Solved

Simple vpn on Cisco 2620

Posted on 2002-04-17
41
473 Views
Last Modified: 2011-09-20
Ok, here's the situation.  I have a 2620, totally generic from Worldcom, hooked to a T1.  That's all working with the public gateway and IP setup.

I want to bind an alternate VPN IP address (i.e. 192.168.0.1) to the box and have workstations on a private IP network be able to reference the gateway via the vpn IP so they can continue to browse each other but not be accessible publicly.

A tech guy came over and bound the IP address to the box as a secondary and now I can ping the router using this 192.168 address but it doesn't work as a gateway.  I can ping the address, but going to the box, it cannot ping anything in that subnet.  It looks like routing is going out, but not coming back.  What's wrong?

The 2620 is connected into an intel switch and everything else is plugged into the switch.  Everything works if we reference the router on the public ip, but not the private.  There's obvious some other setting(s) not done.

Can someone walk me through how I might fix this?  I know absolutely nothing about IOS except how to log into the box and switch into en mode, and before I spend the next week reading up on things, I was hoping maybe someone could at least walk me through how I might get the box routing on this vpn.  Is this as simple a thing as I think?  Remember, there are no weird settings or anything.  
0
Comment
Question by:maabu
  • 21
  • 16
  • 4
41 Comments
 
LVL 8

Expert Comment

by:scraig84
ID: 6950824
I think a tad more info is necessary here.  

When you say "I can ping the address, but going to the
box, it cannot ping anything in that subnet.  It looks like routing is going out, but not coming back."  

What address?  Going to what box?  What subnet?  Out from where?  Back from where?  To where?

Can you list out the IP addresses in use on the router and what interfaces are associated?  Also, what does work and what does not (complete info of subnet-to-subnet).  What often works best is if you can post your config, remove passwords and change public IP's, and further describe the problem.

0
 
LVL 1

Author Comment

by:maabu
ID: 6951320
Here's some info:

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

     999.999.0.0/30 is subnetted, 1 subnets
C       999.999.999.999 is directly connected, Serial0/0.1
     999.999.0.0/22 is subnetted, 1 subnets
C       999.999.999.0 is directly connected, FastEthernet0/0
C    192.168.0.0/24 is directly connected, FastEthernet0/0
S*   0.0.0.0/0 is directly connected, Serial0/0.1

The 999s were obviously changed by me to protect the security.

I notice there is not a subnet configured under the vpn.  Not sure if that's the problem.

Using 1176 out of 29688 bytes
!
version 12.1
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname zzzz
!
!!
!
!
!
ip subnet-zero
no ip finger
ip domain-name zzzz
ip name-server 999.999.999.999
!
!
!
!
interface FastEthernet0/0
 description To Office FastEthernet
 ip address 999.999.999.999 255.255.252.0
 duplex auto
 speed auto
!
interface Serial0/0
 bandwidth 1536
 no ip address
 encapsulation frame-relay IETF
 no fair-queue
 frame-relay lmi-type ansi
!        
interface Serial0/0.1 point-to-point
 bandwidth 1536
 ip address 999.999.999.999 255.255.255.252
 frame-relay interface-dlci 500 IETF  
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0.1
ip http server
!
snmp-server community zzzzzzzzz RO
snmp-server enable traps snmp
!
line con 0
 login
 transport preferred none
 transport input none
line aux 0
  login
 modem InOut
 transport preferred none
 transport input all
 transport output pad v120 telnet rlogin udptn
 stopbits 1
 flowcontrol hardware
line vty 0 4
  login
 transport preferred none
!
no scheduler allocate
end
0
 
LVL 8

Expert Comment

by:scraig84
ID: 6951448
That helps some - however I'm still not seeing the whole picture.  Is the secondary address on the F0/0 interface?  If so, I don't see it there.  Based on the posted config, I don't see how the 192.168.0.0 network made its way into the table.  Also, I am assuming you are not trying to access this network directly from a public segment since that would be impossible and you mentioned a VPN.  What is creating the VPN (what are being used for endpoints)?  When exactly do you experience the problem?  What exactly is the problem?
0
 
LVL 1

Author Comment

by:maabu
ID: 6951485
Here's some info:

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

     999.999.0.0/30 is subnetted, 1 subnets
C       999.999.999.999 is directly connected, Serial0/0.1
     999.999.0.0/22 is subnetted, 1 subnets
C       999.999.999.0 is directly connected, FastEthernet0/0
C    192.168.0.0/24 is directly connected, FastEthernet0/0
S*   0.0.0.0/0 is directly connected, Serial0/0.1

The 999s were obviously changed by me to protect the security.

