Solved

cisco 1720 behind a DSL router??

Posted on 2004-09-18
7
332 Views
Last Modified: 2013-11-29
I have a cisco 1720 behind a  DSL Netopia router. I have configured the  1720 as shown below but I am not able to get past my LAn with this. Could you have a look and let me know if I have made a mistake somewhere in my config.The gateway address on my netopia (LAN) side is 192.168.10.254 and the WAN side is 69.152.XX.XX . I have mapped the ethernet0 interface of my 1720 to a public address(I have done this mapping in the DSL router) Thank you for your help.


Current configuration : 919 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname XXXXXX
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$XXXXXXXXXXXX
enable password XXXXXX
!
memory-size iomem 25
no aaa new-model
ip subnet-zero
!
!
!
ip dhcp pool cpe
network 192.168.15.0 255.255.255.0
   dns-server 151.164.XX.XX
   default-router 192.168.15.1
!
ip cef
!
!
!
!
interface Ethernet0
 ip address 192.168.10.10 255.255.255.0
 no ip unreachables
 ip nat outside
 half-duplex
 no cdp enable
!
interface FastEthernet0
 ip address 192.168.15.1 255.255.255.0
 ip nat inside
 speed auto
 no cdp enable
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.10.254
no ip http server
!
access-list 1 permit 192.168.110.0 0.0.0.255
dialer-list 1 protocol ip permit
!
line con 0
 exec-timeout 0 0
line aux 0
line vty 0 4
 password XXXX
 login
!
end


0
Comment
Question by:aej1973
  • 3
  • 2
  • 2
7 Comments
 
LVL 5

Expert Comment

by:netspec01
Comment Utility
Looks like you are missing an IP NAT pool.
0
 

Author Comment

by:aej1973
Comment Utility
Where??
0
 
LVL 5

Expert Comment

by:netspec01
Comment Utility
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 79

Expert Comment

by:lrmoore
Comment Utility
you have Ip nat inside, and IP nat outside interfaces, but you don't define the NAT:

add these two lines:

  access-list 2 permit 192.168.15.0 0.0.0.255
  ip nat inside source list 2 interface Ethernet0 overload

0
 
LVL 5

Expert Comment

by:netspec01
Comment Utility
This is what you need:

1. nat pool defined for PAT
2. NAT inside for inside interface
3. nat outside for outside interface
4. an ACL to define interesting traffic
5. a route for traffic pointing to upstream router

I just tested this on 12.3(9).

interface Ethernet0
 ip address 192.168.10.10 255.255.255.0
 ip nat outside
!
interface FastEthernet0
 ip address 192.168.15.1 255.255.255.0
 ip nat inside  
!
ip route 0.0.0.0 0.0.0.0 192.168.10.254
!
access-list 1 permit 192.168.15.0 0.0.0.255
!
ip nat pool mypool 192.168.10.10 192.168.10.10 netmask 255.255.255.0
Ip nat source list 1 mypool overload
0
 

Author Comment

by:aej1973
Comment Utility
these are the  changes i made and it still does not seem to be working. Even after I have mapped  ethernet0 to a public IP I am not able to ping it from outside.????

Current configuration : 1089 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Texas_Tunnel
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$Pyd0$fMn65blA5ESj/9aYAPiWO/
enable password 73arun
!
memory-size iomem 25
no aaa new-model
ip subnet-zero
!
!
!
ip dhcp pool cpe
 network 192.168.15.0 255.255.255.0
   dns-server 151.164.1.8
   default-router 192.168.15.1
!
ip cef
!
!
!
!
interface Ethernet0
 ip address 192.168.10.10 255.255.255.0
 no ip unreachables
 ip nat outside
 half-duplex
 no cdp enable
!
interface FastEthernet0
 ip address 192.168.15.1 255.255.255.0
 ip nat inside
 speed auto
 no cdp enable
!
ip nat pool mypool 192.168.10.10 192.168.10.10 netmask 255.255.255.0
ip nat inside source list 1 pool nat overload
ip nat inside source list 2 interface Ethernet0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.10.254
no ip http server
!
access-list 1 permit 192.168.15.0 0.0.0.255
dialer-list 1 protocol ip permit
!
line con 0
 exec-timeout 0 0
line aux 0
line vty 0 4
 password arun1973
 login
!
end


0
 
LVL 79

Accepted Solution

by:
lrmoore earned 250 total points
Comment Utility
Remove these two lines
 router(config)# no ip nat pool mypool 192.168.10.10 192.168.10.10 netmask 255.255.255.0
 router(config)# no ip nat inside source list 1 pool nat overload

Add this one
  access-list 2 permit 192.168.15.0 0.0.0.255

0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Let’s list some of the technologies that enable smooth teleworking. 
Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now