Solved

Cisco Static routing problem

Posted on 2007-03-20
2
205 Views
Last Modified: 2010-08-05
I'm having a routing problem I could use some help with. Here is my network.

       
                                                                            DSL to Internet
                                                                                   |
                                                                                   |
192.168.2.0/24 network----cisco 2600 #1----T1----cisco 2600 #2-----firewall-----192.168.0.0/24


Here are the important details of Cisco 2600 #2 config

interface f/o
ip addr 192.168.0.5 255.255.255.0   (This is the ethernet port that looks at the firewall)
ip nat inside

interface s/0/0
ip addr 192.168.1.1 25 (This is the serial to the T1)
ip nat inside

int f1/0
ip addr 65.xxx.xxx.xxx 255.255.255.128
ip nat outside

ip nat inside source list 1 int f1/0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 65.xxx.xxx.xxx.xxx
ip route 192.168.2.0 255.255.255.0 192.168.1.2

access list 1 permit 192.168.0.0 0.0.3.255

Withe this config I can ping from 192.168.2.0 to the Internet, but not 192.168.0.0/24

Am I missing a route that would allow that? I have bypassed the FW so i don't think that's my problem. Appreceate some help. Thanks.

Rick
0
Comment
Question by:BigfootSunRa
2 Comments
 
LVL 10

Accepted Solution

by:
Sorenson earned 500 total points
ID: 18759037
post "show ip route" from 2600 #1 and 2600 #2 please.
If it is not a routing issue, you may need to exclude the networks from the "overload" statement.

(create new access-list 100)
access-list 100 deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 100 deny ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 100 permit ip 192.168.0.0 0.0.3.255 any

(then attach it to the overload command)
(turn off nat (disrupt internet :)  )  )
========
!
int f1/0
 no ip nat outside
!
do clear ip nat trans *
!
no ip nat inside source list 1 intf1/0 overload
ip nat inside source list 100 intf1/0 overload
!
int f1/0
 ip nat outside
!
==========
access-list 100 will then not allow packets from 192.168.1.x <--> 192.168.2.x to be translated.
all other internet will pick up nat.
0
 

Author Comment

by:BigfootSunRa
ID: 18760325
It looks like I've found the answer. I think it was firewall problem after all. Thanks.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now