• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 395
  • Last Modified:

internet access

Hi, I have a router question:

our company internal LAN is 10.10.10.0/24, workstation with
10.10.10.x
255.255.255.0
10.10.10.1 --- gateway
DNS: 10.10.10.4 ---DNS server ip address

could browse LAN and go internet.

I try to setup a sub LAN with a Cisco 2621 router.
a ethernet cable into F0/1: 10.10.10.74/24
a ethernet cable out from F0/0: 192.168.10.1/24 to a switch.

when I setup a workstation with 192.168.10.5/24 with gateway 192.168.10.1, I could not find internet.

Any suggestion? Thanks.

-R


0
robinyanwang
Asked:
robinyanwang
  • 14
  • 10
1 Solution
 
robinyanwangAuthor Commented:
from workstation, I can ping 192.168.10.1, 10.10.10.74
can not ping 10.10.10.1...
0
 
JFrederick29Commented:
Does 10.10.10.1 have a route to 192.168.10.0/24 via 10.10.10.74?
0
 
robinyanwangAuthor Commented:
no, the thing is I only need setup internet traffic from 192.168.10.x to 192.168.10.1(F0/0) then through 10.10.10.74(F0/1) to 10.10.10.1....
0
Cloud Class® Course: CompTIA Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

 
JFrederick29Commented:
Understood, but the 10.10.10.1 device will need a route to the 192.168.10.0/24 subnet for the return traffic.
0
 
robinyanwangAuthor Commented:
thansk, just asked our ISp to setup the static route..

Hey, I got another one,

Do you know how to set up NAT in router?
say our mail server public IP 65.121.84.199, but it only have a LAN connection 10.10.10.6, how to point 65.121.84.199 to inside 10.10.10.6 and protect this exchange mail server?

thanks a lot!

-R
0
 
JFrederick29Commented:
Also, make sure the 192.168.10.1 router has a default route via 10.10.10.1 and the 10.10.10.1 device will NAT the 192.168.10.0/24 subnet along with the 10.10.10.0/24 subnet.

You need to setup either a Static NAT or forward the mail port to the inside address.  Your ISP will need to set this up on the 10.10.10.1 device as well.
0
 
robinyanwangAuthor Commented:
do you kow why my time always back to 1993...

clock set 15:40:00 8 May 2006
sh cl
wr mem
reload
...
...

sh clock
*00:00:36.067 UTC Mon Mar 1 1993
0
 
JFrederick29Commented:
That's normal operation.  The router does not maintain the clock settings on reload.  You can implement NTP services on the router to keep time in sync.
0
 
robinyanwangAuthor Commented:
Hi, I have ISP setup a static route in 10.10.10.0 to route 192.168.10.0 through 10.10.10.74.

NOW, in workstation A (IP:10.10.10.125/24, Gateway:10.10.10.1, DNS:10.10.10.4), I go interent and ping 192.168.10.1 and 192.168.10.100
in workstation B (IP:192.168.10.100/24, Gateway:192.168.10.1), I  ping 10.10.10.1...BUT I can not go internet even by just IP address.

I try to ping 66.102.7.104(IP of google) from workstation B, got "Reply from 192.168.10.1, Destination host unreachable"

Could you please help?
0
 
JFrederick29Commented:
Make sure the 192.168.10.1 router has a default route via 10.10.10.1.

ip route 0.0.0.0 0.0.0.0 10.10.10.1
0
 
robinyanwangAuthor Commented:
still not working, here is show IP route..


C    192.168.10.0/24 is directly connected, FastEthernet0/0
     10.0.0.0/24 is subnetted, 1 subnets
C       10.10.10.0 is directly connected, FastEthernet0/1
S*   0.0.0.0/0 [1/0] via 10.10.10.1
0
 
JFrederick29Commented:
You also need to make sure the 10.10.10.1 device is NAT'ing the 192.168.10.0/24 subnet to an Internet routable address.
0
 
robinyanwangAuthor Commented:
how to do that? in which router and what syntax I need to use?

thank you very much for helping me...I am a new guy in router...
0
 
JFrederick29Commented:
In the 10.10.10.1 router you need to make sure it is NAT'ing the 192.168.10.0/24 subnet along with the 10.10.10.0/24 subnet.  From previous discussion it sounds like your ISP manages that router, they will know what to do.
0
 
robinyanwangAuthor Commented:
I have a CCNA book and found out it does not cover these topic.

so do you know these information is in CCNP or CCDA or CCDP? maybe I should order some books to read first instead of asking simple question here...Thanks for your help again!

