Re: NAT dilemma [7:42762]
interesting question. without tearing up my pod to set up a QD, let me try a little logic here. when the router checks its FIB, and determines that the packet in question is to go out a particular interface ( as opposed to a network ) what happens then? does the router place that packet onto the wire out that interface, or does it place the packet into the process that manages what happens on that interface? In other words, if the packet is destined out an Ethernet interface, how is it handled? differently than it would be handled under other circumstances? I don't think so. I would think that the process that controls the Ethernet interface would then follow the standard operating procedure for all packets bound out onto an Ethernet - that there would be an ARP request. If there were no response from some device that knew the destination network, then the packet would be dropped. if there were a device, the router would then forward the packet. I guess what I am saying is that the router operates in a standard manner. all packets that the router handles are treated the same way. meaning they are all processed by the appropriate router process. the router code is like any other computer code - a series of if-then-else sequences. all packets are processed the same way - inbound and outbound. in the case we have been discussing, the question I now have is whether or not the cable modem is responding to the ARP requests of the 1605 router. anyone have a different understanding of how the router operates? Chuck Michael L. Williams wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Paul Lalonde wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... but routing out via an Ethernet interface will likely just *drop* the packet onto that broadcast domain (subnet) without pointing it to a specific next hop. This raises an interesting question: If you try to make a static route that routes out an ethernet interface (multi-access medium), does the router send the frame to the Layer 2 broadcast address? If so, then if there is another router somewhere on that segment, wouldn't it hear and route the packet properly, or would it see it as a layer 2 broadcast and it not go any further? Mike W. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=42777t=42762 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: NAT dilemma [7:42762]
Chuck shaped electrons, photons, and little dot things to say: interesting question. without tearing up my pod to set up a QD, let me try a little logic here. when the router checks its FIB, and determines that the packet in question is to go out a particular interface ( as opposed to a network ) what happens then? does the router place that packet onto the wire out that interface, or does it place the packet into the process that manages what happens on that interface? In the unnamed router designs which which I have the most experience, most processing takes place on the input side, which hands the packet off to the switching fabric (fast path). There's usually an internal header indicating the destination as an interface or as a multicast group. Lower-layer encapsulation, output shaping, etc., do take place at the output interface. Typically, IP fragmentation is handled there UNLESS that has to be done in the slow path, which normally is in the main processor. In other words, if the packet is destined out an Ethernet interface, how is it handled? differently than it would be handled under other circumstances? I don't think so. I would think that the process that controls the Ethernet interface would then follow the standard operating procedure for all packets bound out onto an Ethernet - that there would be an ARP request. If there were no response from some device that knew the destination network, then the packet would be dropped. if there were a device, the router would then forward the packet. The output interface pretty well has to be a part of ARPs, but it may be fairly stupid with respect to them -- the ARP requests may originate in some other processor and the ARP cache may be kept there, depending on the design. I guess what I am saying is that the router operates in a standard manner. all packets that the router handles are treated the same way. meaning they are all processed by the appropriate router process. the router code is like any other computer code - a series of if-then-else sequences. all packets are processed the same way - inbound and outbound. I think you are overestimating the role of interface intelligence and underestimating how much goes on in one or more separate processors. Of courxe, this is for high-performance routers. With 1600s and the like, even more intelligence moves from the interface into the main processor. in the case we have been discussing, the question I now have is whether or not the cable modem is responding to the ARP requests of the 1605 router. anyone have a different understanding of how the router operates? Chuck Michael L. Williams wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Paul Lalonde wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... but routing out via an Ethernet interface will likely just *drop* the packet onto that broadcast domain (subnet) without pointing it to a specific next hop. This raises an interesting question: If you try to make a static route that routes out an ethernet interface (multi-access medium), does the router send the frame to the Layer 2 broadcast address? If so, then if there is another router somewhere on that segment, wouldn't it hear and route the packet properly, or would it see it as a layer 2 broadcast and it not go any further? Mike W. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=42779t=42762 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: NAT dilemma [7:42762]
