Static Routing gone Bad!

[doohder]

Here is what I have for a network layout everything I kinda of in the testing phase right now since all the locations are not connected yet. So here is what I currently have workin I have all the Internal users going through the ISA server by setting the gateway of last resort to the ISA server on the routers which is 10.0.0.2. I have a wireless system that needs to stay a public address so I am trying to set up a static route out to the T1 router to no avail. When I put in static route in such as 0.0.0.0 0.0.0.0 10.1.0.1. It will kick the internal users off going through the ISA server. I guess what I am asking how to I build a static route to the 216.x.x.161 with out affecting the 10.x.x.x users.

 

[doohder]

Never mind I made the access-list also and figured it out now I should be able to ping 216.x.x.161 after I make that correct? for some reason I can't. do I also have to make one on the GrandRios router?

 

[lgarner]

Pinging a connected interface doesn't involve routing, so you should be able to ping your connected routers with or without the route map.

You can't ping it from where, exactly? What does a "show ip router" look like on PLP?

 

[doohder]

I can ping all the 10.x.x.x interfaces but I can't ping 216.x.x.161 which is the ethernet interface on the GrandRios router even when I have its set for gateway of last resort of 10.1.0.1. I can ping it while telneted into it but can't when telneted into PLP router.

 

[lgarner]

Again, what does "show ip route" give? On both routers, and any in between?

 

[doohder]

shows the same as it did before just all 10.x.x.x as being routed and 216.x.x.x network only on the GrandRios and T1 router and being C so directly connected.

 

[SQL2KDBA69]

I think it you NAT setting on the GrandRios Router. Check the access-list for the NAT. i had the same problem. last night on my home network.

 

[doohder]

do i have to do network 216.x.x.0 so rip broadcast it I don't think it will do broad cast for public with rip but im gonna give it a try

 

[SQL2KDBA69]

NoT Rip the NAT Settings.

like this

ip nat inside source list 1 e0 overload

access-list 1 permit 10.1.0.0 0.255.255.255


you have to have a access-list for every network

 

[SQL2KDBA69]

this is what traslates your private address to public address

 

[doohder]

the only thing that is doing nat on my network is the ISA server. None of the routers have NAT running on them

 

[SQL2KDBA69]

then you cant expect to be able to ping a public address from a private address with out some traslation. and without NAT your network is open to the internet except if you have access-list to block incoming trafic form the internet.

 

[SQL2KDBA69]

If ISA is the only thing with NAT that is the only path to the internet.

 

[doohder]

because it transfers private address to a public address. now the problem exactly is i have 16 public addresses and i could use those public addresses on all the interfaces and then i could ping all the interfaces from say the internet at home it would be just an extension of the ISP. but the reason I don't wanna do that is cuz then i would have to VPN all the information over public addresses and don't wanna do that. I just don't know if its possible to route that public address over a IANA address. because routers drop non IANA packets thats why you can't route them.

 

[SQL2KDBA69]

How do you expect to get out on the internet from the grandrios router with out nat? I have never seen someone get on the internet with a private ip.

 

[doohder]

Yeah the S0 interface is a private address but the Eth1 interface is a public address. So what I am trying to do is make a route for that public address next hop it out the s0 then from the PLP s0 interface next hop it to 10.7.0.1 then to t1 just making a route for it.

 

[SQL2KDBA69]

you not geting on the internet thru the T1 router if it not runing NAT best you get with the route is the ablity to ping the out side of the T1 router because the packet will find it way back to your internal computer because the T1 router know how to get back to your comp if it recieving RIP updates from the other routers.

 

[doohder]

The ISA server is serving NAT and Firewall policies its the route for all IANA address to get published as a public address. Public address don't need NAT.

 

[doohder]

I am behind the GrandRios router as I type this and getting out on the internet. gateway of last resort is ISA means all packets that don't know the destination go through the isa.

 

[SQL2KDBA69]

that what im saying the only way for your network to get on the internet is thru the ISA because it the only thing runing NAT.

 

[SQL2KDBA69]

this is what your tring to do :

I have a wireless system that needs to stay a public address so I am trying to set up a static route out to the T1 router to no avail.


I dont see a way to get a public ip to go thru a private address network and back out to public with out NAT.

you have to remember a packet has to come in your network via the wireless then go thru your Private network then out to the internet via the T1 then back into your private network then out the wireless. even if you can route it thru there is no way it going to find it way back to the wireless users.