BTW, which level you are since you are expert here? Do you have interests in doing a project for our company?
0
 
JFrederick29Commented:
The CCNP covers NAT and the command set or you can search and read articles on Cisco's site such as:

http://www.cisco.com/warp/public/556/12.html

>BTW, which level you are since you are expert here? Do you have interests in doing a project for our company?
If you look at my profile, you'll see the certificates I hold.  Thanks for the offer but I'm a little tied up with things right now :)
0
 
robinyanwangAuthor Commented:
IOS (tm) C2600 Software (C2600-C-M), Version 12.0(3)T3,  RELEASE SOFTWARE (fc1)

Do I need upgrade IOS for my 2621? If needed, where could I downlad the new release?

thanks.
0
 
JFrederick29Commented:
It couldn't hurt to upgrade the IOS but it isn't necessary.  You need a CCO ID on Cisco's site to download software.  You can get a CCO ID by having a SmartNet contract on your equipment.
0
 
robinyanwangAuthor Commented:
Hi, Could you please take a look below is right? which should give LAN 10.10.10.0 workstations access outside internet through xxx.xxx.xxx.58)


interface FastEthernet0/0
 ip address 10.10.10.1 255.255.255.0
 no ip directed-broadcast
 ip nat inside
!
interface FastEthernet0/1
 ip address xxx.xxx.xxx.58 255.255.255.248
 no ip directed-broadcast
 ip nat outside

access-list 1 permit 10.10.10.0 0.0.0.255
ip nat pool INTERNET xxx.xxx.xxx.58 xxx.xxx.xxx.58 netmask 255.255.255.0
ip nat inside source list 1 pool INTERNET overload
ip classless
no ip http server
!
0
 
JFrederick29Commented:
Add this and you should be in business.

access-list 1 permit 192.168.10.0 0.0.0.255
0
 
robinyanwangAuthor Commented:
ok, Thank you!

Since I will use live network, I will test it after work...which time zone you are in?
I am in PST...
0
 
robinyanwangAuthor Commented:
Hi JFrederick29, thanks you very much for all the help!

I bought the books and also have some configuration of the current Cisco 2611 router (from one of our ISP, let call it Router Sprint). Since we will not use the service from Sprint and they will take the Router Sprint away, I have to build it by myself.

here is the detail information before:
two ISPs:
Sprint - T1 connection for VPN tunnel to remote offices
Local - 5M Fiber connection with x.x.x.56/29 and x.x.x.192/28, the /28 is route by Local ISP to x.x.x.58 which is the F0/1 of the Router Sprint.
BTW, F0/1 also has x.x.x.193 as 2nd IP address.

Since should be no Sprint soon, I need build a Router Local by myself  just for basic part without VPN tunnel.

In Router Local, we want:

inernet access from LAN 10.10.10.0/24 go through 10.10.10.1 (F0/0) and out through x.x.x.58 (F0/1)
NAT 10.10.10.4 (exchange mail) to x.x.x.194 and protect it by access list
make x.x.x.196 (FTP server) go through

in the DMZ level is /29, that is why the /28 block is route to .58 and F0/1 has two IPs .58 and .193


Thanks.

-R
0
 
robinyanwangAuthor Commented:
hi, when I connect f0/0 and f0/1 to lan and wan, I could not ping f0/1, but i could ping f0/0

I checked , both line protocol is up
0
 
robinyanwangAuthor Commented:
!
interface FastEthernet0/0
 description To LAN 10.10.10.0/24
 ip address 10.10.10.2 255.255.255.0
 no ip directed-broadcast
 ip nat inside
 load-interval 30
!
interface FastEthernet0/1
 description To WAN x.x.x.56/29
 ip address x.x.x.59 255.255.255.248
 ip access-group 103 in
 no ip directed-broadcast
 ip nat outside
 load-interval 30
!


2621#ping 10.10.10.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
2621#ping x.x.x.59

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to x.x.x.59, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

FastEthernet0/1 is up, line protocol is up
  Hardware is AmdFE, address is 00d0.0606.5341 (bia 00d0.0606.5341)
  Description: To WAN x.x.x.56/29
  Internet address is x.x.x..59/29
  MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
     reliablility 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 100Mb/s, 100BaseTX/FX
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:06, output 00:00:00, output hang never
  Last clearing of "show interface" counters never
  Queueing strategy: fifo
  Output queue 0/40, 0 drops; input queue 0/75, 0 drops
  30 second input rate 0 bits/sec, 0 packets/sec
  30 second output rate 0 bits/sec, 0 packets/sec
     131 packets input, 14617 bytes
     Received 26 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 0 multicast
     0 input packets with dribble condition detected
     5513 packets output, 344296 bytes, 0 underruns
     0 output errors, 0 collisions, 2 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier
     0 output buffer failures, 0 output buffers swapped out
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

  • 14
  • 10
Tackle projects and never again get stuck behind a technical roadblock.
Join Now