![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
rettiger.livejournal.com posting in ![[community profile]](https://www.dreamwidth.org/img/silk/identity/community.png){kind=small}
techrecoveryOk.. so as a work lab, I've been instructed to setup an interface similar to the one below:
Computer -- Router 1 -- Router 2 -- Internet
I've setup the network as follows:
Computer(a) --- (b) Router 1 (c) --- (d) Router 2 (e) -- (f) Gateway to the Internet
a) 192.168.0.2/30
b) 192.168.0.1/30 - Router 1 Eth0
c) 10.0.0.2/30 - Router 1 Eth1
d) 10.0.0.1/30 - Router 2 Eth0
e)172.16.64.208/24 - Router 2 Eth1
f) the gateway, 172.16.64.1
All connections are ethernet.
I'm using a pair of Cisco 1605r routers, the config is below:
Router 1:
Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname customer_rtr
!
enable password xxx
!
ip subnet-zero
no ip domain-lookup
!
!
!
interface Ethernet0
ip address 192.168.0.1 255.255.255.252
no ip directed-broadcast
ip nat inside
!
interface Ethernet1
ip address 10.0.0.2 255.255.255.252
no ip directed-broadcast
ip nat outside
!
interface Serial0
no ip address
no ip directed-broadcast
ip nat outside
shutdown
!
ip default-gateway 10.0.0.1
ip nat inside source list 1 interface Ethernet0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 10.0.0.1
ip route 10.0.0.1 255.255.255.255 192.168.0.2
!
!
line con 0
transport input none
line vty 0 4
password xxx
login
!
end
Router 2:
Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname corecomm_rtr
!
enable password xxx
!
ip subnet-zero
ip name-server 169.207.1.3
!
!
!
interface Ethernet0
ip address 10.0.0.1 255.255.255.252
no ip directed-broadcast
ip nat inside
!
interface Ethernet1
ip address 172.16.64.208 255.255.255.0
no ip directed-broadcast
ip nat outside
!
interface Serial0
no ip address
no ip directed-broadcast
shutdown
!
ip default-gateway 172.16.64.1
ip nat inside source list 1 interface Ethernet1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 172.16.64.1
!
!
line con 0
transport input none
line 1
line vty 0 4
password xxx
login
!
end
I can ping from:
a to b and c but not past
rtr 1 to a and d but not past
rtr 2 to f and c but not past
Ovbiously, something important is wrong with my config. The question is, what?
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
no subject
Date: 2004-12-03 10:26 pm (UTC)My initial impression -
If you must keep the redundant NATting, try defining the access lists you are calling in your "source list 1" statements in your NAT.
A.k.acorecomm_rtr(config)#access-list 1 permit [figure out the proper statements]
Might help. Other than that, clean up the serial config on your inside router, and make sure you have more then outbound pointing routes.
That's my (quick) two cents.
no subject
Date: 2004-12-04 07:57 am (UTC)interface Serial0
no ip address
no ip directed-broadcast
ip nat outside
shutdown
!
yank the "ip nat outside" from serial0 on Router 1 and try it again.
no subject
Date: 2004-12-04 07:58 am (UTC)They may be old, but my company still uses them.. Just because it's old does not mean that they don't work.. :)
1600s are nice little critters.
no subject
Date: 2004-12-04 08:35 am (UTC)ip route 10.0.0.1 255.255.255.255 192.168.0.2
as well as the
ip nat outside
on serial0
Both configs should be identical, beyound hostames and IP's.
And there's nothing wrong with 1605R's. Got one myself. They may be old, but they're quite good for routing T1's and Static DSL. Just don't try BGP or serious access listing on them
no subject
Date: 2004-12-04 10:37 am (UTC)no subject
Date: 2004-12-04 10:40 am (UTC)no subject
Date: 2004-12-05 07:15 pm (UTC)no subject
Date: 2004-12-05 07:17 pm (UTC)You'd think I wouldn't, given that a selling point in one of my recent proposals was a MTBF of twenty-odd years for a new Cat... oops.