I notice there is not a subnet configured under the vpn.  Not sure if that's the problem.

Using 1176 out of 29688 bytes
!
version 12.1
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname zzzz
!
!!
!
!
!
ip subnet-zero
no ip finger
ip domain-name zzzz
ip name-server 999.999.999.999
!
!
!
!
interface FastEthernet0/0
 description To Office FastEthernet
 ip address 999.999.999.999 255.255.252.0
 duplex auto
 speed auto
!
interface Serial0/0
 bandwidth 1536
 no ip address
 encapsulation frame-relay IETF
 no fair-queue
 frame-relay lmi-type ansi
!        
interface Serial0/0.1 point-to-point
 bandwidth 1536
 ip address 999.999.999.999 255.255.255.252
 frame-relay interface-dlci 500 IETF  
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0.1
ip http server
!
snmp-server community zzzzzzzzz RO
snmp-server enable traps snmp
!
line con 0
 login
 transport preferred none
 transport input none
line aux 0
  login
 modem InOut
 transport preferred none
 transport input all
 transport output pad v120 telnet rlogin udptn
 stopbits 1
 flowcontrol hardware
line vty 0 4
  login
 transport preferred none
!
no scheduler allocate
end
0
 
LVL 1

Author Comment

by:maabu
ID: 6951489
The problem is I have never configured a router before.  It came from the telco pre-configured.  All I wanted to do was add a 192.168.x address so I can use that IP as a gateway address for my internal network... that's it....  I cannot imagine a more simple setup for a router...

0
 
LVL 8

Expert Comment

by:scraig84
ID: 6951513
Yes, but you can't route privately addressed traffic over a public network.  If you want to have a computer on a private address range to route traffic over the internet, you need either NAT, or my assumption was that this traffic would hit a VPN endpoint (since you mentioned VPN) which would encapsulate the privately addressed traffic into encrypted packets with public addresses.  You can't just mix private and public address ranges and make it work - unless you are in a lab or something.
0
 
LVL 1

Author Comment

by:maabu
ID: 6951546
Let me see if I can spell this out real simple...

Router has public address: 1.1.1.1

windows machines on my network have addresses in 2.2.2.2 - these are 192.168-style private ip addresses.

Everything is plugged into a switch and can ping each other.

As it stands.  I cannot access the internet through the router unless I bind a public 1.1.1.* ip address to each of the machines on my network, but I don't want to do that for obvious reasons.

If I bind a 2.2.2.2 address to a machine, and set the gateway to 1.1.1.1 it does not work.  

So, I was told I simply need to map a secondary 2.2.2.2 address to the router and everything would work.

A guy came over and bound the address to the box but it didn't work.  Basically, he didn't configure it properly.  I imagine this is a real, real simple router config issue - I cannot imagine anything being more simple than this... but I don't know IOS and I was hoping someone here would help before I have to dive into the manuals and stuff.

It's obvious the box could be set up to respond to either 1.1.1.1 or 2.2.2.2 - I can't imagine this being a problem.
0
 
LVL 1

Author Comment

by:maabu
ID: 6951555
Note that all I'm trying to do here is access the Internet through the router.  I've done this a zillion times using DSL and Cable with a gateway PC running windows ICS.  Surely this can also be done with a Cisco router???

0
 
LVL 1

Author Comment

by:maabu
ID: 6951570
I know nothing about IOS yet, but commmon sense tells me this does not look right:

     999.999.0.0/30 is subnetted, 1 subnets
C       999.999.999.999 is directly connected, Serial0/0.1
    999.999.0.0/22 is subnetted, 1 subnets
C       999.999.999.0 is directly connected, FastEthernet0/0
C    192.168.0.0/24 is directly connected, FastEthernet0/0
S*   0.0.0.0/0 is directly connected, Serial0/0.1

The two valid "999" IP blocks also have a "is subnetted" line under them, except for the 192.168 mapping... I figure if some command can be issued to set up the same thing like:
C    192.168.0.0/24 is directly connected, FastEthernet0/0
    192.168.0.0/24 is subnetted, 1 subnets

then the problem is solved... i could be wrong, but this looks like an inconsistency that makes sense.

