Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 244
  • Last Modified:

Issues with Nating, CEF and routing... or maybe just one of the above

Hi all,

       I am currently beating my head against my desk.   I have just been presented 2 t1's going into a 2620 with 2 wic 1t's and one built in fast ethernet.  I am able to ping out from the router, and have confirmed that both lines are up..   but when I try to connect from the private network  (192.168.1.0) I get nothing.    I would also like to hand out DHCP form here, but that is currently the least of my worries.   Any direction would be appricated.   BTW: these 2 t1's are being load balanced by CEF.

Thanks in advance,

Andrew

Building configuration...

Current configuration : 1502 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
enable secret 5
enable password
!
no network-clock-participate slot 1
no network-clock-participate wic 0
no aaa new-model
ip subnet-zero
ip cef
!
!
!
ip name-server 204.117.214.10
no ftp-server write-enable
!
!
!
!
interface FastEthernet0/0
 ip address 192.168.1.1 255.255.255.0
 ip nat inside
 speed 100
 full-duplex
 no mop enabled
!
interface Serial0/0
 ip address 144.223.25.142 255.255.255.252
 ip nat outside
!
interface Serial0/1
 ip address 144.223.28.226 255.255.255.252
 ip nat outside
!
ip default-gateway 144.232.185.125
ip nat pool Nat_pool 205.246.201.252 205.246.201.255 netmask 0.0.0.252
ip nat inside source list 1 pool Nat_pool overload
no ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0
no ip http server
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 110 deny   icmp any any time-exceeded
access-list 110 deny   icmp any any echo-reply
access-list 110 permit ip any any
access-list 110 permit icmp any any
access-list 112 permit ip 208.27.244.0 0.0.0.255 any
access-list 112 permit ip any any
access-list 113 deny   ip 128.0.0.0 0.0.255.255 any
snmp-server community public RO
snmp-server enable traps tty
banner incoming ^CC Unauthorized access of this device is prohibited ^C
!
line con 0
line aux 0
line vty 0 4
 password **********
 login
!
!
!
end
0
spiff637
Asked:
spiff637
  • 2
1 Solution
 
lrmooreCommented:
Suggest changing this:
>  ip route 0.0.0.0 0.0.0.0 Serial0/0

to this - you must have dual default routes to use CEF:
   ip route 0.0.0.0 0.0.0.0 144.223.25.141
   ip route 0.0.0.0 0.0.0.0 144.223.25.125

>ip nat pool Nat_pool 205.246.201.252 205.246.201.255 netmask 0.0.0.252

The netmask is incorrect on this line. It should be:
    ip nat pool Nat_pool 205.246.201.252 205.246.201.255 netmask 255.255.255.248

Reference for CEF:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/switch_c/xcprt2/xcdcefc.htm
http://www.cisco.com/en/US/tech/tk827/tk831/technologies_tech_note09186a0080094806.shtml
0
 
spiff637Author Commented:
>>ip nat pool Nat_pool 205.246.201.252 205.246.201.255 netmask 0.0.0.252

>The netmask is incorrect on this line. It should be:
    ip nat pool Nat_pool 205.246.201.252 205.246.201.255 netmask 255.255.255.248

Really?   That's exactly what Sprint gave me...  although I'm in no way saying that they are infallible.   I will try it all now...

Thanks yet again Lrmoore.

-A
0
 
mikebernhardtCommented:
>The netmask is incorrect on this line. It should be:
    ip nat pool Nat_pool 205.246.201.252 205.246.201.255 netmask 255.255.255.248

Actually, I believe it should be
    ip nat pool Nat_pool 205.246.201.252 205.246.201.255 netmask 255.255.255.252

This isn't a subnet, it's an address range. But the subnet mask 0.0.0.252 isn't valid in this context.
0
 
spiff637Author Commented:
okay...  it was the .248 that was throwing me.

You'll love this.   Sprint hadn't turned the routing on there side up yet...    Funny, when someone tells me that the link is fully activated...  I for some reason belive them :-p

Thank you all for your help!!

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now