Solved

Issues with Nating, CEF and routing...  or maybe just one of the above

Posted on 2004-10-01
4
233 Views
Last Modified: 2010-04-17
Hi all,

       I am currently beating my head against my desk.   I have just been presented 2 t1's going into a 2620 with 2 wic 1t's and one built in fast ethernet.  I am able to ping out from the router, and have confirmed that both lines are up..   but when I try to connect from the private network  (192.168.1.0) I get nothing.    I would also like to hand out DHCP form here, but that is currently the least of my worries.   Any direction would be appricated.   BTW: these 2 t1's are being load balanced by CEF.

Thanks in advance,

Andrew

Building configuration...

Current configuration : 1502 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
enable secret 5
enable password
!
no network-clock-participate slot 1
no network-clock-participate wic 0
no aaa new-model
ip subnet-zero
ip cef
!
!
!
ip name-server 204.117.214.10
no ftp-server write-enable
!
!
!
!
interface FastEthernet0/0
 ip address 192.168.1.1 255.255.255.0
 ip nat inside
 speed 100
 full-duplex
 no mop enabled
!
interface Serial0/0
 ip address 144.223.25.142 255.255.255.252
 ip nat outside
!
interface Serial0/1
 ip address 144.223.28.226 255.255.255.252
 ip nat outside
!
ip default-gateway 144.232.185.125
ip nat pool Nat_pool 205.246.201.252 205.246.201.255 netmask 0.0.0.252
ip nat inside source list 1 pool Nat_pool overload
no ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0
no ip http server
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 110 deny   icmp any any time-exceeded
access-list 110 deny   icmp any any echo-reply
access-list 110 permit ip any any
access-list 110 permit icmp any any
access-list 112 permit ip 208.27.244.0 0.0.0.255 any
access-list 112 permit ip any any
access-list 113 deny   ip 128.0.0.0 0.0.255.255 any
snmp-server community public RO
snmp-server enable traps tty
banner incoming ^CC Unauthorized access of this device is prohibited ^C
!
line con 0
line aux 0
line vty 0 4
 password **********
 login
!
!
!
end
0
Comment
Question by:spiff637
  • 2
4 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 250 total points
Comment Utility
Suggest changing this:
>  ip route 0.0.0.0 0.0.0.0 Serial0/0

to this - you must have dual default routes to use CEF:
   ip route 0.0.0.0 0.0.0.0 144.223.25.141
   ip route 0.0.0.0 0.0.0.0 144.223.25.125

>ip nat pool Nat_pool 205.246.201.252 205.246.201.255 netmask 0.0.0.252

The netmask is incorrect on this line. It should be:
    ip nat pool Nat_pool 205.246.201.252 205.246.201.255 netmask 255.255.255.248

Reference for CEF:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/switch_c/xcprt2/xcdcefc.htm
http://www.cisco.com/en/US/tech/tk827/tk831/technologies_tech_note09186a0080094806.shtml
0
 

Author Comment

by:spiff637
Comment Utility
>>ip nat pool Nat_pool 205.246.201.252 205.246.201.255 netmask 0.0.0.252

>The netmask is incorrect on this line. It should be:
    ip nat pool Nat_pool 205.246.201.252 205.246.201.255 netmask 255.255.255.248

Really?   That's exactly what Sprint gave me...  although I'm in no way saying that they are infallible.   I will try it all now...

Thanks yet again Lrmoore.

-A
0
 
LVL 28

Expert Comment

by:mikebernhardt
Comment Utility
>The netmask is incorrect on this line. It should be:
    ip nat pool Nat_pool 205.246.201.252 205.246.201.255 netmask 255.255.255.248

Actually, I believe it should be
    ip nat pool Nat_pool 205.246.201.252 205.246.201.255 netmask 255.255.255.252

This isn't a subnet, it's an address range. But the subnet mask 0.0.0.252 isn't valid in this context.
0
 

Author Comment

by:spiff637
Comment Utility
okay...  it was the .248 that was throwing me.

You'll love this.   Sprint hadn't turned the routing on there side up yet...    Funny, when someone tells me that the link is fully activated...  I for some reason belive them :-p

Thank you all for your help!!

0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Suggested Solutions

In a WLAN, anything you broadcast over the air can be intercepted.  By default a wireless network is wide open to all until security is configured. Even when security is configured information can still be intercepted! It is very important that you …
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now