Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

CISCO Router subnetting

Status
Not open for further replies.

Denda

MIS
Oct 30, 2001
237
US
I have created 2 subnets that can communicate internally fine (10.50.4.X & 10.50.20.X). However I can not get them to see the Internet at all. We run our NAT'g on a checkpoint firewall and the following is allowed out 10.50.0.0. We currently have another subnet (remote location 10.50.10.X) that is getting out to the Internet fine, although it is on it's own router and through that routers gateway. I'm just trying to add these 2 subnets to our existing router and am unable to figure out how to get them out to the Internet. Any ideas would be greatly appreciated. Thanks in advance.

Here's the sh run...
Current configuration : 2160 bytes
!
! Last configuration change at 10:11:06 EDT Wed Apr 4 2007
!
version 12.1
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname router1
!
enable secret 5 xxxxxxxxxxxxxxxxxx/
enable password xxxxxxxxx
!
!
!
!
!
memory-size iomem 15
clock timezone EST -5
clock summer-time EDT recurring 2 Sun Mar 2:00 1 Sun Nov 2:00
ip subnet-zero
no ip finger
ip domain-name mycompany.com
ip name-server 10.50.1.X
ip name-server 10.50.1.X
!
ipx routing 0030.9499.6e81
isdn voice-call-failure 0
!
!
controller T1 1/0
!
controller T1 1/1
!
!
!
!
interface Loopback0
ip address 10.250.50.X 255.255.255.255
!
interface Ethernet0/0
no ip address
no ip mroute-cache
!
interface Serial0/0
ip address 10.50.50.X 255.255.255.0
encapsulation ppp
no ip mroute-cache
no fair-queue
service-module t1 clock source internal
!
interface TokenRing0/0
no ip address
no ip mroute-cache
shutdown
ring-speed 16
!
interface FastEthernet1/0
ip address 10.50.4.X 255.255.255.0 secondary
ip address 10.50.20.X 255.255.255.0 secondary
ip address 10.50.1.X 255.255.255.0
no ip mroute-cache
speed 100
full-duplex
no mop enabled
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.50.1.X
ip route 10.50.10.0 255.255.255.0 10.50.50.X
ip route 10.50.20.0 255.255.255.0 10.50.1.X
ip route 170.100.144.0 255.255.255.0 10.50.1.X
ip route 172.16.50.0 255.255.255.0 10.50.1.X
no ip http server
!
logging 10.50.1.X
!
!
!
!
line con 0
exec-timeout 30 0
password xxxxxxx
login
transport input none
line aux 0
exec-timeout 30 0
password xxxxxx
login
line vty 0 4
exec-timeout 30 0
password xxxxxxx
login
!
ntp clock-period 17179845
ntp server 10.50.1.X
end
 
You need to allow 10.50.1.0, 10.50.4.0, 10.50.20.0 and 10.50.50.0 out in the checkpoint---10.50.0.0 is a different subnet than what you have configured on your interfaces, assuming the NAT address you are alowing in the Checkpoint is 10.50.0.0/24

Burt
 
Thank you for your reply. Why would the existing 10.50.10.X network work then if I have not specifically allowed it out? Maybe I'm missing something, I apologize, but I have looked through the Checkpoint SmartDashboard completely for a rule that allows 10.50.10.X specifically and there is nothing there only the 10.50.0.0, which I assumed allowed our 10.50.1.X & 10.50.10.X network out.

I apologize if this is a stupid question and let me know if you would rather me hit up the checkpoint forum at this point. Thanks again
 
Well, since I couldn't find anything in SmartDashboard, I decided to go right to the Nokia device. In the initial file I do see a couple entries setup specifically to the 10.50.10.0 network. Now I just need to figure out where those came from and how to update that file. I'll check with nokia.

If anyone else knows right off hand, I would greatly appreciate it. Thanks again.
 
I got it working. I forget about Nokia's Voyager. I added the subnet's there and it's all working now. Thank you for your help.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top