Solved

Issues with Nating, CEF and routing...  or maybe just one of the above

Posted on 2004-10-01
4
238 Views
Last Modified: 2010-04-17
Hi all,

       I am currently beating my head against my desk.   I have just been presented 2 t1's going into a 2620 with 2 wic 1t's and one built in fast ethernet.  I am able to ping out from the router, and have confirmed that both lines are up..   but when I try to connect from the private network  (192.168.1.0) I get nothing.    I would also like to hand out DHCP form here, but that is currently the least of my worries.   Any direction would be appricated.   BTW: these 2 t1's are being load balanced by CEF.

Thanks in advance,

Andrew

Building configuration...

Current configuration : 1502 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
enable secret 5
enable password
!
no network-clock-participate slot 1
no network-clock-participate wic 0
no aaa new-model
ip subnet-zero
ip cef
!
!
!
ip name-server 204.117.214.10
no ftp-server write-enable
!
!
!
!
interface FastEthernet0/0
 ip address 192.168.1.1 255.255.255.0
 ip nat inside
 speed 100
 full-duplex
 no mop enabled
!
interface Serial0/0
 ip address 144.223.25.142 255.255.255.252
 ip nat outside
!
interface Serial0/1
 ip address 144.223.28.226 255.255.255.252
 ip nat outside
!
ip default-gateway 144.232.185.125
ip nat pool Nat_pool 205.246.201.252 205.246.201.255 netmask 0.0.0.252
ip nat inside source list 1 pool Nat_pool overload
no ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0
no ip http server
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 110 deny   icmp any any time-exceeded
access-list 110 deny   icmp any any echo-reply
access-list 110 permit ip any any
access-list 110 permit icmp any any
access-list 112 permit ip 208.27.244.0 0.0.0.255 any
access-list 112 permit ip any any
access-list 113 deny   ip 128.0.0.0 0.0.255.255 any
snmp-server community public RO
snmp-server enable traps tty
banner incoming ^CC Unauthorized access of this device is prohibited ^C
!
line con 0
line aux 0
line vty 0 4
 password **********
 login
!
!
!
end
0
Comment
Question by:spiff637
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 250 total points
ID: 12201484
Suggest changing this:
>  ip route 0.0.0.0 0.0.0.0 Serial0/0

to this - you must have dual default routes to use CEF:
   ip route 0.0.0.0 0.0.0.0 144.223.25.141
   ip route 0.0.0.0 0.0.0.0 144.223.25.125

>ip nat pool Nat_pool 205.246.201.252 205.246.201.255 netmask 0.0.0.252

The netmask is incorrect on this line. It should be:
    ip nat pool Nat_pool 205.246.201.252 205.246.201.255 netmask 255.255.255.248

Reference for CEF:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/switch_c/xcprt2/xcdcefc.htm
http://www.cisco.com/en/US/tech/tk827/tk831/technologies_tech_note09186a0080094806.shtml
0
 

Author Comment

by:spiff637
ID: 12201665
>>ip nat pool Nat_pool 205.246.201.252 205.246.201.255 netmask 0.0.0.252

>The netmask is incorrect on this line. It should be:
    ip nat pool Nat_pool 205.246.201.252 205.246.201.255 netmask 255.255.255.248

Really?   That's exactly what Sprint gave me...  although I'm in no way saying that they are infallible.   I will try it all now...

Thanks yet again Lrmoore.

-A
0
 
LVL 28

Expert Comment

by:mikebernhardt
ID: 12202304
>The netmask is incorrect on this line. It should be:
    ip nat pool Nat_pool 205.246.201.252 205.246.201.255 netmask 255.255.255.248

Actually, I believe it should be
    ip nat pool Nat_pool 205.246.201.252 205.246.201.255 netmask 255.255.255.252

This isn't a subnet, it's an address range. But the subnet mask 0.0.0.252 isn't valid in this context.
0
 

Author Comment

by:spiff637
ID: 12204152
okay...  it was the .248 that was throwing me.

You'll love this.   Sprint hadn't turned the routing on there side up yet...    Funny, when someone tells me that the link is fully activated...  I for some reason belive them :-p

Thank you all for your help!!

0

Featured Post

Major Incident Management Communications

Major incidents and IT service outages cost companies millions. Often the solution to minimizing damage is automated communication. Find out more in our Major Incident Management Communications infographic.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
HPE Procurve/Aruba BGP Prepend Route-Map experience? 2 77
Cisco Edge Routers for BGP 6 116
Site cannot be reached ONLY when connected to modem 18 57
Router speed limit 7 105
New Server 172.16.200.2  was moved from behind Router R2 f0/1 to behind router R1 int f/01 and has now address 172.16.100.2. But we want users still to be able to connected to it by old IP. How to do it ? We can used destination NAT (DNAT).  In DNAT…
I have seen some questions on problems with SSH/telnet access to Cisco routers that may occur despite the fact that from a PC connected to your LAN, Internet connectivity is in place and users can access Internet sites without any issues.  There are…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question