We help IT Professionals succeed at work.

Routing/NATing to internet

cuadmin
cuadmin asked
on
We have an internal network setup like this...

192.168.230.0 --> 192.168.240.0 -->192.168.250.0 ---> to main network to internet (192.168.0.0/24)

Normally we don't want any of the 192.168.230.0, 240 and 250 networks to access the internet.
I need to briefly activate a windows server in the 250 network, but can't get to the internet.

I've added NATing for the this subnet on our firewall.
If I try to traceroute to something external, it dies at the route sitting on the 192.168.0.0 & 192.168.250.0 networks.

Any ideas what I am missing?

Thanks,

E.D>
Comment
Watch Question

Don JohnstonInstructor
CERTIFIED EXPERT
Top Expert 2015

Commented:
Does the firewall have a route to the 250.0 network?

Author

Commented:
Yes.
Also, I can PING everything internally, just can't seem to get to the internet from 250.0.

Also, just tried from the router on 192.168.0.x & 192.168.250.x - I can't PING anythingf external either.
I suppose that's my issue. Any idea what I might try on the router? I've tried setting a default gateway...  from the router, I try a traceroute to google.com - nothing.

Any thought?

Thanks! :-)
Don JohnstonInstructor
CERTIFIED EXPERT
Top Expert 2015

Commented:
Can you post the config of the router?

Author

Commented:
Here you go... thanks!
ROUTER1#show config
Using 4252 out of 262136 bytes
!
! Last configuration change at 19:36:57 UTC Thu Nov 3 2011 by admin
! NVRAM config last updated at 19:36:59 UTC Thu Nov 3 2011 by admin
!
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ROUTER1
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
no aaa new-model
!
!
!
!
crypto pki trustpoint TP-self-signed-2230413360
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-2230413360
 revocation-check none
 rsakeypair TP-self-signed-2230413360
!
!
crypto pki certificate chain TP-self-signed-2230413360
 certificate self-signed 01 nvram:IOS-Self-Sig#4.cer
ip source-route
!
!
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool ccp-pool
   import all
   network 10.10.10.0 255.255.255.248
   default-router 10.10.10.1
   lease 0 2
!
!
ip cef
no ip domain lookup
ip domain name yourdomain.com
no ipv6 cef
!
!
multilink bundle-name authenticated
license udi pid CISCO891-K9 sn FGL1536217Q
!
!
username admin privilege 15 secret 5 $1$/pL5$D0KF75w1V31vd6evj/zwJ0
!
!
!
!
!
!
!
!
!
interface FastEthernet0
 !
!
interface FastEthernet1
 !
!
interface FastEthernet2
 !
!
interface FastEthernet3
 !
!
interface FastEthernet4
 !
!
interface FastEthernet5
 !
!
interface FastEthernet6
 !
!
interface FastEthernet7
 !
!
interface FastEthernet8
 no ip address
 duplex auto
 speed auto
 !
!
interface GigabitEthernet0
 ip address 192.168.0.20 255.255.255.0
 duplex auto
 speed auto
 !
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-FE 1$
 ip address 192.168.250.1 255.255.255.0
 ip tcp adjust-mss 1452
 !
!
interface Async1
 no ip address
 encapsulation slip
 !
!
ip default-gateway 192.168.0.2
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip route 12.18.165.2 255.255.255.255 192.168.0.5
ip route 192.168.230.0 255.255.255.0 192.168.250.2
ip route 192.168.240.0 255.255.255.0 192.168.250.2
!
access-list 23 permit any
no cdp run

!
!
!
!
!
!
control-plane
 !
!
banner exec ^C
% Password expiration warning.

!
line con 0
 login local
line 1
 modem InOut
 stopbits 1
 speed 115200
 flowcontrol hardware
line aux 0
line vty 0 4
 access-class 23 in
 privilege level 15
 login local
 transport input telnet ssh
line vty 5 15
 access-class 23 in
 privilege level 15
 login local
 transport input telnet ssh
!
scheduler max-task-time 5000
end

Open in new window

Instructor
CERTIFIED EXPERT
Top Expert 2015
Commented:
You're missing a default route.

ip route 0.0.0.0 0.0.0.0 192.168.0.2

I'm guessing at the next hop address.

Author

Commented:
Great, I'll give that a shot and report back.

Author

Commented:
Works! You're awesome! :-)

Author

Commented:
Thanks! :-)

Explore More ContentExplore courses, solutions, and other research materials related to this topic.