The interesting thing is that I see the packet on the outside wire trying to reach it's destination. I used sniffer to test this. So basically when I have this route in place I go to a workstation on the inside network and ping a public address. I get the ICMP query being performed but interestingly the source address is not NATed and appears to be coming from 192.168.1.0 network. Once I remove the the line "ip route 0.0.0.0 0.0.0.0 Ethernet0" then the dns query gets NATed and now with the proper source address the replies are recieved. It seems that putting this line in some how let's the inside network bypass the NAT process. ""Paul Lalonde"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > John, > > Two things I can think of: > > 1. The cable provider is probably providing you with a default gateway > *anyways* in your DHCP request. Likely, you don't need that static route > after all. > > 2. As far as I can tell, your route wouldn't work in any event. Routing out > via a physical interface works fine in serial point-to-point situations when > the other next-hop router is going to receive the packet anyway... but > routing out via an Ethernet interface will likely just *drop* the packet > onto that broadcast domain (subnet) without pointing it to a specific next > hop. Keep in mind that Ethernet is a broadcast-based multi-access medium. By > routing to the physical Ethernet interface, you're basically dropping the > packet on the wire, not shoving it directly to the next-hop router. > > Hope this helps! > Paul > > > > ""John Zaggat"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Hi guys/gals, > > > > I am using a 1605R with 2 ethernet interfaces as > > gateway to my cable service provider. My dilemma is > > that when I put a default route to outside NAT stops > > working. I verified this by using a sniffer. Without > > default route everything seems to work fine but it's > > just bugging the hell out of me that why is it so. Can > > some one enlighten me ? > > Here is my config: > > > > Router#sh run > > Building configuration... > > > > Current configuration : 939 bytes > > ! > > version 12.2 > > service timestamps debug uptime > > service timestamps log uptime > > no service password-encryption > > service udp-small-servers > > service tcp-small-servers > > ! > > hostname Router > > ! > > ! > > ip subnet-zero > > ip name-server 66.75.160.42 > > ip name-server 66.75.160.41 > > ip dhcp excluded-address 192.168.1.1 192.168.1.10 > > ! > > ip dhcp pool INSIDE > > network 192.168.1.0 255.255.255.0 > > default-router 192.168.1.1 > > dns-server 66.75.160.42 > > ! > > ip ssh time-out 120 > > ip ssh authentication-retries 3 > > ! > > ! > > ! > > ! > > interface Ethernet0 > > ip address dhcp > > ip nat outside > > no cdp enable > > ! > > interface Ethernet1 > > ip address 192.168.1.1 255.255.255.0 > > ip nat inside > > no cdp enable > > ! > > ip nat inside source list 1 interface Ethernet0 > > overload > > ip classless > > ip route 0.0.0.0 0.0.0.0 Ethernet0 no ip http server > > no ip pim bidir-enable > > ! > > access-list 1 permit 192.168.1.0 0.0.0.255 > > no cdp advertise-v2 > > no cdp run > > ! > > line con 0 > > line vty 0 3 > > login > > line vty 4 > > password cisco > > login > > ! > > end > > > > ===== > > JZ > > [EMAIL PROTECTED] > > > > > > > > __________________________________________________ > > Do You Yahoo!? > > Yahoo! Health - your guide to health and wellness > > http://health.yahoo.com
Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=42771&t=42762 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