0
 
LVL 8

Expert Comment

by:scraig84
ID: 6951574
Ahhh - now it becomes clear - but my answer doesn't change.  You need NAT for what you are trying to do.  ICS and other proxy type services are not simply passing packets - they are modifying the packets so that a public address is used as the source once it goes out on the public network.  A router doesn't just know that you want this done - just like a PC doesn't just know what to do with packets sent to it - a service of sorts needs to be run to modify the outbound and inbound packets so that they are suitable to be carried on the Internet.  NAT (Network Address Translation) is the method you need to use here.  However, not all versions of IOS support it.  To find out if you can even do this - go to enable mode, then type in :

conf t
ip nat ?


what is the response?  If it comes up with a list of words to use next, you are in business.  If it says it is an "unrecognized command" you need to upgrade (not free) your IOS to do this.  Let me know and I can give you a config to use if you can do this.

Also so you know - this has nothing at all to do with VPNs - so you kind of sent me for a loop with your topic heading.

0
 
LVL 8

Expert Comment

by:scraig84
ID: 6951579
Also so you know - whoever gave you the advice on the secondary address didn't know what the heck they were talking about.
0
 
LVL 1

Author Comment

by:maabu
ID: 6951590
gw#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
icorp-gw(config)#ip nat ?
  inside       Inside address translation
  outside      Outside address translation
  pool         Define pool of addresses
  service      Special translation for application using non-standard port
  translation  NAT translation entry configuration

gw(config)#ip nat


looks like it supports it...

0
 
LVL 1

Author Comment

by:maabu
ID: 6951595
Sorry.  I thought a VPN was basically any private network.  If you map a network to the non-public IP blocks, that seemed to me to be a VPN.

0
 
LVL 8

Expert Comment

by:scraig84
ID: 6951632
I noticed you use public addresses on the Ethernet and Serial side.  In a NAT scenario, this is not done.  For the sake of this as an example - I will use 10.1.1.0/24 as the internal address (f0/0) and 12.12.12.1 as your public address (s0/0.1)

conf t
ip nat pool maabu 12.12.12.1 12.12.12.1 netmask 255.255.255.252
ip nat inside source list 1 pool maabu overload

access-list 1 permit 10.1.1.0 0.0.0.255

int f0/0
ip addr 10.1.1.1 255.255.255.0
ip nat inside

exit

int s0/0.1
ip addr 12.12.12.1 255.255.255.252
ip nat outside


That should about do it.  I put the address commands in there to show where I am assuming the addresses would be - according to your config above, you may need to change your f0/0 address, but shouldn't have to mess with the one on s0/0.1.

Hope that helps!
0
 
LVL 1

Author Comment

by:maabu
ID: 6951641
Can you give me a rundown of what each command and its option does?   I would like to use this as a learning experience.

Also, if I make a mistake, can I easily revert things to the way they were?

Do you have a better way of configuring things for this scenario?

Note that there will be some public boxes on this network - they won't all be private.  I'l be running services like a web server with its own batch of public IPs, but I also want to give some of the workstations that are on private IPs access to the net through this gateway.

0
 
LVL 8

Expert Comment

by:scraig84
ID: 6951799
first line - creates a "pool" of addresses to be used as public addresses for translations
second line - tells the router to use a pool when a source machine matches the access list.  The "overload" keyword means that multiple machines can use the same external address.
Third line - this is an access-list that works with the above command to tell the router which machines should use NAT.

The "inside" and "outside" commands tell the router which interfaces should use translation and where the outside is (there can often be multiple inside interfaces).

Having public servers throws a slight wrench in - typically you will still address the servers themselves with private addresses and then do a "static" NAT translation on the router with a command like this:

ip nat inside source static 10.1.1.5 12.12.12.40

This means that when a packet comes to the router addressed with 12.12.12.40, it knows to send those packets to 10.1.1.5 on the inside.

This is very common, but can take different forms based on what your address scheme is and exactly how you want to do everything.
0
 
LVL 1

Author Comment

by:maabu
ID: 6951817
I want to make sure I have this straight so I don't mess up the router configuration...

assuming 12.12.12.1
 is the router's public ip address right?

can i map the entire 10.1.1.x class c using the above commands, so that anything at 10.1.1.x will work?

keep in mind that everything's plugged into a switch... so basically, the router wouldn't need to do any internetwork routing, just from the outside in, and what's sent to it... but should I reference the router via an inside ip (10.1.1.1) or it's public IP (12.12.12.1)?