Michael L. Williams wrote: Paul Lalonde wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... but routing out via an Ethernet interface will likely just *drop* the packet onto that broadcast domain (subnet) without pointing it to a specific next hop. This raises an interesting question: If you try to make a static route that routes out an ethernet interface (multi-access medium), does the router send the frame to the Layer 2 broadcast address? If so, then if there is another router somewhere on that segment, wouldn't it hear and route the packet properly, or would it see it as a layer 2 broadcast and it not go any further? One might think that a static route to a broadcast interface type would be ambiguous for layer 2, and it is. But what IOS does in that case is just ARP for the destination IP and hope it gets an answer. It will work, but only if some other adjacent router will perform a proxy ARP reply. Use debug arp to observe this. I used this trick several years ago when I didn't want to run a routing protocol on one interface and there were quite a number of potential next hops (long story). As for the original question... I compared the supplied config to mine and it should work, but then I have Comcast, not Roadrunner. I agree with Paul Lalonde -- just let the router learn the default route via DHCP (it works for me). Once you get it working, you'll want to add some things like an inbound ACL, pass the domain name to your internal DHCP clients, possibly extend the internal DHCP lease time, etc. - Marty Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=42781t=42762 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: NAT dilemma [7:42762]
Marty Adkins wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... One might think that a static route to a broadcast interface type would be ambiguous for layer 2, and it is. But what IOS does in that case is just ARP for the destination IP and hope it gets an answer. It will work, but only if some other adjacent router will perform a proxy ARP reply. Cool.. that makes sense. at first, I was going through my thought processes saying If it's routing a packet (sending a frame) out the ethernet interface what Layer 2 destination address is it using? That's why I was speculating that it was perhaps a L2 broadcast but it makes sense that it would ARP for the dest. IP and then a router on the multi-access could respond via proxy-arp, etc.. Mike W. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=42784t=42762 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: NAT dilemma [7:42762]
Wow Thank you all, I have definitely learned a lot from this. When I do sh IP route I can see that I am getting a default route from the cable provider. Earlier when I was trying to figure out this problem I was running several debugs and I saw encapsulation failed errors which is in line with the ARP process pointed out by Marty. One last thing .what should I have on this router to improve performance and provide security for the inside network. Most of the traffic flowing through this router will be http to the outside. What extra advantage does upgrading to a IOS with firewall feature set give me in this case. Marty Adkins wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Michael L. Williams wrote: Paul Lalonde wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... but routing out via an Ethernet interface will likely just *drop* the packet onto that broadcast domain (subnet) without pointing it to a specific next hop. This raises an interesting question: If you try to make a static route that routes out an ethernet interface (multi-access medium), does the router send the frame to the Layer 2 broadcast address? If so, then if there is another router somewhere on that segment, wouldn't it hear and route the packet properly, or would it see it as a layer 2 broadcast and it not go any further? One might think that a static route to a broadcast interface type would be ambiguous for layer 2, and it is. But what IOS does in that case is just ARP for the destination IP and hope it gets an answer. It will work, but only if some other adjacent router will perform a proxy ARP reply. Use debug arp to observe this. I used this trick several years ago when I didn't want to run a routing protocol on one interface and there were quite a number of potential next hops (long story). As for the original question... I compared the supplied config to mine and it should work, but then I have Comcast, not Roadrunner. I agree with Paul Lalonde -- just let the router learn the default route via DHCP (it works for me). Once you get it working, you'll want to add some things like an inbound ACL, pass the domain name to your internal DHCP clients, possibly extend the internal DHCP lease time, etc. - Marty Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=42785t=42762 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
