?
Solved

internet access

Posted on 2006-05-08
24
Medium Priority
?
393 Views
Last Modified: 2009-12-16
Hi, I have a router question:

our company internal LAN is 10.10.10.0/24, workstation with
10.10.10.x
255.255.255.0
10.10.10.1 --- gateway
DNS: 10.10.10.4 ---DNS server ip address

could browse LAN and go internet.

I try to setup a sub LAN with a Cisco 2621 router.
a ethernet cable into F0/1: 10.10.10.74/24
a ethernet cable out from F0/0: 192.168.10.1/24 to a switch.

when I setup a workstation with 192.168.10.5/24 with gateway 192.168.10.1, I could not find internet.

Any suggestion? Thanks.

-R


0
Comment
Question by:robinyanwang
  • 14
  • 10
24 Comments
 

Author Comment

by:robinyanwang
ID: 16632949
from workstation, I can ping 192.168.10.1, 10.10.10.74
can not ping 10.10.10.1...
0
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 1500 total points
ID: 16633468
Does 10.10.10.1 have a route to 192.168.10.0/24 via 10.10.10.74?
0
 

Author Comment

by:robinyanwang
ID: 16633938
no, the thing is I only need setup internet traffic from 192.168.10.x to 192.168.10.1(F0/0) then through 10.10.10.74(F0/1) to 10.10.10.1....
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 43

Expert Comment

by:JFrederick29
ID: 16633970
Understood, but the 10.10.10.1 device will need a route to the 192.168.10.0/24 subnet for the return traffic.
0
 

Author Comment

by:robinyanwang
ID: 16634182
thansk, just asked our ISp to setup the static route..

Hey, I got another one,

Do you know how to set up NAT in router?
say our mail server public IP 65.121.84.199, but it only have a LAN connection 10.10.10.6, how to point 65.121.84.199 to inside 10.10.10.6 and protect this exchange mail server?

thanks a lot!

-R
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 16634199
Also, make sure the 192.168.10.1 router has a default route via 10.10.10.1 and the 10.10.10.1 device will NAT the 192.168.10.0/24 subnet along with the 10.10.10.0/24 subnet.

You need to setup either a Static NAT or forward the mail port to the inside address.  Your ISP will need to set this up on the 10.10.10.1 device as well.
0
 

Author Comment

by:robinyanwang
ID: 16635142
do you kow why my time always back to 1993...

clock set 15:40:00 8 May 2006
sh cl
wr mem
reload
...
...

sh clock
*00:00:36.067 UTC Mon Mar 1 1993
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 16638363
That's normal operation.  The router does not maintain the clock settings on reload.  You can implement NTP services on the router to keep time in sync.
0
 

Author Comment

by:robinyanwang
ID: 16650565
Hi, I have ISP setup a static route in 10.10.10.0 to route 192.168.10.0 through 10.10.10.74.

NOW, in workstation A (IP:10.10.10.125/24, Gateway:10.10.10.1, DNS:10.10.10.4), I go interent and ping 192.168.10.1 and 192.168.10.100
in workstation B (IP:192.168.10.100/24, Gateway:192.168.10.1), I  ping 10.10.10.1...BUT I can not go internet even by just IP address.

I try to ping 66.102.7.104(IP of google) from workstation B, got "Reply from 192.168.10.1, Destination host unreachable"

Could you please help?
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 16650643
Make sure the 192.168.10.1 router has a default route via 10.10.10.1.

ip route 0.0.0.0 0.0.0.0 10.10.10.1
0
 

Author Comment

by:robinyanwang
ID: 16650897
still not working, here is show IP route..


C    192.168.10.0/24 is directly connected, FastEthernet0/0
     10.0.0.0/24 is subnetted, 1 subnets
C       10.10.10.0 is directly connected, FastEthernet0/1
S*   0.0.0.0/0 [1/0] via 10.10.10.1
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 16650918
You also need to make sure the 10.10.10.1 device is NAT'ing the 192.168.10.0/24 subnet to an Internet routable address.
0
 

Author Comment

by:robinyanwang
ID: 16650981
how to do that? in which router and what syntax I need to use?

thank you very much for helping me...I am a new guy in router...
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 16651706
In the 10.10.10.1 router you need to make sure it is NAT'ing the 192.168.10.0/24 subnet along with the 10.10.10.0/24 subnet.  From previous discussion it sounds like your ISP manages that router, they will know what to do.
0
 

Author Comment

by:robinyanwang
ID: 16652598
I have a CCNA book and found out it does not cover these topic.

so do you know these information is in CCNP or CCDA or CCDP? maybe I should order some books to read first instead of asking simple question here...Thanks for your help again!

