|
Posted by Scott Perry on July 25, 2008, 11:40 am
If you were Registered and logged in, you could reply and use other advanced thread options
and NAT services. Sorry about being picky on the terminology but it makes a
big difference!
I ran your Cisco 1720 router configuration through a 2600 series router and
it worked. I did consider that some sections could be improved to my
preference, but I cannot debate that it did perform NAT and allow inside
access to the outide.
The additional solutions that I see not only deal with your routing, but
also that you do not provide DHCP to your inside hosts which the "modem"
would have done. You need to make sure that DNS resolution works for your
inside systems as well. Without DNS resolution, only connections to
specific IP addresses will work, not connections to systems based on fully
qualified domain name (FQDN) like www.website.com.
Below are the sections, "routing", "dhcp", and "advice" which make up the
remainder of this posting.
ROUTING:
> ip route 0.0.0.0 0.0.0.0 Ethernet 0
This default route points out interface Ethernet0, but it does not specify
the next hop. Think like your router: how does it know what IP address on
Ethernet0 the traffic will be routed to out of the 256 IP addresses in that
subnet on interface Ethernet0? Help your router out by making a more
specific default route:
no ip route 0.0.0.0 0.0.0.0 Ethernet0
ip route 0.0.0.0 0.0.0.0 192.168.1.1
OR
no ip route 0.0.0.0 0.0.0.0 Ethernet0
ip route 0.0.0.0 0.0.0.0 Ethernet0 192.168.1.1
DHCP:
How do your inside hosts know what IP address information to use?
How do your inside hosts know what DNS server to use? Your "modem" is
performing DNS proxy.
I think that is your current problem. Your inside PC may be trying to web
browse some Internet FQDN and is not resolving it to an IP address. Try
throwing this DHCP configuration in place:
ip dhcp excluded-address 192.168.7.1
ip dhcp pool insidelan
network 192.168.7.0 255.255.255.0
domain-name network.net
dns-server 192.168.1.1
This will enable the Cisco 1720 router to act as a DHCP server for DHCP
requests from the interface facing the 192.168.7.0 255.255.255.0 network,
which is FastEthernet 0. Change the domain-name as you like. Now your
inside PCs can lease an IP address and have the correct DNS server
information.
ADVICE:
The Westell modem appears to have a bridging mode which you might want to
take into consideration. Based on what I read, it appears that you will be
configuring the Cisco 1720 router to do percisely what the Westell
modem/router is doing: route to the Internet using NAT.
No more posting passwords in your configuration!
-----
Scott Perry
Indianapolis, IN
-----
>I have configured my Cisco 1700 router to access the Internet through my
>Westell Model 6100 modem using a 1ENET WIC. I can ping my modem at
>192.168.1.1 but I am unable to access the Internet through my router. The
>Internet passes through the 1ENET and my LAN is on the FastEthernet0. My
>configuration of my router is below:
>
> ! ******************************************************************
> ! Cisco1720.cfg - Cisco router configuration file
> ! Automatically created by Cisco ConfigMaker v2.6 Build 6
> ! Friday, July 25, 2008, 07:59:40 AM
> !
> ! Hostname: Cisco1720
> ! Model: 1720
> ! ******************************************************************
> !
> service timestamps debug uptime
> service timestamps log uptime
> service password-encryption
> no service tcp-small-servers
> no service udp-small-servers
> !
> hostname Cisco1720
> !
> enable password char0912
> !
> no ip name-server
> !
> ip subnet-zero
> no ip domain-lookup
> ip routing
> !
> interface FastEthernet 0
> no shutdown
> description connected to EthernetLAN
> ip address 192.168.7.1 255.255.255.0
> ip nat inside
> keepalive 10
> !
> interface Ethernet 0
> no shutdown
> description connected to Internet
> ip address 192.168.1.2 255.255.255.0
> ip nat outside
> keepalive 10
> !
> ! Access Control List 1
> !
> no access-list 1
> access-list 1 permit 192.168.7.0 0.0.0.255
> !
> ! Dynamic NAT
> !
> ip nat translation timeout 86400
> ip nat translation tcp-timeout 86400
> ip nat translation udp-timeout 300
> ip nat translation dns-timeout 60
> ip nat translation finrst-timeout 60
> ip nat inside source list 1 interface Ethernet 0 overload
> !
> router rip
> version 2
> network 192.168.7.0
> passive-interface Ethernet 0
> no auto-summary
> !
> !
> ip classless
> !
> ! IP Static Routes
> ip route 0.0.0.0 0.0.0.0 Ethernet 0
> no ip http server
> snmp-server community public RO
> no snmp-server location
> no snmp-server contact
> !
> line console 0
> exec-timeout 0 0
> password kc9bzf
> login
> !
> line vty 0 4
> password kc9bzf
> login
> !
> end
> Any help would be greatly appreciated.
| 
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML site map