2811 routing question

[curtok12]

This is a great forum, and I'm a total noob at this, but I have what probably is a really quick question....

I have two seperate network on both interfaces. One Public (204.x.x.x) and one private (192.168.99.x). How do get the two networks to communicate with each other? The router connects to the internet via 2 bonded T1s on a card.

If this is vague, let me know, and I'll post the config. Thanks so much!!!!!

 

[Minue]

Hello
Please post the "show run".Please be aware that directly connected subnets will talk to each other.So I guess your question isn't very clear.Please explain throroughly what you want to accomplish.Do you want the private addresses to talk to the Internet?
Regards

 

[curtok12]

Ok, here's the long version on the what the config has to do..... on the 2811 there are two interfaces with attached networks- one public, one private. The private network will have to be able to see the internet, of course. Currently, i can ping out to the internet from the private network (f0/0), but I can't ping the public network addresses on f0/1 (although i can ping the public network interface, f0/1, from the private network).

I've tried to set up NAT on f0/0 and pinging to the internet from the private network is successful. I think through multiple configuration attempts, however, SDM has added some extra stuff (check out the access-list entries and interface overloads).

Also, as you'll see in the config, the static routes for the subnets on the private network have been defined. They all sit behind a layer 3 switch on the private network.

Here's the config...

version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname monte
!
boot-start-marker
warm-reboot count 10 uptime 10
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging message-counter syslog
logging buffered 51200
logging console critical
enable secret 5 $1$2qVY$6i0YZPJDD8JqbUpqcRiyZ1
!
no aaa new-model
clock timezone MDT -7
clock summer-time MDT date Apr 6 2003 2:00 Oct 26 2003 2:00
no network-clock-participate wic 3
!
dot11 syslog
no ip source-route
!
!
ip cef
!
!
no ip bootp server
ip domain name xxxxxxxx.org
!
multilink bundle-name authenticated
!
!
!
!
!
!
username administrator privilege 15 secret 5 $1$XSjw$RFPYHTu5amK8lPgkvCHy91
archive
log config
hidekeys
!
!
!
!
!
controller T1 0/3/0
clock source internal
channel-group 1 timeslots 1-24
!
controller T1 0/3/1
clock source internal
channel-group 1 timeslots 1-24
!
ip tcp synwait-time 10
!
!
!
interface Multilink1
description ------------------------ to UPoP
ip address 129.19.64.xx 255.255.255.252
no ip redirects
no ip proxy-arp
ip nat outside
ip virtual-reassembly
no cdp enable
ppp multilink
ppp multilink group 1
!
interface FastEthernet0/0
description new netowrk$ETH-LAN$
ip address 192.168.99.14 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
no mop enabled
!
interface FastEthernet0/1
description $ETH-LAN$
ip address 204.228.x.x 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
duplex auto
speed auto
no mop enabled
!
interface Serial0/3/0:1
description ------------------------ Qwest T1#1
no ip address
no ip redirects
encapsulation ppp
ppp multilink
ppp multilink group 1
!
interface Serial0/3/1:1
description ------------------------ Qwest T1#2
no ip address
no ip redirects
encapsulation ppp
ppp multilink
ppp multilink group 1
!
ip default-gateway 129.19.64.xx
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 129.19.64.xx
ip route 192.168.10.0 255.255.255.0 192.168.99.1
ip route 192.168.15.0 255.255.255.0 192.168.99.1
ip route 192.168.16.0 255.255.255.0 192.168.99.1
ip route 192.168.20.0 255.255.255.0 192.168.99.1
ip route 192.168.25.0 255.255.255.0 192.168.99.1
ip route 192.168.35.0 255.255.255.0 192.168.99.1
ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip nat inside source list 6 interface Multilink1 overload
ip nat inside source list 7 interface Multilink1 overload
!
logging trap debugging
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.99.0 0.0.0.255
access-list 2 remark SDM_ACL Category=2
access-list 2 permit 192.168.99.0 0.0.0.255
access-list 2 permit 204.228.78.0 0.0.0.255
access-list 3 remark SDM_ACL Category=2
access-list 3 permit 192.168.99.0 0.0.0.255
access-list 4 remark SDM_ACL Category=2
access-list 4 permit 192.168.0.0 0.0.255.255
access-list 5 remark SDM_ACL Category=2
access-list 5 permit 192.168.10.0 0.0.0.255
access-list 6 remark SDM_ACL Category=2
access-list 6 permit 192.168.99.0 0.0.0.255
access-list 7 remark SDM_ACL Category=2
access-list 7 permit 192.168.10.0 0.0.0.255
no cdp run

!
!
!
!
!
control-plane
!
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet
line vty 5 15
privilege level 15
login local
transport input telnet
!
scheduler allocate 20000 1000
end

I can also post a PDF of the network diagram, if that would help.

Thank you!!

 

[Minue]

Hello
The below statement is baffling me.Are you trying to say that you can't ping this subnet 204.228.x.x from the Internet?
"but I can't ping the public network addresses on f0/1 (although i can ping the public network interface, f0/1, from the private network)."

If this is the case try to ping this subnet 129.19.64.xx. from the Internet.If successful,then do a traceroute to the 204.228.x.x subnet.

Regards

 

[curtok12]

Thanks for responding, Minue. To answer your question, no, I can ping the 204 network from the Internet. I can't ping the 204 network from the private network attached to the other interface, f0/0.

 

[burtsbees]

Take out acl 6 and 7, and make it

permit 192.168.0.0 0.0.255.255

I think you can only have one NAT statement, the second one taking effect. Then again, you can get out to the internet...

try it?

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!