Cisco 2800 Series Connectivity Issues...

[hippiejoe]

Hi there, this is my first post!

I have a Cisco 2811 with one serial interface, loopback, and two fast ethernet interfaces, we're only use FA 0/1. The serial is our side of a T1.

The Serial has a routable IP address of 160.80.26.186/30.

The FA has an internal address of 172.16.0.1/30

For trouble shooting purposes I made it as simple as I could imagine and plugged my laptop in to the FE and statically set an IP of 172.16.0.2/30 with the route/gateway being 172.16.0.1 (the FA).

Internet Clout ---> serial ---> fa ---> laptop

From the router, I can ping everywhere including any internet IP and my laptop. From my laptop I can ping as far as our serial interface IP address. I cannot ping the ISP's side of the T1.

Any ideas? Do you want me to post a sh run or sh int?

Things I've done so far
-Encapsulation is hdlc
-ip routing
-ip route 0.0.0.0 0.0.0.0 serial 0/0/0

Like I said, everything works from the router, but I can not get off the router and out to the internet or the ISP's T1 side from my laptop. Thanks a ton!!!

HippieJoe

 

[andyman5002]

Have you setup NAT?

 

[hippiejoe]

No, I haven't. Is this very complicated. It is never going to be more then a /30 attached to the FA 0/0. I am using the laptop connected for testing, but eventually it will be a Firewall which will plug into a switch...i believe the FW takes care of NATing on it's LAN side. But no, I have not set up NAT. Is it all router based, or do I have to set something up on the laptop/any client? Thanks

 

[andyman5002]

Well I have a 2600 with an ADSL wic installed, im assigned an IP from my ISP and then I have a private address range for my ethernet interface, NAT alows the private addresses to communicate on the internet.
It should all be on the router, its not hard initially to get it working basically, but when you try to foward ports it gets tricky (see my thread).

You basically have to assign an inside and outside interface, the serial would be outside and ethernet inside. Im not too sure about the 2800 series,
I can only find this

http://www.cisco.com/en/US/products/ps5854/prod_configuration_guide09186a0080387d8c.html

You need an access list and then you need a command like this:
ip nat inside source list 11 interface Serial0/0/0 overload

Then you need to do the interfaces ip nat inside ect.

Read that configuration it might help you a bit, sorry if it doesnt.

Andy

 

[JOAMON]

You need to have NAT to get to the Internet. Also why don't you try SDM on that router. When connected to it VIA ethernet enter the IP address of the router in your browser and a web based GUI for programming should fire up. If it still has the default username cisco which password is cisco then use that. If not telnet into it and add your username and password with privelage level 15.

 

[hippiejoe]

Alright, I got it working, ended up using PNAT...thanks for your help Andy!!! I had to:

-----------
config t
int fa 0/0
ip nat inside
int serial 0/0/0
ip nat outside
exit
access-list 1 permit [internal-network] [inverted-subnet]
ip nat inside source list 1 int serial 0/0/0 overload
-----------

So now my laptop which was directly connected to the fa can ping web sites and even browse them via IP address...however, I have a new occurance.

From the router I can no longer ping my laptop. I am assuming it is another access-list issue, so I tried making a list to take the [external-network] and permit it to the internal network. That didn't work. And thinking about it now, would that be it since I can browse the net...obviously I have full duplex communication.

So the only thing I can't do is ping my directly connected laptop via the router. Any more ideas? Thanks again!!!

Hippie Joe

 

[JOAMON]

Can you do a show run and post the config?

 

[hippiejoe]

Hey, here is the show run

-------------------
Router#sh run
Building configuration...

Current configuration : 1021 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
enable secret 5 Scrambled-Here
!
no network-clock-participate aim 0
no network-clock-participate aim 1
no aaa new-model
ip subnet-zero
!
!
ip cef
!
!
no ip domain lookup
no ftp-server write-enable
!
!
!
!
interface Loopback0
ip address 192.168.0.1 255.255.255.0
!
interface FastEthernet0/0
ip address 172.16.0.1 255.255.255.252
ip nat inside
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0/0
ip address 160.80.26.186 255.255.255.252
ip nat outside
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0/0
ip http server
ip nat inside source list 1 interface Serial0/0/0 overload
!
!
access-list 1 permit 172.16.0.0 0.0.0.3
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
password
login
!
scheduler allocate 20000 1000
!
end

Router#
---------------------------

Thanks again!
HippieJoe

 

[hippiejoe]

wham to my own head...i turned my damn firewall on on the laptop, thats why the pings were droped. sorry for wasting time, and I really appreciate the NAT/PNAT help!!! Be back in a minute when I break something else!
HippieJoe