NAT dilemma [7:42762]
Hi guys/gals, I am using a 1605R with 2 ethernet interfaces as gateway to my cable service provider. My dilemma is that when I put a default route to outside NAT stops working. I verified this by using a sniffer. Without default route everything seems to work fine but it's just bugging the hell out of me that why is it so. Can some one enlighten me ? Here is my config: Router#sh run Building configuration... Current configuration : 939 bytes ! version 12.2 service timestamps debug uptime service timestamps log uptime no service password-encryption service udp-small-servers service tcp-small-servers ! hostname Router ! ! ip subnet-zero ip name-server 66.75.160.42 ip name-server 66.75.160.41 ip dhcp excluded-address 192.168.1.1 192.168.1.10 ! ip dhcp pool INSIDE network 192.168.1.0 255.255.255.0 default-router 192.168.1.1 dns-server 66.75.160.42 ! ip ssh time-out 120 ip ssh authentication-retries 3 ! ! ! ! interface Ethernet0 ip address dhcp ip nat outside no cdp enable ! interface Ethernet1 ip address 192.168.1.1 255.255.255.0 ip nat inside no cdp enable ! ip nat inside source list 1 interface Ethernet0 overload ip classless ip route 0.0.0.0 0.0.0.0 Ethernet0 no ip http server no ip pim bidir-enable ! access-list 1 permit 192.168.1.0 0.0.0.255 no cdp advertise-v2 no cdp run ! line con 0 line vty 0 3 login line vty 4 password cisco login ! end = JZ [EMAIL PROTECTED] __ Do You Yahoo!? Yahoo! Health - your guide to health and wellness http://health.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=42762t=42762 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: NAT dilemma [7:42762]
When you have ths default route in place, and do a 'show ip route' what does your routing table show? Mike W. John Zaggat wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi guys/gals, I am using a 1605R with 2 ethernet interfaces as gateway to my cable service provider. My dilemma is that when I put a default route to outside NAT stops working. I verified this by using a sniffer. Without default route everything seems to work fine but it's just bugging the hell out of me that why is it so. Can some one enlighten me ? Here is my config: Router#sh run Building configuration... Current configuration : 939 bytes ! version 12.2 service timestamps debug uptime service timestamps log uptime no service password-encryption service udp-small-servers service tcp-small-servers ! hostname Router ! ! ip subnet-zero ip name-server 66.75.160.42 ip name-server 66.75.160.41 ip dhcp excluded-address 192.168.1.1 192.168.1.10 ! ip dhcp pool INSIDE network 192.168.1.0 255.255.255.0 default-router 192.168.1.1 dns-server 66.75.160.42 ! ip ssh time-out 120 ip ssh authentication-retries 3 ! ! ! ! interface Ethernet0 ip address dhcp ip nat outside no cdp enable ! interface Ethernet1 ip address 192.168.1.1 255.255.255.0 ip nat inside no cdp enable ! ip nat inside source list 1 interface Ethernet0 overload ip classless ip route 0.0.0.0 0.0.0.0 Ethernet0 no ip http server no ip pim bidir-enable ! access-list 1 permit 192.168.1.0 0.0.0.255 no cdp advertise-v2 no cdp run ! line con 0 line vty 0 3 login line vty 4 password cisco login ! end = JZ [EMAIL PROTECTED] __ Do You Yahoo!? Yahoo! Health - your guide to health and wellness http://health.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=42763t=42762 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: NAT dilemma [7:42762]
Router#sh ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is 0.0.0.0 to network 0.0.0.0 66.0.0.0/21 is subnetted, 1 subnets C 66.27.200.0 is directly connected, Ethernet0 C192.168.1.0/24 is directly connected, Ethernet1 S* 0.0.0.0/0 is directly connected, Ethernet0 Michael L. Williams wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... When you have ths default route in place, and do a 'show ip route' what does your routing table show? Mike W. John Zaggat wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi guys/gals, I am using a 1605R with 2 ethernet interfaces as gateway to my cable service provider. My dilemma is that when I put a default route to outside NAT stops working. I verified this by using a sniffer. Without default route everything seems to work fine but it's just bugging the hell out of me that why is it so. Can some one enlighten me ? Here is my config: Router#sh run Building configuration... Current configuration : 939 bytes ! version 12.2 service timestamps debug uptime service timestamps log uptime no service password-encryption service udp-small-servers service tcp-small-servers ! hostname Router ! ! ip subnet-zero ip name-server 66.75.160.42 ip name-server 66.75.160.41 ip dhcp excluded-address 192.168.1.1 192.168.1.10 ! ip dhcp pool INSIDE network 192.168.1.0 255.255.255.0 default-router 192.168.1.1 dns-server 66.75.160.42 ! ip ssh time-out 120 ip ssh authentication-retries 3 ! ! ! ! interface Ethernet0 ip address dhcp ip nat outside no cdp enable ! interface Ethernet1 ip address 192.168.1.1 255.255.255.0 ip nat inside no cdp enable ! ip nat inside source list 1 interface Ethernet0 overload ip classless ip route 0.0.0.0 0.0.0.0 Ethernet0 no ip http server no ip pim bidir-enable ! access-list 1 permit 192.168.1.0 0.0.0.255 no cdp advertise-v2 no cdp run ! line con 0 line vty 0 3 login line vty 4 password cisco login ! end = JZ [EMAIL PROTECTED] __ Do You Yahoo!? Yahoo! Health - your guide to health and wellness http://health.