Solved

Issues with Nating, CEF and routing...  or maybe just one of the above

Posted on 2004-10-01
4
235 Views
Last Modified: 2010-04-17
Hi all,

       I am currently beating my head against my desk.   I have just been presented 2 t1's going into a 2620 with 2 wic 1t's and one built in fast ethernet.  I am able to ping out from the router, and have confirmed that both lines are up..   but when I try to connect from the private network  (192.168.1.0) I get nothing.    I would also like to hand out DHCP form here, but that is currently the least of my worries.   Any direction would be appricated.   BTW: these 2 t1's are being load balanced by CEF.

Thanks in advance,

Andrew

Building configuration...

Current configuration : 1502 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
enable secret 5
enable password
!
no network-clock-participate slot 1
no network-clock-participate wic 0
no aaa new-model
ip subnet-zero
ip cef
!
!
!
ip name-server 204.117.214.10
no ftp-server write-enable
!
!
!
!
interface FastEthernet0/0
 ip address 192.168.1.1 255.255.255.0
 ip nat inside
 speed 100
 full-duplex
 no mop enabled
!
interface Serial0/0
 ip address 144.223.25.142 255.255.255.252
 ip nat outside
!
interface Serial0/1
 ip address 144.223.28.226 255.255.255.252
 ip nat outside
!
ip default-gateway 144.232.185.125
ip nat pool Nat_pool 205.246.201.252 205.246.201.255 netmask 0.0.0.252
ip nat inside source list 1 pool Nat_pool overload
no ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0
no ip http server
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 110 deny   icmp any any time-exceeded
access-list 110 deny   icmp any any echo-reply
access-list 110 permit ip any any
access-list 110 permit icmp any any
access-list 112 permit ip 208.27.244.0 0.0.0.255 any
access-list 112 permit ip any any
access-list 113 deny   ip 128.0.0.0 0.0.255.255 any
snmp-server community public RO
snmp-server enable traps tty
banner incoming ^CC Unauthorized access of this device is prohibited ^C
!
line con 0
line aux 0
line vty 0 4
 password **********
 login
!
!
!
end
0
Comment
Question by:spiff637
  • 2
4 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 250 total points
ID: 12201484
Suggest changing this:
>  ip route 0.0.0.0 0.0.0.0 Serial0/0

to this - you must have dual default routes to use CEF:
   ip route 0.0.0.0 0.0.0.0 144.223.25.141
   ip route 0.0.0.0 0.0.0.0 144.223.25.125

>ip nat pool Nat_pool 205.246.201.252 205.246.201.255 netmask 0.0.0.252

The netmask is incorrect on this line. It should be:
    ip nat pool Nat_pool 205.246.201.252 205.246.201.255 netmask 255.255.255.248

Reference for CEF:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/switch_c/xcprt2/xcdcefc.htm
http://www.cisco.com/en/US/tech/tk827/tk831/technologies_tech_note09186a0080094806.shtml
0
 

Author Comment

by:spiff637
ID: 12201665
>>ip nat pool Nat_pool 205.246.201.252 205.246.201.255 netmask 0.0.0.252

>The netmask is incorrect on this line. It should be:
    ip nat pool Nat_pool 205.246.201.252 205.246.201.255 netmask 255.255.255.248

Really?   That's exactly what Sprint gave me...  although I'm in no way saying that they are infallible.   I will try it all now...

Thanks yet again Lrmoore.

-A
0
 
LVL 28

Expert Comment

by:mikebernhardt
ID: 12202304
>The netmask is incorrect on this line. It should be:
    ip nat pool Nat_pool 205.246.201.252 205.246.201.255 netmask 255.255.255.248

Actually, I believe it should be
    ip nat pool Nat_pool 205.246.201.252 205.246.201.255 netmask 255.255.255.252

This isn't a subnet, it's an address range. But the subnet mask 0.0.0.252 isn't valid in this context.
0
 

Author Comment

by:spiff637
ID: 12204152
okay...  it was the .248 that was throwing me.

You'll love this.   Sprint hadn't turned the routing on there side up yet...    Funny, when someone tells me that the link is fully activated...  I for some reason belive them :-p

Thank you all for your help!!

0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Problem Description:   Couple of months ago we upgraded the ADSL line at our branch office from Home to Business line. The purpose of transforming the service to have static public IP’s. We were in need for public IP’s to publish our web resour…
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question