Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations biv343 on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

OK Here goes. We have a Cisco 26

Status
Not open for further replies.
hoinvip

hoinvip

MIS
Nov 16, 2001
156
GB
OK Here goes.

We have a Cisco 2611XM with 2 ethernet ports. One connects to an internal 10. network, the other to an internet registered address 195.x.x.102.

The ISP supplied router is on 195.x.x.101 and I don't have access to it.

What we want to do is put the 2611 in place to route packets from the 10. network to the 195. interface and then out to the net.

The current config in use is below...

no ip name-server
!
ip subnet-zero
no ip domain-lookup
ip routing
!
interface Ethernet 0/0
no shutdown
ip address 195.x.x.102 255.255.255.252
ip nat outside
keepalive 10
!
interface Ethernet 0/1
no shutdown
ip address 10.1.1.1 255.255.255.0
ip nat inside
keepalive 10
!
! Access Control List 1
!
no access-list 1
access-list 1 permit 10.1.1.0 0.0.0.255
!
! Dynamic NAT
!
ip nat translation timeout 86400
ip nat translation tcp-timeout 86400
ip nat translation udp-timeout 300
ip nat translation dns-timeout 60
ip nat translation finrst-timeout 60
ip nat inside source list 1 interface Ethernet 0/0 overload
!
!
ip classless
!
! IP Static Routes
ip route 0.0.0.0 0.0.0.0 195.x.x.101
no ip http server
no snmp-server location
no snmp-server contact
!
line console 0
exec-timeout 0 0
password a
login
!
line vty 0 4
password a
login


Problem is, this isn't working. I can PING the router interfaces fine from PC's on the 10.x LAN but that's it....

Anyone got any ideas?

TIA.

HoinviP
 
Sort by date Sort by votes
Could you please post while attempting Internet connections from 10. network?

show ip route
show ip nat translation

cheers,
 
Upvote 0 Downvote
also please post traceroute from any 10. host (or an extended traceroute from the router for that matter).

best regards,

 
Upvote 0 Downvote
no access-list 1
access-list 1 permit 10.1.1.0 0.0.0.255


IS WHAT I POSTED ABOVE WHAT IS REALLY SHOWING UP IN YOUR CONFIG FOR THE ACCESS-LIST????

If so, what I think may be happening is the router is not seeing your access-list properly. The only thing I can think of to clear that is to check the start-up config make sure that line no access-list 1 isn't in there and try reloading the router if it isn't to clear it out.

This in itself is just an assumption because that just looks realllllly odd to me. Also, what Rcasta suggested with the posts would be a great help as well.
 
Upvote 0 Downvote
Hi

I have had a similar problem, it turned out the addresses the isp had given us for the public network were not routable, our nat pool had to use a different range. You should ask your ISP.

You can also turn on RIP and see if the ISP's router "learn" about your network.

The last thing is change your GW on the router to your interface name instead of the IP address. Both should work, but I have found in the past that they don't always.

Good Luck
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

B
  • Question
Cisco IP phone 7841 8851 unable to forward all to external number
Replies
0
Views
119
badwolf1686
B
pbxcomm
  • Locked
  • Question
CISCO VG450
Replies
1
Views
443
nt8d09
nt8d09
Skip Rango
  • Locked
  • Question
how to backup cisco sg500-52p switch
Replies
1
Views
413
madwok
madwok
Jared R
  • Locked
  • Question
Cisco UC320W Paging Help
Replies
0
Views
437
Jared R
Jared R
Hayden09
  • Locked
  • Question
Cisco Sg-300 Flapping?
Replies
0
Views
380
Hayden09
Hayden09

Part and Inventory Search

Sponsor

Back
Top