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=42768t=42762 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: NAT dilemma [7:42762]
Here is sh ip routeRouter#sh ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is 0.0.0.0 to network 0.0.0.0 66.0.0.0/21 is subnetted, 1 subnets C 66.27.200.0 is directly connected, Ethernet0 C192.168.1.0/24 is directly connected, Ethernet1 S* 0.0.0.0/0 is directly connected, Ethernet0 Michael L. Williams wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... When you have ths default route in place, and do a 'show ip route' what does your routing table show? Mike W. John Zaggat wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi guys/gals, I am using a 1605R with 2 ethernet interfaces as gateway to my cable service provider. My dilemma is that when I put a default route to outside NAT stops working. I verified this by using a sniffer. Without default route everything seems to work fine but it's just bugging the hell out of me that why is it so. Can some one enlighten me ? Here is my config: Router#sh run Building configuration... Current configuration : 939 bytes ! version 12.2 service timestamps debug uptime service timestamps log uptime no service password-encryption service udp-small-servers service tcp-small-servers ! hostname Router ! ! ip subnet-zero ip name-server 66.75.160.42 ip name-server 66.75.160.41 ip dhcp excluded-address 192.168.1.1 192.168.1.10 ! ip dhcp pool INSIDE network 192.168.1.0 255.255.255.0 default-router 192.168.1.1 dns-server 66.75.160.42 ! ip ssh time-out 120 ip ssh authentication-retries 3 ! ! ! ! interface Ethernet0 ip address dhcp ip nat outside no cdp enable ! interface Ethernet1 ip address 192.168.1.1 255.255.255.0 ip nat inside no cdp enable ! ip nat inside source list 1 interface Ethernet0 overload ip classless ip route 0.0.0.0 0.0.0.0 Ethernet0 no ip http server no ip pim bidir-enable ! access-list 1 permit 192.168.1.0 0.0.0.255 no cdp advertise-v2 no cdp run ! line con 0 line vty 0 3 login line vty 4 password cisco login ! end = JZ [EMAIL PROTECTED] __ Do You Yahoo!? Yahoo! Health - your guide to health and wellness http://health.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=42767t=42762 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: NAT dilemma [7:42762]
John, Two things I can think of: 1. The cable provider is probably providing you with a default gateway *anyways* in your DHCP request. Likely, you don't need that static route after all. 2. As far as I can tell, your route wouldn't work in any event. Routing out via a physical interface works fine in serial point-to-point situations when the other next-hop router is going to receive the packet anyway... but routing out via an Ethernet interface will likely just *drop* the packet onto that broadcast domain (subnet) without pointing it to a specific next hop. Keep in mind that Ethernet is a broadcast-based multi-access medium. By routing to the physical Ethernet interface, you're basically dropping the packet on the wire, not shoving it directly to the next-hop router. Hope this helps! Paul John Zaggat wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi guys/gals, I am using a 1605R with 2 ethernet interfaces as gateway to my cable service provider. My dilemma is that when I put a default route to outside NAT stops working. I verified this by using a sniffer. Without default route everything seems to work fine but it's just bugging the hell out of me that why is it so. Can some one enlighten me ? Here is my config: Router#sh run Building configuration... Current configuration : 939 bytes ! version 12.2 service timestamps debug uptime service timestamps log uptime no service password-encryption service udp-small-servers service tcp-small-servers ! hostname Router ! ! ip subnet-zero ip name-server 66.75.160.42 ip name-server 66.75.160.41 ip dhcp excluded-address 192.168.1.1 192.168.1.10 ! ip dhcp pool INSIDE network 192.168.1.0 255.255.255.0 default-router 192.168.1.1 dns-server 66.75.160.42 ! ip ssh time-out 120 ip ssh authentication-retries 3 ! ! ! ! interface Ethernet0 ip address dhcp ip nat outside no cdp enable ! interface Ethernet1 ip address 192.168.1.1 255.255.255.0 ip nat inside no cdp enable ! ip nat inside source list 1 interface Ethernet0 overload ip classless ip route 0.0.0.0 0.0.0.0 Ethernet0 no ip http server no ip pim bidir-enable ! access-list 1 permit 192.168.1.0 0.0.0.255 no cdp advertise-v2 no cdp run ! line con 0 line vty 0 3 login line vty 4 password cisco login ! end = JZ [EMAIL PROTECTED] __ Do You Yahoo!? Yahoo! Health - your guide to health and wellness http://health.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=42770t=42762 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: NAT dilemma [7:42762]
