|
Home > Archive > alt.certification.cisco > September 2003 > Desperate!! Stub network cannot get out!
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Desperate!! Stub network cannot get out!
|
|
| looker 2003-09-21, 8:24 pm |
| Hey Guys,
I have a stub network (192.168.100.0) running through a PPP link
(192.168.10.0) into 192.168.1.0 and directly to the INET. My local network
1.0 can access the internet, and ping everything. This network can also ping
everything on the 100.0 network. the 100.0 network can access ALL servers on
the 1.0 network and even ping the cisco 2621 ethernet, but they can't ping
the serial port, (which is the internet). What am I missing. I realize I
shouldn't be advertising the internal routes but I was desperate to get it
to work.
Thanks all.
Building configuration...
Current configuration : 2656 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname
!
logging queue-limit 100
enable secret 5 $1$fkZ4$VSfR3a4jOdKPCCVfEg0cQ.
!
ip subnet-zero
!
!
ip name-server X.X.X.X
ip name-server X.X.X.X
!
!
!
!
interface FastEthernet0/0
description Internal LAN
ip address 192.168.1.8 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface Serial0/0
description
no ip address
shutdown
!
interface Serial0/1
no ip address
shutdown
!
interface Serial0/2
description outside WAN
ip address X.X.X.X 255.255.255.252
ip nat outside
!
router rip
network 66.0.0.0
network 192.168.1.0
network 192.168.10.0
network 192.168.100.0
!
ip nat inside source list 7 interface Serial0/2 overload
ip nat inside source static tcp 192.168.1.2 1494 X.X.X.X 1494 extendable
ip nat inside source static tcp 192.168.1.2 80 X.X.X.X 80 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 X.X.X.X (to internet)
ip route 192.168.100.0 255.255.255.0 192.168.1.5
no ip http server
!
access-list 7 permit 192.168.100.0 0.0.0.255
access-list 7 permit 192.168.1.0 0.0.0.255
access-list 7 permit 192.168.10.0 0.0.0.255
!
line con 0
line aux 0
line vty 0 4
login
!
end
| |
|
|
"looker" <picturelover37@hotmail.com> wrote in message
news:F1rbb.10764$Uv2.5677@nwrdny02.gnilink.net...
> Hey Guys,
>
> I have a stub network (192.168.100.0) running through a PPP link
> (192.168.10.0) into 192.168.1.0 and directly to the INET. My local network
> 1.0 can access the internet, and ping everything. This network can also
ping
> everything on the 100.0 network. the 100.0 network can access ALL servers
on
> the 1.0 network and even ping the cisco 2621 ethernet, but they can't ping
> the serial port, (which is the internet). What am I missing. I realize I
> shouldn't be advertising the internal routes but I was desperate to get it
> to work.
> Thanks all.
>
> Building configuration...
>
> Current configuration : 2656 bytes
> !
> version 12.2
> service timestamps debug uptime
> service timestamps log uptime
> no service password-encryption
> !
> hostname
> !
> logging queue-limit 100
> enable secret 5 $1$fkZ4$VSfR3a4jOdKPCCVfEg0cQ.
> !
> ip subnet-zero
> !
> !
> ip name-server X.X.X.X
> ip name-server X.X.X.X
> !
> !
> !
> !
> interface FastEthernet0/0
> description Internal LAN
> ip address 192.168.1.8 255.255.255.0
> ip nat inside
> duplex auto
> speed auto
> !
> interface Serial0/0
> description
> no ip address
> shutdown
> !
> interface Serial0/1
> no ip address
> shutdown
> !
> interface Serial0/2
> description outside WAN
> ip address X.X.X.X 255.255.255.252
> ip nat outside
> !
> router rip
> network 66.0.0.0
> network 192.168.1.0
> network 192.168.10.0
> network 192.168.100.0
> !
