splitting lan into 2 subnets 1

[dcraftfrombr]

We have reconfigured one of two adjoining offices to be on a different subnet than the other office. Office 1 has a SBS 2003 Server that was connected to and sharing the Internet connection that Office 2 has. Office 2 shares it's Internet via a ISA 2004 Server.
We have used ChangeIP.exe to change the address of Office 1's SBS server to use 10.0.5.5 with a gateway of 10.0.5.254 which is the LAN Ethernet port of a Cisco 1841 router. The 1841 then has the WAN Ethernet port set to 10.0.0.254 which connects to the Office 2 network.
We can get Internet of the Office 1 PCs only if I set a Proxy in Internet Explorer to point to the ISA Server(10.0.0.1).
My problem is that Outlook Express will not work. I cannot even telnet to the POP3 mail server which is hosted elsewhere.
Tried installing the MS Proxy/Firewall client, but cannot see the ISA server even when specifying it by IP address. I can ping the ISA server from the Office 1 workstations though.
Any suggestions?

 

[burtsbees]

What device goes out to the internet? In other words, doesn't the router go straight to the internet (well, did it before)???

Burt

 

[dcraftfrombr]

The ISA server connects to the Internet. The Cisco router is what we just added. Everything worked fine before putting in the router, which we are using simply to split the lan. The firewall on the Cisco 1841 is disabled. But evidently it is blocking some traffic from getting thru it.

Dale

 

[burtsbees]

Post a sh run from the router.

Burt

 

[dcraftfrombr]

!
version 12.4
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service udp-small-servers
service tcp-small-servers
service sequence-numbers
!
hostname CiscoRouter
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
!
no aaa new-model
!
resource policy
!
clock timezone PCTime -6
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip gratuitous-arps
ip cef
!
!
ip finger
ip tcp synwait-time 10
no ip dhcp use vrf connected
!
!
ip domain name church.com
!
!
interface FastEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$$ES_LAN$$FW_INSIDE$
ip address 10.0.5.254 255.255.255.0
ip mask-reply
ip directed-broadcast
ip nat inside
ip route-cache flow
duplex auto
speed auto
!
interface FastEthernet0/1
description $ES_WAN$$FW_OUTSIDE$
ip address 10.0.0.254 255.255.255.0
ip mask-reply
ip directed-broadcast
ip nat outside
ip route-cache flow
duplex auto
speed auto
!
router rip
network 10.0.0.0
no auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1
!
ip http server
ip http authentication local
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface FastEthernet0/1 overload
ip identd
!
logging trap debugging
access-list 1 remark INSIDE_IF=FastEthernet0/0
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.0.5.0 0.0.0.255
no cdp run
!
control-plane
!
line con 0
login local
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet
line vty 5 15
privilege level 15
login local
transport input telnet
!
scheduler allocate 4000 1000
end



the error I get with Outlook Express is
Your server has unexpectedly terminated the connection. Possible causes for this include server problems,
network problems, or a long period of inactivity. Account: 'mail.cavtel.net', Server: 'mail.computermaint.com',
Protocol: POP3, Port: 110, Secure(SSL): No, Socket Error: 10053, Error Number: 0x800CCC0F

 

[burtsbees]

router>en
router#conf t
router(config)#no ip nat inside source list 1 interface FastEthernet0/1 overload
router(config)#int fa0/0
router(config-if)#no ip nat in
router(config-if)#exi
router(config)#int fa0/1
router(config-if)#no ip nat out
router(config-if)#end
router#wr

Burt

 

[dcraftfrombr]

Sorry, that made it worse. Now the workstations can't connect to the Internet or get email. With or without proxy checked.

current config after changes

Current configuration : 2988 bytes
!
version 12.4
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service udp-small-servers
service tcp-small-servers
service sequence-numbers
!
hostname CiscoRouter
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
!
no aaa new-model
!
resource policy
!
clock timezone PCTime -6
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip gratuitous-arps
ip cef
!
!
ip finger
ip tcp synwait-time 10
no ip dhcp use vrf connected
!
!
ip domain name church.com
!
!
!
interface FastEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$$ES_LAN$$FW_INSIDE$
ip address 10.0.5.254 255.255.255.0
ip mask-reply
ip directed-broadcast
ip route-cache flow
duplex auto
speed auto
!
interface FastEthernet0/1
description $ES_WAN$$FW_OUTSIDE$
ip address 10.0.0.254 255.255.255.0
ip mask-reply
ip directed-broadcast
ip route-cache flow
duplex auto
speed auto
!
router rip
network 10.0.0.0
no auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1
!
ip http server
ip http authentication local
ip http timeout-policy idle 60 life 86400 requests 10000
ip identd
!
logging trap debugging
access-list 1 remark INSIDE_IF=FastEthernet0/0
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.0.5.0 0.0.0.255
no cdp run
!
control-plane
!
line con 0
login local
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet
line vty 5 15
privilege level 15
login local
transport input telnet
!
scheduler allocate 4000 1000
end

 

[burtsbees]

Is the server doing the NAT? If so, ...

router(config-if)#ip nat inside

On BOTH interfaces. Try that.
What type of internet connection is it? T1? ADSL?

Burt

 

[dcraftfrombr]

The ISA server is doing the nat. We have a cable connection coming into ISA server on one nic and the other nic shares out the Internet to the 10.0.0.x lan.

Will try as you suggested.

 

[burtsbees]

Yeah---the router must have the ip nat inside on all interfaces. My setup at home in my lab used to be
---internet--2620XM--2503--2620---2620--2924XL--comp
|
|
printer

The 2620XM is my edge router, and the 2503 is a router configured as a frame relay switch, connecting the edge with the second 2620, and a serial (asynch) connection to the third 2620 (which are all Cisco routers), and finally a Cisco Catalyst 2924XL switch, configured with 2 vlans (one for the computer and one for the printer), with the directly-connected 2620 routing between vlans.
This consisted of four different subnets (five, counting both vlans), and thus I ad to have ip nat inside on all interfaces, except the outgoing interface (ip nat outside).

Burt

 

[dcraftfrombr]

Unfortunately, that did not work either. Since I was running out of time, I went to Office Depot, picked up a $50 Dlink EBR-2310 Broadband Router, hooked it up, changed the LAN side IP address, disabled the DHCP (since my SBS server is now providing that) and everything worked just fine - Outlook Express and Internet (with or without the proxy specified). I would still like to know why the 1841 did not work, but I needed something up for the morning.

Thanks for trying!

Dale