Cisco IOS NAT with multiple segments

[beckfiveoh]

Hope this makes some sense, and someone can shed some light on a small problem I'm having.

A new ISP at a remote office we signed onto does not do the NATing for us, so I needed to set up a dual ethernet 2620 router to us NAT with the overload feature, and have enabled on the access lists two networks to go out this way.. 172.16.44.0, 172.16.45.0 This router is hooked up to a 5500 switch with an RSM that is configured with two VLANs that previously had its gateway of last resort learned by EIGRP from the related WAN Links. I set this gateway up to use the LAN ethernet side of the 2620 (172.16.45.8) doing the NATing, and all is working great on the VLAN that the 2620 is attached to (172.16.45.0) Problem now is that the 172.16.44.0 network cannot see this router, so they cannot get to the net as its gateway is that of the ISP's and I cannot have 2 gateways on that 2620. Is there something I'm not seeing here that would enable that other VLAN/segment be able to get to this router? I can try to paste up some configs if it would help out my poor explanation here.

Many thanks,

Larry

 

[gaveeve]

A config would be helpful of both the 5500 RSM and the 2620.

 

[beckfiveoh]

Thanks for the reply... here's the 2620 config:

version 12.1
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname bla
!
enable secret 5 $1$m8sa$diHTZao6YTzsWexapmrmO/
!
!
!
!
!
ip subnet-zero
!
!
!
!
interface FastEthernet0/0
description blablabla
ip address 172.16.45.8 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface FastEthernet1/0
description blablabla
ip address XXX.XXX.49.210 255.255.255.240
ip nat outside
speed 10
half-duplex
!
ip nat pool net-20 XXX.XXX.49.211 XXX.XXX.49.211 netmask 255.255.255.240
ip nat inside source list 1 pool net-20 overload
ip classless
ip route 0.0.0.0 0.0.0.0 XXX.XXX.49.209
no ip http server
!
access-list 1 permit 172.16.44.0 0.0.0.255
access-list 1 permit 172.16.45.0 0.0.0.255
!
line con 0
line aux 0
line vty 0 4
password
login
!
no scheduler allocate
end

and for the RSM: This is it in the setting that doesn't work properly...the gateway of last resort right now is is currently being learned through the WAN router which connects this site to the headquarters site, and it's not defined in the config: When I put in the gateway manually, as I indicated, only the 172.16.45.0 network was able to get out. Thanks again! Oh, and one more thing.. yes, we need to run appletalk, please don't laugh

Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname 26stRSM
!
boot bootldr bootflash:c5rsm-boot-mz.120-12.bin
enable secret 5 $1$YLQB$hrvpXoyAg1tXaWBghMGir1
!
ip subnet-zero
ip domain-name xxxx
ip cef
appletalk routing eigrp 100
ipx routing 0001.644e.5000
!
!
!
interface Serial1/0
no ip address
no ip directed-broadcast
no ip route-cache distributed
shutdown
!
interface Serial1/1
no ip address
no ip directed-broadcast
no ip route-cache distributed
shutdown
!
interface Serial1/2
no ip address
no ip directed-broadcast
no ip route-cache distributed
shutdown
!
interface Serial1/3
no ip address
no ip directed-broadcast
no ip route-cache distributed
shutdown
!
interface Vlan1
no ip address
no ip directed-broadcast
no ip route-cache cef
!
interface Vlan44
ip address 172.16.44.1 255.255.255.0
ip helper-address 172.16.45.11
no ip directed-broadcast
no ip route-cache cef
appletalk cable-range 4400-4400 4400.1
appletalk zone 26st-4
ipx network 44
no ipx pad-process-switched-packets
!
interface Vlan45
ip address 172.16.45.1 255.255.255.0
no ip directed-broadcast
no ip route-cache cef
appletalk cable-range 4500-4500 4500.1
appletalk zone 26st-5
ipx network 45
no ipx pad-process-switched-packets
!
router eigrp 100
network 172.16.0.0
network 172.17.0.0
network 172.18.0.0
network 192.168.26.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 172.16.45.8
!
!
!
!
!
!
line con 0
transport input none
line aux 0
modem autoconfigure discovery
line vty 0 4
password 2
login
!
end

 

[gaveeve]

How are you physically connecting the RSM to the 2620?

 

[beckfiveoh]

The 2620 that's doing the NATing has 1 ethernet going to the ISP's hub, and the other ethernet interface is plugged into a switch port on the "45" VLAN of the 5500 catalyst which has the RSM module in it.... I guess that's the old skool MSFC type routing module for the switches.

Larry

 

[gaveeve]

You need to trunk a port to the 2620 and have both vlans go over that. I think you could probably do without the 2620 altogether. I'm at work and will have to look up exact commands at home. Maybe someone else out there could help in the meantime.I don't believe the nating is the problem.

 

[beckfiveoh]

Thanks for the replies... I actually fidgeted around with adding on the EIGRP network, which wasn't previously added onto this router and low and behold... it worked!

Larry