Solved

Urgent Assistance Needed with CISCO 2600 with NAT/DHCP

Posted on 2012-03-31
6
467 Views
Last Modified: 2012-06-21
Where does the DHCP and NAT go ? Is this considered Double NAT ? I just want my LAN to gain access to the Internet.

R1 is able to obtain its IP from ISP via DHCP. R1 is also able to Ping domain names so DNS works great! The problem is - I have R2 connected directly to it - and then the network is attached to R2.

Where do I setup the NAT on this particular network ? I have tried many variations .. even used static IP's to eliminate LAN DHCP being an issue. Any assistance would be appreciated!

Cable  Modem  | E/0/0
                    (R1)| E0/0 ip add dhcp
R1 (only has 1 ethernet, so connect to another router instead of switch)
  (R1)                 |S0/0 192.168.1.1 ip nat inside
                            R2
  (R2)                 |S0/0 192.168.1.2 ip nat outside
  (R2)                 |E0/0 192.168.2.1
                          Switch
(SW1                 |int vlan 1 192.168.2.2
Switch
 /    |   \
/     |    \
3 laptops of 192.168.2.3 - 5
0
Comment
Question by:CiscoNinja
  • 4
  • 2
6 Comments
 
LVL 5

Expert Comment

by:andrew1812
ID: 37792251
Perform these tests

1. From the laptop, ping 192.168.1.2 - Are you receiving a response ?

2. From the laptop , ping 192.168.1.1 - Are you receiving a response ?

3. Ensure that the laptops are configured for appropriate DNS settings.

Now NAT

Your ip nat outside command should be applied on the interface on which the ISP has provided the public IP - E0
IP Nat inside should be on 192.168.1.1.

Once the NAT is performed, ensure that a default route is configured on the route *R1* ip route 0.0.0.0 0.0.0.0 "Gateway IP provided by ISP"

Test internet

(Note: If the above NAT config does not work, setup additional nat on R2 , where the 192.168.2.0 network interface is setup as ip nat inside and 192.168.1.0 interface is setup as ip nat inside. This should be performed without removing the nat config on R1)
0
 

Author Comment

by:CiscoNinja
ID: 37792293
Thanks Andrew

If this works I will renew my membership.
I need to confirm the Theory is correct before I apply it.

Ok so NAT Outside goes on the Interface that received the IP Address on R1 from ISP. Ok.
Then the NAT Inside goes onto the Serial Cable connected R1 to R2. Ok

1) Now the Ethernet Interface on R2, does that need additional NAT settings applied, or will the NAT traverse from 192.168.1.1 all the way to a different network 192.168.2.1 on the LAN ?

2) Where does the DHCP for the lan go in best practice ?  

As long as the LAN computers can ping R1 and appear in NAT Translations, I can easily resolve the rest. Thanks Really appreciate it and looking forward to your reply so I can finally have this resolved

Can you confirm this is correct in Theory before I apply it ?

Cable  Modem  | E/0/0
                    (R1)| E0/0 ip add dhcp (Nat Outside)
R1 (only has 1 ethernet, so connect to another router instead of switch)
  (R1)                 |S0/0 192.168.1.1 ip (Nat Inside)
                            R2
  (R2)                 |S0/0 192.168.1.2
  (R2)                 |E0/0 192.168.2.1
                          Switch
(SW1                 |int vlan 1 192.168.2.2
Switch
 /    |   \
/     |    \
3 laptops of 192.168.2.3 - 5
0
 
LVL 5

Accepted Solution

by:
andrew1812 earned 500 total points
ID: 37792304
My understanding of your network.

1. R1 has Two interfaces - Ethernet is connected to cable modem , Serial interface is connected to R2

2. R2 has two interfaces- Serial is connected to R1 and Ethernet is connected to switch to which laptops are setup.


This is how the traffic would flow when a user on the laptop accesses a Server which is residing on the internet.

1. User constructs a packet with destination IP as that of the servers IP address. The source IP would be laptops IP.

2. When the packet reaches R2, it would be routed to 192.168.1.1 (R1), which is the serial IP of R1, from where the packet would be sent to the internet.

Your questions

1) Now the Ethernet Interface on R2, does that need additional NAT settings applied, or will the NAT traverse from 192.168.1.1 all the way to a different network 192.168.2.1 on the LAN ?

Answer.

We are applying NAT on serial interface of R1( ip nat inside). Due to this, all the packets which are inbound to R1 ( Ex: packets originating from laptop), would be inspected by the router for the source IP address that belongs to the 192.168.1.0/24 network. If the router internally is doing this in it's design , you would need to apply ip nat inside on the ethernet interface of R2 and ip nat outside on serial interface of R1 so that the packets originating from the laptops are nat translatted before it reaches R1 and the source IP would be in the 192.168.1.0/24 network (In this case, 192.168.1.2, which is R2's IP address after translation. )

Now this is a scenario which you can test after you first enable nat alone on R1 as I had mentioned in my earlier comment. This is because some routers apply NAT to all packets on the interface where NAT is applied ( In your case, ip nat inside on serial of R1).

2) Where does the DHCP for the lan go in best practice ?  

Your DHCP for providing IP address for the laptop computers should be setup on R2 or a separate DHCP server can be setup on the switch.
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 5

Expert Comment

by:andrew1812
ID: 37792321
If the above solution is confusing try this simpler alternative for achieving the solution

1. Ensure that you are able to ping 192.168.2.0 network from R1 ( If it is not working, setup a route with the command 192.168.2.0 255.255.255.0 192.168.1.2 on R1)

2. Ensure that NAT is setup on R1 ( as in my first comment ) and ignore NAT on R2

3. Ensure that laptops are able to reach 192.168.1.1. The gateway of the laptops should be 192.168.2.1 and DNS should be appropriate address.

4. Ensure that default route is setup on R1 and R2 ( On R2, ip route 0.0.0.0 0.0.0.0 192.168.1.1 and on R1 ip route 0.0.0.0 0.0.0.0 "Gateway IP provided by ISP")

5. Once the above steps are ensured, you should be able to access internet.
0
 

Author Comment

by:CiscoNinja
ID: 37792386
Cheers Andrew

Yes All Up & Working.

I just completely underestimated the power of NAT .. I can see now its the access-list source that can open it up to LANS that are not directly connected.

Excellent work. The term 'Double NAT' which I have seen thrown around threw me off.

Thanks Again.
0
 
LVL 5

Expert Comment

by:andrew1812
ID: 37792404
Your Welcome
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

this article is a guided solution for most of the common server issues in server hardware tasks we are facing in our routine job works. the topics in the following article covered are, 1) dell hardware raidlevel (Perc) 2) adding HDD 3) how t…
When it comes to showing a 404 error page to your visitors, you do not want that generic page to show, and you especially do not want your hosting provider’s ad error page to show either. In this article, I will show you how to enable the custom 40…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question