INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Jobs

configuration syntax

configuration syntax

(OP)
I am familiar with routers, but have not done much with Cisco. I am trying to accomplish the following, but am not sure of the syntax:

Setting: My network is using the 172.23.0.0 network. I have a Cisco CISCO1941 router between my network and a foreign network (10.1.0.0). I have set up NAT on the Cisco router to the 10.1.0.0 addresses are presented to my network as 192.168.101.0.

Goals: I want a computer on my network to talk to a computer on the foreign network. I also want to be able to logon to the router from a workstation on our network.

Layout:
Computer on my network 172.23.1.66 \_______/172.23.82.2 Cisco \_______continued..
my management workstation 172.23.7.87 / \ Router/

_______/Cisco 10.1.0.2\/192.168.101.24 nat\________/workstation\
\Router /\ to 10.1.40.24 / \10.1.80.24 /

I have the following code:

interface GigabitEthernet0/0
ip address 172.23.82.2 255.255.255.0
ip nat outside
ip virtual-reassembly in
duplex half
speed 10
no mop enabled
!
interface GigabitEthernet0/1
ip address 10.1.40.1 255.255.0.0
ip access-group 102 out
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
:
ip nat inside source static 10.1.80.24 192.168.101.200
:
ip route 172.23.0.1 255.255.255.255 172.23.82.1
:
access-list 101 permit ip host 10.1.80.24 host 172.23.1.66
access-list 102 permit ip host 172.23.1.66 host 10.1.80.24
access-list 102 permit ip host 172.23.7.87 host 172.23.82.2

Neither goal is working. Any ideas would be welcome.
Dan

RE: configuration syntax

What is the subnet mask on the device addressed with 172.23.1.66?

You have this route: ip route 172.23.0.1 255.255.255.255 172.23.82.1
But you don't appear to have any route telling the router how to find 172.23.1.66/255.255.255.0

You have this line in your description:
workstation\\Router /\ to 10.1.40.24 / \10.1.80.24 /
But your router's Gi0/1 address is 10.1.40.1 255.255.0.0, so it won't be looking for 10.1.80.24 at layer3 and therefore won't send anything to 10.1.40.24 to route it further.




RE: configuration syntax

(OP)
To further clarify, this Cisco router (interface GigabitEthernet0/0) is connected to an Enterasys router which has the following subnets defined:
172.23.0.0/24 subnet where the computer to talk to foreign network is
172.23.82.0/24 subnet connected to Cisco router
172.23.1.0/24 subnet with my workstation to connect to router.
The 172.23.82.0/24 subnet is directly connected to the Enterasys router.
I also have a static route on the Enterasys router to point back to the Cisco:
[ip route 192.168.101.0/24 172.23.82.2 recursive 1]

From what you said, I am thinking I may need to add a route for the 172.23.1.x traffic to the 172.23.82.2 interface address. Which makes sense:
[ip route 172.23.1.1 255.255.255.255 172.23.82.1]

However, that doesn't explain why the NATed devices can't talk to the workstation at 172.23.0.x [i.e. 172.23.0.66 cannot talk to 192.168.101.200]

Am I missing something?
Dan

RE: configuration syntax

I see a host NAT, but not the subnet...

-Tim

ip access-list extended IP-Options-and-Powerball
deny ip any any winning-powerball-ticket
permit ip any any option any-options
!
class-map ACL-Options-and-Powerball
match access-group name IP-Options-and-Powerball
!
policy-map CoPP-POLICY
class ACL-Options-and-Powerball
drop
!
control-plane
service-policy input CoPP-POLICY

RE: configuration syntax

(OP)
Vince-
Thanks for your answer. It seems I was missing a return route back from the foreign system. I was able to get things working.
Dan

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Resources

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close