I'm sorry for all these dumb questions.
0
 
LVL 8

Expert Comment

by:scraig84
ID: 6951838
No problem - remember that a router doesn't save anything unless you tell it to.  So unless you do a "wr mem", the running configuration isn't saved and won't come back at bootup.  Therefore, if you ever screw it up too bad, you can always reboot it.  Just remember to save it once you do get it the way you want.

"can i map the entire 10.1.1.x class c using the above commands, so that anything at 10.1.1.x will work? "

>>That's exactly what is being done with the access-list.

When you say "reference" I am assuming you mean what to use for the default gateway?  If so, you want to use the 10.1.1.1 address like you normally would.
0
 
LVL 1

Author Comment

by:maabu
ID: 6951869
So once I execute the above commands, the router will immediately start recognizing the subnet and NAT?  And if it works well, then I should write it to memory?  I just want to make sure before I start messing with anything.
0
 
LVL 8

Accepted Solution

by:
scraig84 earned 100 total points
ID: 6951876
If I am understanding everything - than yes, it should work.  It's not working now right?  Just asking since you seem to be concerned about messing up something that is not functioning...
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 1

Author Comment

by:maabu
ID: 6951893
I haven't tried it yet... I'm just making sure I have everything right... regarding this config info:

int f0/0
ip addr 10.1.1.1 255.255.255.0
ip nat inside

Is 10.1.1.1 the ip that we bind to the router that will be the gateway for the internal machines?  

I already have 192.168.0.131 attached somewhere - that's what the other guy did.
0
 
LVL 8

Expert Comment

by:scraig84
ID: 6951905
Like I said, based on the config you posted, that shouldn't even be there - unless you excluded some lines from what you posted.  

You don't have to use the 10.1.1.1 address if you don't want - whatever works for you as an internal address.  Obviously if you use the 10.1.1.1, you'll need to address your workstations accordingly.
0
 
LVL 1

Author Comment

by:maabu
ID: 6951958
Right, but is 10.1.1.1 in the above example the gateway IP address?  Yes?  No?


0
 
LVL 8

Expert Comment

by:scraig84
ID: 6951963
Yes.
0
 
LVL 1

Author Comment

by:maabu
ID: 6955105

The router freezes at this command:

int f0/0
ip addr 10.1.1.1 255.255.255.0

Instead of 10.1.1.1, I'm using somethig like 192.168.0.144

it hangs requiring me to reboot the box.

0
 
LVL 1

Author Comment

by:maabu
ID: 6955118

I've tried this over and over... It does not look like your config data works.  It seems like the int f0/0 ip addr command overwrites the existing public ip block bound to the box and then it becomes unavailable.  This is obviously not correct.

Looks like your instructions wiped out the IP block bound to the router which is the public gateway, effectively turning it into a big doorstop.

0
 
LVL 79

Expert Comment

by:lrmoore
ID: 6955127
How are you accessing your router? If you are using telnet, then you will freeze as soon as you try to change it. You need to be on the console port.

0
 
LVL 8

Expert Comment

by:scraig84
ID: 6955467
lrmoore is correct.  I beleive I did mention a few times that the IP addresses could be changed if that works better for your situation.  Without knowing exactly what you are using for addressing schemes, I could only give you a basic config - you'll have to take the rest from there.  If you are going to change your scheme to match up with what I wrote, than you will have to make some adjustments with the machines on your network before it will all work correctly.  Either way, there may be some periods of not everything functioning until it is all done.
0
 
LVL 1

Author Comment

by:maabu
ID: 6955469
I don't want to obsolete the current ip mapping to f0/s0.  I would either like to reference the public ip as a gateway, or map an alias ip (i.e. 192.168.0.99) to the router to use as a default gateway for my private ip network.  

I've tried 100 different combinations, and nothing works.. I'm probably close but know just enough to screw it up.
0
 
LVL 8

Expert Comment

by:scraig84
ID: 6955481
So you want the Fast Ethernet interface to have 2 addresses - one that is public, and one that is private that performs NAT?

If I am correct here, add the word "secondary" to the "ip address" command that was giving you the problems.  This should also not turn the router into a "doorstop" since it won't be replacing anything.  I'll be honest and tell you I have never tried this particular config, but I don't see why it wouln't work...
0
 
LVL 1

Author Comment

by:maabu
ID: 6955497
Actually I don't care if the router has a 192.168.x.x address.  I just want it to do overload dynamic NAT for the IP range I specify.  I can't imagine this being difficult - there should be no need to map any ip address to the box -- it works already as the ip that's mapped to it... right now though, I can't use private IPs with the gateway..

