Solved

Urgent Assistance Needed with CISCO 2600 with NAT/DHCP

Posted on 2012-03-31
6
485 Views
Last Modified: 2012-06-21
Where does the DHCP and NAT go ? Is this considered Double NAT ? I just want my LAN to gain access to the Internet.

R1 is able to obtain its IP from ISP via DHCP. R1 is also able to Ping domain names so DNS works great! The problem is - I have R2 connected directly to it - and then the network is attached to R2.

Where do I setup the NAT on this particular network ? I have tried many variations .. even used static IP's to eliminate LAN DHCP being an issue. Any assistance would be appreciated!

Cable  Modem  | E/0/0
                    (R1)| E0/0 ip add dhcp
R1 (only has 1 ethernet, so connect to another router instead of switch)
  (R1)                 |S0/0 192.168.1.1 ip nat inside
                            R2
  (R2)                 |S0/0 192.168.1.2 ip nat outside
  (R2)                 |E0/0 192.168.2.1
                          Switch
(SW1                 |int vlan 1 192.168.2.2
Switch
 /    |   \
/     |    \
3 laptops of 192.168.2.3 - 5
0
Comment
Question by:CiscoNinja
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 
LVL 5

Expert Comment

by:andrew1812
ID: 37792251
Perform these tests

1. From the laptop, ping 192.168.1.2 - Are you receiving a response ?

2. From the laptop , ping 192.168.1.1 - Are you receiving a response ?

3. Ensure that the laptops are configured for appropriate DNS settings.

Now NAT

Your ip nat outside command should be applied on the interface on which the ISP has provided the public IP - E0
IP Nat inside should be on 192.168.1.1.

Once the NAT is performed, ensure that a default route is configured on the route *R1* ip route 0.0.0.0 0.0.0.0 "Gateway IP provided by ISP"

Test internet

(Note: If the above NAT config does not work, setup additional nat on R2 , where the 192.168.2.0 network interface is setup as ip nat inside and 192.168.1.0 interface is setup as ip nat inside. This should be performed without removing the nat config on R1)
0
 

Author Comment

by:CiscoNinja
ID: 37792293
Thanks Andrew

If this works I will renew my membership.
I need to confirm the Theory is correct before I apply it.

Ok so NAT Outside goes on the Interface that received the IP Address on R1 from ISP. Ok.
Then the NAT Inside goes onto the Serial Cable connected R1 to R2. Ok

1) Now the Ethernet Interface on R2, does that need additional NAT settings applied, or will the NAT traverse from 192.168.1.1 all the way to a different network 192.168.2.1 on the LAN ?

2) Where does the DHCP for the lan go in best practice ?  

As long as the LAN computers can ping R1 and appear in NAT Translations, I can easily resolve the rest. Thanks Really appreciate it and looking forward to your reply so I can finally have this resolved

Can you confirm this is correct in Theory before I apply it ?

Cable  Modem  | E/0/0
                    (R1)| E0/0 ip add dhcp (Nat Outside)
R1 (only has 1 ethernet, so connect to another router instead of switch)
  (R1)                 |S0/0 192.168.1.1 ip (Nat Inside)
                            R2
  (R2)                 |S0/0 192.168.1.2
  (R2)                 |E0/0 192.168.2.1
                          Switch
(SW1                 |int vlan 1 192.168.2.2
Switch
 /    |   \
/     |    \
3 laptops of 192.168.2.3 - 5
0
 
LVL 5

Accepted Solution

by:
andrew1812 earned 500 total points
ID: 37792304
My understanding of your network.

1. R1 has Two interfaces - Ethernet is connected to cable modem , Serial interface is connected to R2

2. R2 has two interfaces- Serial is connected to R1 and Ethernet is connected to switch to which laptops are setup.


This is how the traffic would flow when a user on the laptop accesses a Server which is residing on the internet.

1. User constructs a packet with destination IP as that of the servers IP address. The source IP would be laptops IP.

2. When the packet reaches R2, it would be routed to 192.168.1.1 (R1), which is the serial IP of R1, from where the packet would be sent to the internet.

Your questions

1) Now the Ethernet Interface on R2, does that need additional NAT settings applied, or will the NAT traverse from 192.168.1.1 all the way to a different network 192.168.2.1 on the LAN ?

Answer.

We are applying NAT on serial interface of R1( ip nat inside). Due to this, all the packets which are inbound to R1 ( Ex: packets originating from laptop), would be inspected by the router for the source IP address that belongs to the 192.168.1.0/24 network. If the router internally is doing this in it's design , you would need to apply ip nat inside on the ethernet interface of R2 and ip nat outside on serial interface of R1 so that the packets originating from the laptops are nat translatted before it reaches R1 and the source IP would be in the 192.168.1.0/24 network (In this case, 192.168.1.2, which is R2's IP address after translation. )

Now this is a scenario which you can test after you first enable nat alone on R1 as I had mentioned in my earlier comment. This is because some routers apply NAT to all packets on the interface where NAT is applied ( In your case, ip nat inside on serial of R1).

2) Where does the DHCP for the lan go in best practice ?  

Your DHCP for providing IP address for the laptop computers should be setup on R2 or a separate DHCP server can be setup on the switch.
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 5

Expert Comment

by:andrew1812
ID: 37792321
If the above solution is confusing try this simpler alternative for achieving the solution

1. Ensure that you are able to ping 192.168.2.0 network from R1 ( If it is not working, setup a route with the command 192.168.2.0 255.255.255.0 192.168.1.2 on R1)

2. Ensure that NAT is setup on R1 ( as in my first comment ) and ignore NAT on R2

3. Ensure that laptops are able to reach 192.168.1.1. The gateway of the laptops should be 192.168.2.1 and DNS should be appropriate address.

4. Ensure that default route is setup on R1 and R2 ( On R2, ip route 0.0.0.0 0.0.0.0 192.168.1.1 and on R1 ip route 0.0.0.0 0.0.0.0 "Gateway IP provided by ISP")

5. Once the above steps are ensured, you should be able to access internet.
0
 

Author Comment

by:CiscoNinja
ID: 37792386
Cheers Andrew

Yes All Up & Working.

I just completely underestimated the power of NAT .. I can see now its the access-list source that can open it up to LANS that are not directly connected.

Excellent work. The term 'Double NAT' which I have seen thrown around threw me off.

Thanks Again.
0
 
LVL 5

Expert Comment

by:andrew1812
ID: 37792404
Your Welcome
0

Featured Post

Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
What You Need to Know when Searching for a Webhost Provider
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question