a little help with a config please :)

[jdsanchez473]

i have a cisco 1700 series router that is hooked up to a T1 and the ethernet port goes to a zywall (nat router/content filter). I had to start with a new config (somehow the config got erased and there were no backups). I have it far enough now that i can get threw the T1 and ping any address on the internet, but going threw the ethernet port the farthest i can get is the router, and i can't get threw the T1. here is a little rundown of what i've done so far...

serial0 - 70.167.60.17/30
ethernet0 - 192.168.1.1/24

i did "ip route 192.168.1.0 255.255.255.0 serial0"

i setup a computer on the ethernet and gave it an ip of 192.168.1.17/24 and a default gateway of 192.168.1.1

with this config i can't get threw the router, this is my first go around with cisco routers so bear with me please

How i would really like it configured is to have the serial0 and ethernet0 "bridged" (this is where they behave as one interface right?) and have 70.167.60.17 on the ethernet0, and 70.167.60.17 on the zywall (device attatched to ethernet0) is this do-able?

thanks in advance for any help!!

 

[mahlad29]

Ok, SO first the ip route statement is not correct. to get anything out from behind the router you need this route

ip route 0.0.0.0 0.0.0.0 serial0

thus allowing all traffic behind the router out.

Second i dont believe the bridge mode is an option for what you are asking as the router is kinda acting as a transceiver as well.

 

[burtsbees]

ip route 0.0.0.0 0.0.0.0 s0

Post the entire config, scrubbed of course.

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!

 

[jdsanchez473]

thank you guys very much for replying so quick.. here is my config.. yes i know, i just realized how bad the route entries are messed up...

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Router#show config
Using 867 out of 29688 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
memory-size iomem 15
no aaa new-model
ip subnet-zero
!
!
ip name-server 4.2.2.2
ip name-server 4.2.2.3
!
ip cef
!
!
!
!
interface FastEthernet0
ip address 192.168.1.1 255.255.255.0
speed auto
!
interface Serial0
ip address 70.167.60.17 255.255.255.252
!
router rip
network 70.0.0.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0
ip route 0.0.0.0 0.0.0.0 70.167.60.30
ip route 70.167.60.12 255.255.255.252 Serial0
ip route 70.167.60.16 255.255.255.252 FastEthernet0
ip route 192.168.1.0 255.255.255.0 Serial0
no ip http server
!
!
line con 0
line aux 0
line vty 0
login
line vty 1 4
login
!
end

 

[mahlad29]

Is it working?

you can remove these four routes, you only need the one default route.
The third route in there is not active at all because your connected route takes precedence.

ip route 0.0.0.0 0.0.0.0 70.167.60.30
ip route 70.167.60.12 255.255.255.252 Serial0
ip route 70.167.60.16 255.255.255.252 FastEthernet0
ip route 192.168.1.0 255.255.255.0 Serial0

you can remove these four routes, you only need the one default route.
The third route in there is not active at all because your connected route takes precedence.

Also is there a reason why your running rip?

 

[unclerico]

the problem is that you only have a /30 prefix assigned by your ISP. the easiest thing to do really is to go to your isp and ask for another address range, something like a /29. you'll keep your current /30 prefix for your serial interface connecting to your isp access router. you'll take two ip's from the /29 and assign them to the ethernet interface on the router and the external interface of the firewall. remove all other routes on the router except for the one default route.

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[jdsanchez473]

no reason why its running rip, didn't know it was... thanks for the ideas.. i'll update the config from home, reload it and hopefully when i go in tomarrow it will work.

Thanks again!

 

[jdsanchez473]

oh and on a side note when i try to assign IP's to both interfaces that are on the same subnet, it gives an error about overlapping. So how would going to /29 help if i still can't have both interfaces on the same network (or am i missing something, again )

Thanks!

 

[mahlad29]

wow, i just missed how complicated this was until, unclerico posted (and then i felt dumb)

you miss understood unclerico, you keep the current /30 then add another /29. thus two different addr. Although this is a solution. its an expense.

I am assuming this is your topology

Lan-->>switch>>>firewwall>>>router>>isp

between the firewall and the router assign it a diff ip address schema
such as 10.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/24 anything other then 192.168.1.0/24 which is your inside lan. like a mini network between the two

then this enter this

access-list 10 permit any
ip nat inside source list 10 interface serial 0 overload

then under each interface

int fa0
ip nat inside

int e0
ip nat outside


although this is a double nat config, it will get you running.

if you still need help np.

 

[mahlad29]

**EDIT**

suppose to be s0 not e0...typo

 

[jdsanchez473]

before everything got messed up it was setup to where the firewall after the router had an address of 70.167.60.17 and its default gateway was set to 70.167.60.18.

i guess i should explain further the layout.

We have fibre comming in going to a cisco router (don't know the model). There are two lines comming out of that router that go to T1's, one goes to the middle school, one goes to the high school. the high school is the current issue. the router im trying to configure now is on the B side of that T1.

Now i just realized something that confuses me, the first router has an address of 70.167.60.30 on the interface that goes to the high schools T1. shouldn't the router im trying to configure have a dot 29 on the T1 side? or am i just complicating things more lol..

 

[mahlad29]

Technicaly yes if it's a /30
hmm, one more thing you said the firewall
after the router, which way is after? I thought the firewall was behind the router as you explained it.

Keep us posted.

 

[jdsanchez473]

maby this will help


Fibre Internet (district office) > Router > T1 (to high school) > Router > ZyWall (nat/content filter) > switch > lan

 

[mahlad29]

Oh I get it! ptp from firewall to router, then router to main router,
so do what you just said, and you won't have to nat one the router
assign int fa0 the 70.167.60.18 address and keep the firewall as 70.167.60.17 then assign the s0 int the 70.167.60.29 and keep the default route out s0 the same.

 

[jdsanchez473]

the ptp is between routers, not between router/firewall, but i guess that doesn't really matter. i could have sworn i tried to set it up that way but it didn't work, but then again i might not have so i will try and i hope it does.
so i assume with that setup i still use "ip route 0.0.0.0 0.0.0.0 serial0" ?


thank you guys very much for your help, i don't think i could have got better support if i paid for it

 

[mahlad29]

Lol np.

Yes still use ip route 0.0.0.0 0.0.0.0 s0, and technically if you assign /30
between two hosts, it's ptp, anyway the way we described should wrk 100%.

Let us know

 

[jdsanchez473]

oh i see what you mean now (ptp) i really wish i remembered the stuff i learned in the two ccna classes i took.. i really would like to know how to do this stuff but i rarely have to mess with it so its very hard to remember lol..

 

[jdsanchez473]

now im ticked lol.. 70.167.60.29 is another cisco router thats already up, wtf? i'm going to have to spend a day map out this network, i have no idea where it is or why..

 

[jdsanchez473]

to top it off the guy that new the password to the main cisco router passed away...

 

[burtsbees]

Password recovery is easy, but requires that you power cycle the router in the process...

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!