BTW, which level you are since you are expert here? Do you have interests in doing a project for our company?
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 16652684
The CCNP covers NAT and the command set or you can search and read articles on Cisco's site such as:

http://www.cisco.com/warp/public/556/12.html

>BTW, which level you are since you are expert here? Do you have interests in doing a project for our company?
If you look at my profile, you'll see the certificates I hold.  Thanks for the offer but I'm a little tied up with things right now :)
0
 

Author Comment

by:robinyanwang
ID: 16686510
IOS (tm) C2600 Software (C2600-C-M), Version 12.0(3)T3,  RELEASE SOFTWARE (fc1)

Do I need upgrade IOS for my 2621? If needed, where could I downlad the new release?

thanks.
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 16689717
It couldn't hurt to upgrade the IOS but it isn't necessary.  You need a CCO ID on Cisco's site to download software.  You can get a CCO ID by having a SmartNet contract on your equipment.
0
 

Author Comment

by:robinyanwang
ID: 16705162
Hi, Could you please take a look below is right? which should give LAN 10.10.10.0 workstations access outside internet through xxx.xxx.xxx.58)


interface FastEthernet0/0
 ip address 10.10.10.1 255.255.255.0
 no ip directed-broadcast
 ip nat inside
!
interface FastEthernet0/1
 ip address xxx.xxx.xxx.58 255.255.255.248
 no ip directed-broadcast
 ip nat outside

access-list 1 permit 10.10.10.0 0.0.0.255
ip nat pool INTERNET xxx.xxx.xxx.58 xxx.xxx.xxx.58 netmask 255.255.255.0
ip nat inside source list 1 pool INTERNET overload
ip classless
no ip http server
!
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 16708567
Add this and you should be in business.

access-list 1 permit 192.168.10.0 0.0.0.255
0
 

Author Comment

by:robinyanwang
ID: 16710550
ok, Thank you!

Since I will use live network, I will test it after work...which time zone you are in?
I am in PST...
0
 

Author Comment

by:robinyanwang
ID: 16711354
Hi JFrederick29, thanks you very much for all the help!

I bought the books and also have some configuration of the current Cisco 2611 router (from one of our ISP, let call it Router Sprint). Since we will not use the service from Sprint and they will take the Router Sprint away, I have to build it by myself.

here is the detail information before:
two ISPs:
Sprint - T1 connection for VPN tunnel to remote offices
Local - 5M Fiber connection with x.x.x.56/29 and x.x.x.192/28, the /28 is route by Local ISP to x.x.x.58 which is the F0/1 of the Router Sprint.
BTW, F0/1 also has x.x.x.193 as 2nd IP address.

Since should be no Sprint soon, I need build a Router Local by myself  just for basic part without VPN tunnel.

In Router Local, we want:

inernet access from LAN 10.10.10.0/24 go through 10.10.10.1 (F0/0) and out through x.x.x.58 (F0/1)
NAT 10.10.10.4 (exchange mail) to x.x.x.194 and protect it by access list
make x.x.x.196 (FTP server) go through

in the DMZ level is /29, that is why the /28 block is route to .58 and F0/1 has two IPs .58 and .193


Thanks.

-R
0
 

Author Comment

by:robinyanwang
ID: 16714773
hi, when I connect f0/0 and f0/1 to lan and wan, I could not ping f0/1, but i could ping f0/0

I checked , both line protocol is up
0
 

Author Comment

by:robinyanwang
ID: 16719709
!
interface FastEthernet0/0
 description To LAN 10.10.10.0/24
 ip address 10.10.10.2 255.255.255.0
 no ip directed-broadcast
 ip nat inside
 load-interval 30
!
interface FastEthernet0/1
 description To WAN x.x.x.56/29
 ip address x.x.x.59 255.255.255.248
 ip access-group 103 in
 no ip directed-broadcast
 ip nat outside
 load-interval 30
!


2621#ping 10.10.10.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
2621#ping x.x.x.59

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to x.x.x.59, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

FastEthernet0/1 is up, line protocol is up
  Hardware is AmdFE, address is 00d0.0606.5341 (bia 00d0.0606.5341)
  Description: To WAN x.x.x.56/29
  Internet address is x.x.x..59/29
  MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
     reliablility 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 100Mb/s, 100BaseTX/FX
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:06, output 00:00:00, output hang never
  Last clearing of "show interface" counters never
  Queueing strategy: fifo
  Output queue 0/40, 0 drops; input queue 0/75, 0 drops
  30 second input rate 0 bits/sec, 0 packets/sec
  30 second output rate 0 bits/sec, 0 packets/sec
     131 packets input, 14617 bytes
     Received 26 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 0 multicast
     0 input packets with dribble condition detected
     5513 packets output, 344296 bytes, 0 underruns
     0 output errors, 0 collisions, 2 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier
     0 output buffer failures, 0 output buffers swapped out
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen some questions on problems with SSH/telnet access to Cisco routers that may occur despite the fact that from a PC connected to your LAN, Internet connectivity is in place and users can access Internet sites without any issues.  There are…
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

612 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question