Solved

Cisco Static routing problem

Posted on 2007-03-20
2
217 Views
Last Modified: 2010-08-05
I'm having a routing problem I could use some help with. Here is my network.

       
                                                                            DSL to Internet
                                                                                   |
                                                                                   |
192.168.2.0/24 network----cisco 2600 #1----T1----cisco 2600 #2-----firewall-----192.168.0.0/24


Here are the important details of Cisco 2600 #2 config

interface f/o
ip addr 192.168.0.5 255.255.255.0   (This is the ethernet port that looks at the firewall)
ip nat inside

interface s/0/0
ip addr 192.168.1.1 25 (This is the serial to the T1)
ip nat inside

int f1/0
ip addr 65.xxx.xxx.xxx 255.255.255.128
ip nat outside

ip nat inside source list 1 int f1/0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 65.xxx.xxx.xxx.xxx
ip route 192.168.2.0 255.255.255.0 192.168.1.2

access list 1 permit 192.168.0.0 0.0.3.255

Withe this config I can ping from 192.168.2.0 to the Internet, but not 192.168.0.0/24

Am I missing a route that would allow that? I have bypassed the FW so i don't think that's my problem. Appreceate some help. Thanks.

Rick
0
Comment
Question by:BigfootSunRa
2 Comments
 
LVL 10

Accepted Solution

by:
Sorenson earned 500 total points
ID: 18759037
post "show ip route" from 2600 #1 and 2600 #2 please.
If it is not a routing issue, you may need to exclude the networks from the "overload" statement.

(create new access-list 100)
access-list 100 deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 100 deny ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 100 permit ip 192.168.0.0 0.0.3.255 any

(then attach it to the overload command)
(turn off nat (disrupt internet :)  )  )
========
!
int f1/0
 no ip nat outside
!
do clear ip nat trans *
!
no ip nat inside source list 1 intf1/0 overload
ip nat inside source list 100 intf1/0 overload
!
int f1/0
 ip nat outside
!
==========
access-list 100 will then not allow packets from 192.168.1.x <--> 192.168.2.x to be translated.
all other internet will pick up nat.
0
 

Author Comment

by:BigfootSunRa
ID: 18760325
It looks like I've found the answer. I think it was firewall problem after all. Thanks.
0

Featured Post

Resolve Critical IT Incidents Fast

If your data, services or processes become compromised, your organization can suffer damage in just minutes and how fast you communicate during a major IT incident is everything. Learn how to immediately identify incidents & best practices to resolve them quickly and effectively.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

New Server 172.16.200.2  was moved from behind Router R2 f0/1 to behind router R1 int f/01 and has now address 172.16.100.2. But we want users still to be able to connected to it by old IP. How to do it ? We can used destination NAT (DNAT).  In DNAT…
I have seen some questions on problems with SSH/telnet access to Cisco routers that may occur despite the fact that from a PC connected to your LAN, Internet connectivity is in place and users can access Internet sites without any issues.  There are…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question