So for example, say the gateway is

20.20.20.1

and it works if I bind a public ip that I have available that's routed to the box, but I don't want that.  I want a network (say a class C) of 192.168.0.x to be able to connecto the net through the router.  Basically, this is using the Cisco exactly like I would use ICS under windows.

0
 
LVL 8

Expert Comment

by:scraig84
ID: 6955548
You're losing me here.  I have given you a configuration to do this.  ICS is merely a bastardized form of NAT.  However, you can't just go changing the rules of IP.  The router has to have an address on the network range that you need to NAT.  I gave you examples - if you need to change those examples to fit your needs than you can certainly do so.  I used 10.1.1.1 - if you want to use 192.168.0.x then go right ahead - but you need to change the access list etc. as well.  
No offense, but I am getting the destinct impression that you don't fully understand IP addressing and IP communication.  None of this is "difficult" as you say it shouldn't be.  However, understanding of what is going on is important.  It is not point and click like a Windows box.  A router needs to be explicitly told what you want.  If you are willing to give me all of the information on your network, I can easily write a configuration that will get you working.  However, since we are not in a forum where that is likely to happen, you will need to work with examples.  If you are not fully understanding how IP functions and that is impeding your ability to implement this, I suggest that you either do some learning, or employ the help of someone that is able to do this for you.

Sorry if I'm getting snippy, but when someone tells me what should be easy or should not need to happen in order to get something to work when I've done this a few billion times, that happens to be the one button that pushes me over the edge a bit - especially when I'm not getting paid.  
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 6956026
I understand scraig84's frustration. For us it is a very simple task. When you try to use terms such as "map an ip address to the box", we have to try to decipher that because you don't map an ip address, you "assign" an ip address.
>>If I bind a 2.2.2.2 address to a machine, and set the gateway to 1.1.1.1 it does not work.  

>>there should be no need to map any ip address to the box -- it works already as the ip that's mapped to it... right now though, I can't
use private IPs with the gateway..

DUH! I'm sorry, but you DO have to assign a private ip address to the router interface if you ever want it to perform its function of routing between two different networks. And your default gateway must be on the same subnet as your PC.

Let's take a simplistic example and build you a config:

Workstations: 192.168.0.1 through 192.168.0.129 255.255.255.0

IP address range assigned by the ISP:
  Serial 0/0 --- 999.999.999.999 255.255.255.252
  Useable range --- 999.999.998.xxx 255.255.252.0 ??? (I question this large of a block of addresses from the ISP. If you have that many, why do you need to NAT?)

BASIC configuration:

ip subnet-zero

interface Ethernet 0/0
 ip add 192.168.0.144 255.255.255.0 secondary
 ip add 999.999.998.1 255.255.252.0
 ip nat inside

interface serial 0/0
 ip address 999.999.999.999 255.255.255.252
 ip nat outside


ip nat pool maabu 999.999.998.123 999.999.999.125 netmask 255.255.252.0
ip nat inside source list 101 pool maabu overload

!! this access list will NOT NAT from you local private IP addresses to your own local public ip address in case you still have some machines that have pulic
!
access-list 101 deny ip 192.168.0.0 0.0.0.255 999.999.998.0 0.0.1.255
access-list 101 permit ip 192.168.0.0 0.0.0.255 any

Start from this, get it working, and then we can help get you the static mappings for your web/email, etc...



0
 
LVL 79

Expert Comment

by:lrmoore
ID: 6956028
I forgot to add:
 Workstation's default gateway: 192.168.0.144
 (it matches the ip address "assigned" to the inside ethernet interface as a secondary)

0
 
LVL 1

Author Comment

by:maabu
ID: 6956706
I solved this problem myself.  I do appreciate everyone's attempt to assist, and I apologize if I didn't use the right terms, but the data given didn't work and I eventually had someone over here figure it out for me.  

It was more simpler than what was listed:

conf t
int f0/0
ip address 192.168.0.131 255.255.255.0 secondary
ip nat inside
int s0/0.1
ip nat outside
exit (exit config-if mode- not configuring interfaces at this point)
ip nat pool mabu 999.999.999.2  999.999.999.2 prefix-length 24
ip nat inside source list 1 pool mabu overload
ip access-list 1 permit 192.168.0.0 0.0.0.255
end

Please delete the question.

