configuration syntax 1

[dan]

I am familiar with routers, but have not done much with Cisco. I am trying to accomplish the following, but am not sure of the syntax:

Setting: My network is using the 172.23.0.0 network. I have a Cisco CISCO1941 router between my network and a foreign network (10.1.0.0). I have set up NAT on the Cisco router to the 10.1.0.0 addresses are presented to my network as 192.168.101.0.

Goals: I want a computer on my network to talk to a computer on the foreign network. I also want to be able to logon to the router from a workstation on our network.

Layout:
Computer on my network 172.23.1.66 \_______/172.23.82.2 Cisco \_______continued..
my management workstation 172.23.7.87 / \ Router/

_______/Cisco 10.1.0.2\/192.168.101.24 nat\________/workstation \Router /\ to 10.1.40.24 / \10.1.80.24 /

I have the following code:

interface GigabitEthernet0/0
ip address 172.23.82.2 255.255.255.0
ip nat outside
ip virtual-reassembly in
duplex half
speed 10
no mop enabled
!
interface GigabitEthernet0/1
ip address 10.1.40.1 255.255.0.0
ip access-group 102 out
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
:
ip nat inside source static 10.1.80.24 192.168.101.200
:
ip route 172.23.0.1 255.255.255.255 172.23.82.1
:
access-list 101 permit ip host 10.1.80.24 host 172.23.1.66
access-list 102 permit ip host 172.23.1.66 host 10.1.80.24
access-list 102 permit ip host 172.23.7.87 host 172.23.82.2

Neither goal is working. Any ideas would be welcome.
Dan

 

[VinceWhirlwind]

What is the subnet mask on the device addressed with 172.23.1.66?

You have this route: ip route 172.23.0.1 255.255.255.255 172.23.82.1
But you don't appear to have any route telling the router how to find 172.23.1.66/255.255.255.0

You have this line in your description:
workstation\\Router /\ to 10.1.40.24 / \10.1.80.24 /
But your router's Gi0/1 address is 10.1.40.1 255.255.0.0, so it won't be looking for 10.1.80.24 at layer3 and therefore won't send anything to 10.1.40.24 to route it further.

 

[dan]

To further clarify, this Cisco router (interface GigabitEthernet0/0) is connected to an Enterasys router which has the following subnets defined:
172.23.0.0/24 subnet where the computer to talk to foreign network is
172.23.82.0/24 subnet connected to Cisco router
172.23.1.0/24 subnet with my workstation to connect to router.
The 172.23.82.0/24 subnet is directly connected to the Enterasys router.
I also have a static route on the Enterasys router to point back to the Cisco:
[ip route 192.168.101.0/24 172.23.82.2 recursive 1]

From what you said, I am thinking I may need to add a route for the 172.23.1.x traffic to the 172.23.82.2 interface address. Which makes sense:
[ip route 172.23.1.1 255.255.255.255 172.23.82.1]

However, that doesn't explain why the NATed devices can't talk to the workstation at 172.23.0.x [i.e. 172.23.0.66 cannot talk to 192.168.101.200]

Am I missing something?
Dan

 

[burtsbees]

I see a host NAT, but not the subnet...

-Tim

ip access-list extended IP-Options-and-Powerball
deny ip any any winning-powerball-ticket
permit ip any any option any-options
!
class-map ACL-Options-and-Powerball
match access-group name IP-Options-and-Powerball
!
policy-map CoPP-POLICY
class ACL-Options-and-Powerball
drop
!
control-plane
service-policy input CoPP-POLICY

 

[dan]

Vince-
Thanks for your answer. It seems I was missing a return route back from the foreign system. I was able to get things working.
Dan