29 - A.B.C.70 is my default gateway, my Cisco E2000 router runs my main home LAN and is doing just fine. I am using two of the RG's ports to run my U-verse set-top boxes via Ethernet, one for the WAN link on the E2000 and one goes to a 4-port DLink switch that then goes to a Cisco 2621XM. Everythings works super except the 2621... I have fa0/1 setup to A.B.C.66 (the E2000 is .65, btw) and I have fa0/0 set to 172.16.1.1 /24 and one PC connected to it set to 172.16.1.10 /24 with a default gateway of 172.16.1.1. I can ping A.B.C.70 from the 2621 just fine and I can ping an outside address such as Google, Apple, etc just fine. What is puzzling me to no end is why I CAN ping A.B.C.66 from the PC, and I CANNOT ping A.B.C.70???? What the heck, it's a directly connected interface; I cannot for the life of me understand this. The only thing I can come up with is that somehow the RG is not setting up a return route.
SomeJoe7777
Expert
•
9.4K Messages
12 years ago
0
0
ttx336
Mentor
•
36 Messages
12 years ago
thanks so much for looking at this... Gary
0
0
SomeJoe7777
Expert
•
9.4K Messages
12 years ago
OK, so I assume by looking at the serial IP addresses that your 3 Cisco routers are connected in a triangle formation:
R1 S0/0 -> R2 S0/0
R1 S0/1 -> R3 S0/0
R2 S0/1 -> R3 S0/1
and the goal is to make all serial interfaces and the FastEthernet interfaces on R2 and R3 able to access the internet through R1.
The key here is that you must tell R1 that all of those addresses and the interfaces that those packets arrive on are eligible for NAT, because all packets must be NATted to the xxx.xxx.xx.66 address.
So, on R1:
1. Add the following line to the Serial0/0 interface:
ip nat inside
2. Add the following line to the Serial 0/1 interface:
ip nat inside
3. Adjust the NAT source list to include the other subnets that will need NAT:
access-list 1 permit 172.16.0.0 0.0.31.255
access-list 1 permit 10.0.0.0 0.255.255.255
(I cheated here, I added all private IP addressing in the 10.x and 176.16.x blocks to the access list rather than adding your in-use subnets.)
After you do this, all your routers should be able to access the internet, assuming your EIGRP is working correctly.
0
ttx336
Mentor
•
36 Messages
12 years ago
Once again, you were dead-on, it is working great!!
Thank you so much... now, I gotta get my homework done, I am working on CCNA, I'm taking the Routing Protocols class currently so I am about halfway through. I find this all to be most fascinating.
We have been so satisfied with AT&T's U-verse... coming from Comcast running on coax, this has been a refreshing change. Last night we were watching only the second movie that we have rented from OnDemand, it had a few glitches but other than that, our service over the entire two months has been outstanding. We have FTTH at our new home and have just outstanding Internet and I think it is so cool to run the set-top boxes from Ethernet. We also have AT&T wireless and iPhones... I am VERY quickly becoming a huge AT&T fan and am considering seeking employment with them.
-Gary
0
0
SomeJoe7777
Expert
•
9.4K Messages
12 years ago
0
0
ttx336
Mentor
•
36 Messages
12 years ago
I notice that I can no longer remote in to the router from the Interent as I could before turning on NAT, is that becasue it now has more than one option for a route? I tried using xxx.xxx.xxx.66/R1 to specify the address and the router's name to see if that would do but it doesn't work. Is there still a way to address the router from the Internet?
0
0
ttx336
Mentor
•
36 Messages
12 years ago
I can only telnet in from the LAN that R1 is on, I made sure that the firewall is off in the RG for R1; seems like it should be accessible from the outside but it's not.
0
0
ttx336
Mentor
•
36 Messages
12 years ago
Aaaaccckk, I'm a dope, I had the first source list set to 172.162.0.0 instead of 172.16.0.0, I am surprised it worked at all. What was interesting was that after I had typed in "10.0.0.0" the router had changed it to "any" for the second surce list. I deleted both of them and put them back in and now they both read exactly as I typed them. And now, I can use both the telnet and the html interface again.
0
0