Strange... it says gateway of last resort if 0.0.0.0 to network 0.0.0.0... appears it's trying to route everything to itself so to speak.. in most examples and cases, I've seen something like this: Gateway of last resort is 161.44.192.2 to network 198.10.1.0 Perhaps instead of using the 'ip default-network' command, simply try a static route 'ip route 0.0.0.0 0.0.0.0.0 e0' and see if that makes a difference.. Worth a shot =) Mike W. JZ wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Here is sh ip routeRouter#sh ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is 0.0.0.0 to network 0.0.0.0 66.0.0.0/21 is subnetted, 1 subnets C 66.27.200.0 is directly connected, Ethernet0 C192.168.1.0/24 is directly connected, Ethernet1 S* 0.0.0.0/0 is directly connected, Ethernet0 Michael L. Williams wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... When you have ths default route in place, and do a 'show ip route' what does your routing table show? Mike W. John Zaggat wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi guys/gals, I am using a 1605R with 2 ethernet interfaces as gateway to my cable service provider. My dilemma is that when I put a default route to outside NAT stops working. I verified this by using a sniffer. Without default route everything seems to work fine but it's just bugging the hell out of me that why is it so. Can some one enlighten me ? Here is my config: Router#sh run Building configuration... Current configuration : 939 bytes ! version 12.2 service timestamps debug uptime service timestamps log uptime no service password-encryption service udp-small-servers service tcp-small-servers ! hostname Router ! ! ip subnet-zero ip name-server 66.75.160.42 ip name-server 66.75.160.41 ip dhcp excluded-address 192.168.1.1 192.168.1.10 ! ip dhcp pool INSIDE network 192.168.1.0 255.255.255.0 default-router 192.168.1.1 dns-server 66.75.160.42 ! ip ssh time-out 120 ip ssh authentication-retries 3 ! ! ! ! interface Ethernet0 ip address dhcp ip nat outside no cdp enable ! interface Ethernet1 ip address 192.168.1.1 255.255.255.0 ip nat inside no cdp enable ! ip nat inside source list 1 interface Ethernet0 overload ip classless ip route 0.0.0.0 0.0.0.0 Ethernet0 no ip http server no ip pim bidir-enable ! access-list 1 permit 192.168.1.0 0.0.0.255 no cdp advertise-v2 no cdp run ! line con 0 line vty 0 3 login line vty 4 password cisco login ! end = JZ [EMAIL PROTECTED] __ Do You Yahoo!? Yahoo! Health - your guide to health and wellness http://health.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=42769t=42762 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: NAT dilemma [7:42762]
The interesting thing is that I see the packet on the outside wire trying to reach it's destination. I used sniffer to test this. So basically when I have this route in place I go to a workstation on the inside network and ping a public address. I get the ICMP query being performed but interestingly the source address is not NATed and appears to be coming from 192.168.1.0 network. Once I remove the the line ip route 0.0.0.0 0.0.0.0 Ethernet0 then the dns query gets NATed and now with the proper source address the replies are recieved. It seems that putting this line in some how let's the inside network bypass the NAT process. Paul Lalonde wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... John, Two things I can think of: 1. The cable provider is probably providing you with a default gateway *anyways* in your DHCP request. Likely, you don't need that static route after all. 2. As far as I can tell, your route wouldn't work in any event. Routing out via a physical interface works fine in serial point-to-point situations when the other next-hop router is going to receive the packet anyway... but routing out via an Ethernet interface will likely just *drop* the packet onto that broadcast domain (subnet) without pointing it to a specific next hop. Keep in mind that Ethernet is a broadcast-based multi-access medium. By routing to the physical Ethernet interface, you're basically dropping the packet on the wire, not shoving it directly to the next-hop router. Hope this helps! Paul John Zaggat wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi guys/gals, I am using a 1605R with 2 ethernet interfaces as gateway to my cable service provider. My dilemma is that when I put a default route to outside NAT stops working. I verified this by using a sniffer. Without default route everything seems to work fine but it's just bugging the hell out of me that why is it so. Can some one enlighten me ? Here is my config: Router#sh run Building configuration... Current configuration : 939 bytes ! version 12.2 service timestamps debug uptime service timestamps log