Solved

Issues with Nating, CEF and routing...  or maybe just one of the above

Posted on 2004-10-01
4
236 Views
Last Modified: 2010-04-17
Hi all,

       I am currently beating my head against my desk.   I have just been presented 2 t1's going into a 2620 with 2 wic 1t's and one built in fast ethernet.  I am able to ping out from the router, and have confirmed that both lines are up..   but when I try to connect from the private network  (192.168.1.0) I get nothing.    I would also like to hand out DHCP form here, but that is currently the least of my worries.   Any direction would be appricated.   BTW: these 2 t1's are being load balanced by CEF.

Thanks in advance,

Andrew

Building configuration...

Current configuration : 1502 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
enable secret 5
enable password
!
no network-clock-participate slot 1
no network-clock-participate wic 0
no aaa new-model
ip subnet-zero
ip cef
!
!
!
ip name-server 204.117.214.10
no ftp-server write-enable
!
!
!
!
interface FastEthernet0/0
 ip address 192.168.1.1 255.255.255.0
 ip nat inside
 speed 100
 full-duplex
 no mop enabled
!
interface Serial0/0
 ip address 144.223.25.142 255.255.255.252
 ip nat outside
!
interface Serial0/1
 ip address 144.223.28.226 255.255.255.252
 ip nat outside
!
ip default-gateway 144.232.185.125
ip nat pool Nat_pool 205.246.201.252 205.246.201.255 netmask 0.0.0.252
ip nat inside source list 1 pool Nat_pool overload
no ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0
no ip http server
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 110 deny   icmp any any time-exceeded
access-list 110 deny   icmp any any echo-reply
access-list 110 permit ip any any
access-list 110 permit icmp any any
access-list 112 permit ip 208.27.244.0 0.0.0.255 any
access-list 112 permit ip any any
access-list 113 deny   ip 128.0.0.0 0.0.255.255 any
snmp-server community public RO
snmp-server enable traps tty
banner incoming ^CC Unauthorized access of this device is prohibited ^C
!
line con 0
line aux 0
line vty 0 4
 password **********
 login
!
!
!
end
0
Comment
Question by:spiff637
  • 2
4 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 250 total points
ID: 12201484
Suggest changing this:
>  ip route 0.0.0.0 0.0.0.0 Serial0/0

to this - you must have dual default routes to use CEF:
   ip route 0.0.0.0 0.0.0.0 144.223.25.141
   ip route 0.0.0.0 0.0.0.0 144.223.25.125

>ip nat pool Nat_pool 205.246.201.252 205.246.201.255 netmask 0.0.0.252

The netmask is incorrect on this line. It should be:
    ip nat pool Nat_pool 205.246.201.252 205.246.201.255 netmask 255.255.255.248

Reference for CEF:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/switch_c/xcprt2/xcdcefc.htm
http://www.cisco.com/en/US/tech/tk827/tk831/technologies_tech_note09186a0080094806.shtml
0
 

Author Comment

by:spiff637
ID: 12201665
>>ip nat pool Nat_pool 205.246.201.252 205.246.201.255 netmask 0.0.0.252

>The netmask is incorrect on this line. It should be:
    ip nat pool Nat_pool 205.246.201.252 205.246.201.255 netmask 255.255.255.248

Really?   That's exactly what Sprint gave me...  although I'm in no way saying that they are infallible.   I will try it all now...

Thanks yet again Lrmoore.

-A
0
 
LVL 28

Expert Comment

by:mikebernhardt
ID: 12202304
>The netmask is incorrect on this line. It should be:
    ip nat pool Nat_pool 205.246.201.252 205.246.201.255 netmask 255.255.255.248

Actually, I believe it should be
    ip nat pool Nat_pool 205.246.201.252 205.246.201.255 netmask 255.255.255.252

This isn't a subnet, it's an address range. But the subnet mask 0.0.0.252 isn't valid in this context.
0
 

Author Comment

by:spiff637
ID: 12204152
okay...  it was the .248 that was throwing me.

You'll love this.   Sprint hadn't turned the routing on there side up yet...    Funny, when someone tells me that the link is fully activated...  I for some reason belive them :-p

Thank you all for your help!!

0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are two basic ways to configure a static route for Cisco IOS devices. I've written this article to highlight a case study comparing the configuration of a static route using the next-hop IP and the configuration of a static route using an outg…
Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question