> ip nat inside source list 7 interface Serial0/2 overload
> ip nat inside source static tcp 192.168.1.2 1494 X.X.X.X 1494 extendable
> ip nat inside source static tcp 192.168.1.2 80 X.X.X.X 80 extendable
> ip classless
> ip route 0.0.0.0 0.0.0.0 X.X.X.X (to internet)
> ip route 192.168.100.0 255.255.255.0 192.168.1.5
> no ip http server
******************************
****************
why is there a default route pointing your 100.0 subnet to 1.5?
remove this line, or route it to serial0/2 or the next logical hop.
hope this helps
******************************
****************
> access-list 7 permit 192.168.100.0 0.0.0.255
> access-list 7 permit 192.168.1.0 0.0.0.255
> access-list 7 permit 192.168.10.0 0.0.0.255
> !
> line con 0
> line aux 0
> line vty 0 4
> login
> !
> end
>
>
| |
| FireSword 2003-09-22, 9:24 pm |
| OK, here are my comments:
I only see one interface in the private network, RIP should be running only
for network 192.168.1.0
Or you can disable RIP since you already have a static route configured for
net 192.168.100.0.
If you decide to use RIP you should delete the static route to
192.168.100.0.
To get to the internet from other networks you need to use default routes.
you can either configure the default route manually on the other router or
use RIP to redistribute the default route:
router rip
network 192.168.1.0
redistribute static
default metric 1
ip route 0.0.0.0 0.0.0.0 66.X.X.X OR ip route 0.0.0.0 0.0.0.0 Serial0/2
I would also change the access-list 7 to:
access-list 7 permit any
OR
access-list 7 permit 192.168.0.0 0.0.255.255
I strongly recommend setting up a firewall in this network, the IOS Firewall
is a very good option.
Hope it helps!
"looker" <picturelover37@hotmail.com> wrote in message
news:F1rbb.10764$Uv2.5677@nwrdny02.gnilink.net...
> Hey Guys,
>
> I have a stub network (192.168.100.0) running through a PPP link
> (192.168.10.0) into 192.168.1.0 and directly to the INET. My local network
> 1.0 can access the internet, and ping everything. This network can also
ping
> everything on the 100.0 network. the 100.0 network can access ALL servers
on
> the 1.0 network and even ping the cisco 2621 ethernet, but they can't ping
> the serial port, (which is the internet). What am I missing. I realize I
> shouldn't be advertising the internal routes but I was desperate to get it
> to work.
> Thanks all.
>
> Building configuration...
>
> Current configuration : 2656 bytes
> !
> version 12.2
> service timestamps debug uptime
> service timestamps log uptime
> no service password-encryption
> !
> hostname
> !
> logging queue-limit 100
> enable secret 5 $1$fkZ4$VSfR3a4jOdKPCCVfEg0cQ.
> !
> ip subnet-zero
> !
> !
> ip name-server X.X.X.X
> ip name-server X.X.X.X
> !
> !
> !
> !
> interface FastEthernet0/0
> description Internal LAN
> ip address 192.168.1.8 255.255.255.0
> ip nat inside
> duplex auto
> speed auto
> !
> interface Serial0/0
> description
> no ip address
> shutdown
> !
> interface Serial0/1
> no ip address
> shutdown
> !
> interface Serial0/2
> description outside WAN
> ip address X.X.X.X 255.255.255.252
> ip nat outside
> !
> router rip
> network 66.0.0.0
> network 192.168.1.0
> network 192.168.10.0
> network 192.168.100.0
> !
> ip nat inside source list 7 interface Serial0/2 overload
> ip nat inside source static tcp 192.168.1.2 1494 X.X.X.X 1494 extendable
> ip nat inside source static tcp 192.168.1.2 80 X.X.X.X 80 extendable
>
> ip classless
> ip route 0.0.0.0 0.0.0.0 X.X.X.X (to internet)
> ip route 192.168.100.0 255.255.255.0 192.168.1.5
> no ip http server
> !
> access-list 7 permit 192.168.100.0 0.0.0.255
> access-list 7 permit 192.168.1.0 0.0.0.255
> access-list 7 permit 192.168.10.0 0.0.0.255
> !
> line con 0
> line aux 0
> line vty 0 4
> login
> !
> end
>
>
|
|
|
|
|