jmsabatini
IS-IT--Management
I would like to be able to use my 1711 router without NAT. Basically, I just want the device to route between two networks: 20.0.0.x on the inside and 10.0.0.x on the outside. I have no NAT rules, no static routes configured; just VLAN1. I am able to communicate fully from the 10.0.0.x network to any device on 20.0.0.x, but not the other way around. I suppose there's something simple I need to do. Here's my config:
!This is the running config of the router: 10.0.0.245
!----------------------------------------------------------------------------
!version 12.2
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname CISCO1711
!
security authentication failure rate 3 log
security passwords min-length 6
logging queue-limit 100
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$Vc/G$mduOJ2eVTNYeW8saL.j7c1
!
username admin privilege 15 password 7 045819575E731A175B
clock timezone PCTimeZone -5
ip subnet-zero
no ip source-route
!
!
ip tcp synwait-time 10
no ip domain lookup
ip domain name crinj.com
!
!
no ip bootp server
ip cef
ip audit notify log
ip audit po max-events 100
ip ssh time-out 60
ip ssh authentication-retries 2
no ftp-server write-enable
!
!
!
!
!
!
!
!
interface FastEthernet0
description $FW_OUTSIDE$$ETH-WAN$
ip address 10.0.0.245 255.255.255.0
no ip unreachables
no ip proxy-arp
no ip route-cache
duplex auto
speed auto
no cdp enable
!
interface FastEthernet1
no ip address
no cdp enable
!
interface FastEthernet2
no ip address
no cdp enable
!
interface FastEthernet3
no ip address
no cdp enable
!
interface FastEthernet4
no ip address
no cdp enable
!
interface Async1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
shutdown
!
interface Vlan1
description $FW_INSIDE$$ETH-SW-LAUNCH$
ip address 20.0.0.1 255.255.255.0
no ip unreachables
no ip proxy-arp
no ip route-cache
ip tcp adjust-mss 1452
!
ip classless
ip http server
ip http authentication local
ip http secure-server
!
!
!
ip access-list extended PermitAll
remark SDM_ACL Category=2
permit ip 20.0.0.0 0.0.0.255 any
logging trap debugging
no cdp run
!
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
transport output telnet
line 1
flush-at-activation
stopbits 1
speed 115200
flowcontrol hardware
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet ssh
line vty 5 15
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 4000 1000
scheduler interval 500
!
end
Thanks!
!This is the running config of the router: 10.0.0.245
!----------------------------------------------------------------------------
!version 12.2
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname CISCO1711
!
security authentication failure rate 3 log
security passwords min-length 6
logging queue-limit 100
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$Vc/G$mduOJ2eVTNYeW8saL.j7c1
!
username admin privilege 15 password 7 045819575E731A175B
clock timezone PCTimeZone -5
ip subnet-zero
no ip source-route
!
!
ip tcp synwait-time 10
no ip domain lookup
ip domain name crinj.com
!
!
no ip bootp server
ip cef
ip audit notify log
ip audit po max-events 100
ip ssh time-out 60
ip ssh authentication-retries 2
no ftp-server write-enable
!
!
!
!
!
!
!
!
interface FastEthernet0
description $FW_OUTSIDE$$ETH-WAN$
ip address 10.0.0.245 255.255.255.0
no ip unreachables
no ip proxy-arp
no ip route-cache
duplex auto
speed auto
no cdp enable
!
interface FastEthernet1
no ip address
no cdp enable
!
interface FastEthernet2
no ip address
no cdp enable
!
interface FastEthernet3
no ip address
no cdp enable
!
interface FastEthernet4
no ip address
no cdp enable
!
interface Async1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
shutdown
!
interface Vlan1
description $FW_INSIDE$$ETH-SW-LAUNCH$
ip address 20.0.0.1 255.255.255.0
no ip unreachables
no ip proxy-arp
no ip route-cache
ip tcp adjust-mss 1452
!
ip classless
ip http server
ip http authentication local
ip http secure-server
!
!
!
ip access-list extended PermitAll
remark SDM_ACL Category=2
permit ip 20.0.0.0 0.0.0.255 any
logging trap debugging
no cdp run
!
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
transport output telnet
line 1
flush-at-activation
stopbits 1
speed 115200
flowcontrol hardware
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet ssh
line vty 5 15
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 4000 1000
scheduler interval 500
!
end
Thanks!