0
 
LVL 79

Expert Comment

by:lrmoore
ID: 6956737
I don't think the question should be deleted. Scraig84 gave you everything you just did...and it's almost exactly what just gave you....
0
 
LVL 8

Expert Comment

by:scraig84
ID: 6959560
Like lrmoore said - that is basically exactly what I gave you.  I told you that what I gave you was an example and you could change the IP addresses to suit your needs.  The only difference between what you wrote and I wrote is a difference in IP addresses.
0
 
LVL 1

Author Comment

by:maabu
ID: 6960656
There are a couple of problems with the answers.. The most significant is that they didn't work.  One number off doesn't make a difference.  No disrespect intended, but we're not playing horseshoes here guys.

I appreciate your efforts and I'm sure you're very competent.  The bottom line is that I answered my own question.  I'm sure I'm at fault for not being clear in my original inquiry and for that I apologize.

It's not about points - it's about the subject also being misleading and probably shouldn't be included in the database.
0
 
LVL 1

Author Comment

by:maabu
ID: 6960668
By the way, I said before I knew very little about this.  That's one problem with you CCxx guys is that you assume everyone knows what you know so you start talking 5 levels above me and I don't know what you're talking about (case in point, I did not know the gateway address had to be in the same subnet as the IP of the machine... call me an idiot - I just haven't worked with tcp/ip routing)


Given the config data and the scenario and my description, it was fairly simple.  I was guilty of knowing just enough terminology to make it misleading but it wasn't out of bounds to assume i.e. there's a public IP mapped to the box and it might be a good idea to not overwrite it.... even I knew that.
0
 
LVL 8

Expert Comment

by:scraig84
ID: 6960786
I didn't want to start an argument here.  I'm glad you figured it out.  However, for you to say that you did it all on your own is laughable.  You said yourself that you don't know much about it, so when you have the exact same commands with IP addresses changed, its pretty hard to believe that you did it all on your own.  As to your "horseshoes comment", I said a few times that I didn't know the exact IP addressing scheme you were using - therefore I couldn't write the thing for you exactly and you would need to apply the example to your own environment.  As to your "Cisco guys" comment, the only thing I assumed you should know (and the only thing you needed to know) to use my example was basic IP addressing.  I also made the comment that it was becoming obvious that you weren't strong in this area and should spend some time learning this.  If you are truly that week in IP, it would probably be best for you to keep your hands off the router anyway.  The first thing that is taught to anyone trying to use a router is IP.  As to your last comment about what "even you know" - you need to stop pretending you know so much.  Most people using NAT DON'T use a public address on the inside.  Having only a private address on the inside is by far more common than what you have done.  

Anyway, if you want to pretend that I didn't spend my time helping, that's fine.  Its really not going to change my day one way or the other.  In fact, at this point I would probably be happier if you deleted it.
0
 
LVL 1

Author Comment

by:maabu
ID: 6960882

The code to fix the router was provided by the same guy, whom you said "didn't know what he was doing."  He never saw any of this exchange on EE.  It worked, yours didn't.  IP specifics notwithstanding - you had just as much info as he did on the situation.  I don't mean to be disrespectful but I think I'd be doing you a disservice by saying that you were intregal in solving this issue when you weren't.

While you definitely helped me realize I needed to learn more about this, ultimately none of your work had any bearing on solving the problem.  That's not to say I don't appreciate you trying... I most certainly do.  I will award you 100 points "for effort" even though, basically, you didn't solve the problem and your work, while CLOSE wasn't close enough.

I'm being picky on this issue because I am a programmer - I know that close doesn't cut it... I just don't know about Cisco IOS and tcp/ip.  Which is exactly why I posted to EE.  But in either dicipline it's all about being precise... I know enough to know NOT to mess with the router until I know what I'm doing, which is exactly why I asked to explain each command, which you did in a shallow and ultimately unhelpful manner.  But I am not taking offense; merely assuming you thought I might have known more than I did.  Besides, the router was not in production and I thought this might be a good chance for me to play with it, as long as I didn't overwrite the base, working configuration.

Again, I do appreciate your effort.


0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

New Server 172.16.200.2  was moved from behind Router R2 f0/1 to behind router R1 int f/01 and has now address 172.16.100.2. But we want users still to be able to connected to it by old IP. How to do it ? We can used destination NAT (DNAT).  In DNAT…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now