uptime no service password-encryption service udp-small-servers service tcp-small-servers ! hostname Router ! ! ip subnet-zero ip name-server 66.75.160.42 ip name-server 66.75.160.41 ip dhcp excluded-address 192.168.1.1 192.168.1.10 ! ip dhcp pool INSIDE network 192.168.1.0 255.255.255.0 default-router 192.168.1.1 dns-server 66.75.160.42 ! ip ssh time-out 120 ip ssh authentication-retries 3 ! ! ! ! interface Ethernet0 ip address dhcp ip nat outside no cdp enable ! interface Ethernet1 ip address 192.168.1.1 255.255.255.0 ip nat inside no cdp enable ! ip nat inside source list 1 interface Ethernet0 overload ip classless ip route 0.0.0.0 0.0.0.0 Ethernet0 no ip http server no ip pim bidir-enable ! access-list 1 permit 192.168.1.0 0.0.0.255 no cdp advertise-v2 no cdp run ! line con 0 line vty 0 3 login line vty 4 password cisco login ! end = JZ [EMAIL PROTECTED] __ Do You Yahoo!? Yahoo! Health - your guide to health and wellness http://health.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=42771t=42762 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: NAT dilemma [7:42762]
Correction I meant the ICMP request instead of DNS query. Sorry JZ wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... The interesting thing is that I see the packet on the outside wire trying to reach it's destination. I used sniffer to test this. So basically when I have this route in place I go to a workstation on the inside network and ping a public address. I get the ICMP query being performed but interestingly the source address is not NATed and appears to be coming from 192.168.1.0 network. Once I remove the the line ip route 0.0.0.0 0.0.0.0 Ethernet0 then the dns query gets NATed and now with the proper source address the replies are recieved. It seems that putting this line in some how let's the inside network bypass the NAT process. Paul Lalonde wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... John, Two things I can think of: 1. The cable provider is probably providing you with a default gateway *anyways* in your DHCP request. Likely, you don't need that static route after all. 2. As far as I can tell, your route wouldn't work in any event. Routing out via a physical interface works fine in serial point-to-point situations when the other next-hop router is going to receive the packet anyway... but routing out via an Ethernet interface will likely just *drop* the packet onto that broadcast domain (subnet) without pointing it to a specific next hop. Keep in mind that Ethernet is a broadcast-based multi-access medium. By routing to the physical Ethernet interface, you're basically dropping the packet on the wire, not shoving it directly to the next-hop router. Hope this helps! Paul John Zaggat wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi guys/gals, I am using a 1605R with 2 ethernet interfaces as gateway to my cable service provider. My dilemma is that when I put a default route to outside NAT stops working. I verified this by using a sniffer. Without default route everything seems to work fine but it's just bugging the hell out of me that why is it so. Can some one enlighten me ? Here is my config: Router#sh run Building configuration... Current configuration : 939 bytes ! version 12.2 service timestamps debug uptime service timestamps log uptime no service password-encryption service udp-small-servers service tcp-small-servers ! hostname Router ! ! ip subnet-zero ip name-server 66.75.160.42 ip name-server 66.75.160.41 ip dhcp excluded-address 192.168.1.1 192.168.1.10 ! ip dhcp pool INSIDE network 192.168.1.0 255.255.255.0 default-router 192.168.1.1 dns-server 66.75.160.42 ! ip ssh time-out 120 ip ssh authentication-retries 3 ! ! ! ! interface Ethernet0 ip address dhcp ip nat outside no cdp enable ! interface Ethernet1 ip address 192.168.1.1 255.255.255.0 ip nat inside no cdp enable ! ip nat inside source list 1 interface Ethernet0 overload ip classless ip route 0.0.0.0 0.0.0.0 Ethernet0 no ip http server no ip pim bidir-enable ! access-list 1 permit 192.168.1.0 0.0.0.255 no cdp advertise-v2 no cdp run ! line con 0 line vty 0 3 login line vty 4 password cisco login ! end = JZ [EMAIL PROTECTED] __ Do You Yahoo!? Yahoo! Health - your guide to health and wellness http://health.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=42773t=42762 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: NAT dilemma [7:42762]
Paul Lalonde wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... but routing out via an Ethernet interface will likely just *drop* the packet onto that broadcast domain (subnet) without pointing it to a specific next hop. This raises an interesting question: If you try to make a static route that routes out an ethernet interface (multi-access medium), does the router send the frame to the Layer 2 broadcast address? If so, then if there is another router somewhere on that segment, wouldn't it hear and route the packet properly, or would it see it as a layer 2 broadcast and it not go any further? Mike W. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=42774t=42762 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
