1. Home
  2. Cisco Systems
  3. 1941 no nat

1941 no nat

i have a cisco 1941 with an HWIC-4ESW installed

IOS is C1900-universak9-mz-SPA.151-4.M3

I have an ethernet feed from my ISP

I configured GigabitEthernet0/0 with the public IP from the ISP /30

I configured the IP ROUTE to the next hop up from the GigabitEthernet 0/0

from the 1941 i can ping any external IP address

they also gave me a /28 public block for the LAN Ii gave Vlan1 the 2nd in the range from the /28

If I configure ai PC with 1 of the addresses from ther /28 IP's I can ping Vlan1 and GigabitEthernet0/0 interfaces but no further.

if i configure the 1941 with NAT it all works.

I dont want to use NAT i need servers on each IP with ALL ports available

Am I misssing something in the configuration or is this a IOS bug / limitation

i need a config for a 1941 no nat with public IP's on both WAN and LAN interfaces

Any ideas please

Reply to
Supersleuth
Loading thread data ...

Since the most basic config would do that, and NAT takes extra work, it would help to see your config.

A simple config like

int Gig0/0 ip address 200.200.200.1 255.255.255.252 int Fast0/0 ip address 200.0.0.1 255.255.255.240 ip route 0.0.0.0 0.0.0.0 200.200.200.2

would be sufficient to do what you are asking. But without seeing what you've come up with, we're up in the air on what you've done.

(No need to include passwords, or ACLs that aren't used, and the like. Although if you do have an ACL on an interface, you'll want to make sure it isn't blocking you).

Reply to
Doug McIntyre

the first 2 octets in both subnets are the same numbers (removed for security)

when I tried to give fast0/0/0 an ip address it told me that layer 2 cant have an IP address. Thats why i gave Vlan1 the IP address

if i connect to the router via console and issue a ping to an external publoic IP and that works

If i take a PC and give it x.x 174.25 255.255.255.248 defaulkt gateway x.x.174.25

I can ping to x.x.172.114 but no further

no ipv6 cef ip source-route ip cef ! multilink bundle-name authenticated ! ! ip tcp synwait-time 10 ! ! ! ! interface Embedded-Service-Engine0/0 no ip address ip flow ingress shutdown ! interface GigabitEthernet0/0 description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE

0/0$$ES_LAN$$FW_INSIDE$ ip address x.x.172.114 255.255.255.252 duplex auto speed auto ! interface GigabitEthernet0/1 description $FW_OUTSIDE$$ES_WAN$ no ip address shutdown duplex auto speed auto ! interface FastEthernet0/0/0 no ip address ! interface FastEthernet0/0/1 no ip address ! interface FastEthernet0/0/2 no ip address ! interface FastEthernet0/0/3 no ip address ! interface Vlan1 ip address x.x.174.25 255.255.255.248 ip verify unicast reverse-path ip tcp adjust-mss 1452 ! no ip classless ip forward-protocol nd

! ip route 0.0.0.0 0.0.0.0 x.x.172.113

Reply to
Supersleuth
  • Supersleuth hackte in den Rechenknecht:

One idea: Let the Provider check, if your net is routed correctly. If they don't route your net towards you, then you will get exactly that result.

luke

Reply to
Lukas Schratz

It is routed OK

If i use a draytek router it works ok but the client wants to use the Cisco 1941

Reply to
Supersleuth

What do you see on the router if you issue # ping $outsideaddress sour vlan1

^^^^^^^^^^^^^^^^^^^ Reason for this?

luke

Reply to
Lukas Schratz

Okay, so you also have an HWIC-4ESW card inserted, and you are trying to configure it to work in the mix as well.

The HWIC-4ESW is a layer-2 switch bolted on a board. They aren't router ports (ie. that can take IP address info), but just switch ports, thus you need to do extra stuff to get the bolted-on-switch talking back to the router as well.

I am not familure with the HWIC-4ESW on 1941, but on my 1841 with the HWIC-4ESW, what you did should work.

You may want to just light up both Gigabit interfaces just to make sure what you are doing is functional. These are both full router ports and behave just like you think, without the extra wonkyness that a bolted-on-switch module brings you. They at least you know it is working, then you can tackle the HWIC-4ESW config..

Your config looks correct otherwise.

To troubleshoot the HWIC-4ESW, I'd start to 'show int' each of the ports to make sure they are up. I'd just a 'show vlan' to make sure the VLAN is defined, and that each of the switch ports is indeed part of the VLAN 1 like you are assuming. I'd make sure that Vlan1 is not 'shutdown' so that it can pass layer-2 switch traffic.

I'd do a 'show route' to make sure the routes for each block show up in the routing table, and are Connected routes properly for each block to each layer-3 interface.

Reply to
Doug McIntyre

As said by Lukas, check your connectivity with

router# ping 8.8.8.8 source Vlan1

with Vlan1 ip in /28 subnet.

then post output here...

Of course you can use any public ip address instead of google dns...:-)

Marco

Reply to
Marco Giuliani

ping 8.8.8.8 source GigabitEthernet0/0 100% success

ping 8.8.8.8 source Vlan1 0% sucess

What am I missing in my config to route Vlan1 to GigabitEthernet0/0 (outside world)

Config is posted in 1 of the previous in this chain

Reply to
Supersleuth

It seems that your provider does not have a route to your inside subnet.

your ISP x.x.172.113/30

G0/0 x.x.172.114/30 cisco 1941 Vlan1 x.x.174.25/28

LAN.....subnet x.x.174.16/28

Your default route is 0.0.0.0 0.0.0.0 x.x.172.113 and your ISP's router should have

x.x.174.16 255.255.255.240 x.x.172.113.

Anyway, you said that all was ok with draytek router: how we can explain this situation?

Are you sure about your subnet assignment? Why you choose x.x.174.25/28 ip address on vlan1? It is not first nor last subnet address.

Regards.

Reply to
Marco Giuliani
  • Supersleuth hackte in den Rechenknecht:

do: sh ip route sh vlan-switch sh ip int brie

I suppose, that maybe your vlan-interface is down due to misconfiguration, therefore it is not able to forward traffic.

luke

Reply to
Lukas Schratz

sorry for the typo just realised it should be a /29 255.255.255.248 NOT /28

I have tried the setup with a draytechk,. netgear and a linksys all work OK.

There is something to do with routing any traffic that hits the Vlan1 interface to the GigabitEthernet 0/0 interface WITHOIUT using NAT

If the cheaper routers can do trhis the 1941 must be able to

Reply to
Supersleuth

As my previous post indicated to you, you must be having issues with the addon HWIC-4ESW card you must have installed, and not routing in general.

If you moved your config to use both the Gigabit Ethernet layer-3 ports in the 1941 box, you'd probably work just fine.

I also gave you some troubleshooting commands to see what may be going on with the HWIC-4ESW card talking (as have others).

It isn't the router, but something with the addon card that may be doing you in.

Reply to
Doug McIntyre

After a week of several calls to the ISP support desk with them telling me their service was fine ansd the probem must be in our CPE This time i managed to get an ISP helpdesk engineer that aggreed to login to our router and take a look

After half hour he called back and said he found an error in our router config and he fixed it.

the service is now working

When i checked ther config he said he corrected with my original one there was no difference.

I think he found an error in the ISP's routing and fixed it. talking to other engineers they said this ISP will never admit any problems with their systems

Thanks for all your help

Reply to
Supersleuth

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.