[stephenf33]

Dear All I am having some problems trying to route traffic on a cisco 800 router

I have a computer that has a static ip address (172.17.1.64) with a default gateway set as (172.17.1.254)

Router
Port 1-3 is configured with a VLAN (1) with the ip address IP:172.17.1.254 Sub:255.255.0.0 which the computer connects

The wan port is configured with the ip address 192.168.20.4 255.255.255.248 and is connected to the network 159.151.179.0 255.255.255.0. I have configured an IP route to allow traffic to reach the router and i can ping the addresses on that network

I would now like to route the traffic so the computer (172.17.1.64)will be be able to connect to the 159 network

If anyone could help that would be great :grin:
Many thanks

Steve

 

[TheWiz]

Hi. Can you clarify your WAN connectivity and where you configured your static route? What was the static route you configured? It appears you have connected differing subnets together for your WAN link perhaps? Or, what is the address of the far end router that your WAN link connects to? If you have a simple diagram that would help.

 

[stephenf33]

There is currently a static route on the WAN port pointing at the 159 part of the network. I can ping that side from the router

On the VLAN ports 1-3 i can ping the computer and from the computer i can ping the vlan and wan ports

I just cannot ping the 159 address from the computer

Many Thanks

Steve

 

[TheWiz]

There is currently a static route on the WAN port pointing at the 159 part of the network. I can ping that side from the router

On the VLAN ports 1-3 i can ping the computer and from the computer i can ping the vlan and wan ports

I just cannot ping the 159 address from the computer

Many Thanks

Steve

It's an interesting diagram. You have differing subnets connected together using a static to direct traffic via a physical interface. Why can't you have an IP address on the router in the same subnet as the server? What is the gateway address the server is using? To get to your PC, the server would need to have a gateway that knows how to get to your 172 network.

Might I be so bold as to suggest you change the WAn interface IP to 159.151.179.254 with a mask of 255.255.255.0 and get rid of the 192.168.20.4 (this all assumes that there is nothing else on the network that may be impacted by this change). You would no loger require the static route in your config then. Then configure your server to have the 159.151.179.254 address as its default gateway.

If this isn't possible due to other devices etc, then pick any other IP address in the 159 range thats free and put that on the WAN interface of your router and use that as the default gateway.

If a default gateway is in use on the 159 network already, then you will need to configure a static route on that gateway device to point at your routers WAN IP address for your 172 network.

Hope this isn't to confusing.

Wiz

 

[stephenf33]

Wiz

I've just spoken to a colleague and he's just explained abit more in depth the situation. I'm not sure if this makes the understanding any easier but this is the email i've recieved

The network traffic only needs to go one way. The 172 network needs to contact the server on the 159 network hence uses the 192.168.20.? as a VLAN already configured on the 159 network. The server does not need to talk to the 172 network in return hence the traffic going only one way. We do not have access to the default gateway router on the 159 network.

Many Thanks

Steve

 

[TheWiz]

The only situation where the traffic only goes one way is via UDP packets. This protocol requires no handshaking or acknowledgements of recipt of packets. It just sends the UDP traffic and "assumes" it reached its destination. Ping requires the endpoint to know how to get back to the originating subnet otherwise you will not recieve a reply. Any connection oriented protocol will fail without the server knowing a return path. You can verify UDP traffic leaving your 192 interface by debugiing the IP packets leaving the interface. I still don't really understand why there is a 192 network at all. For the above requirement, no IP address is required at all to send traffic out that interface.

 

[TheWiz]

Actually. Just thinking a bit more on this. Perhaps what is meant is that the server knows how to get back to (the 159 gateway router has a route for) the 192.168.20.0 network WAN link. This can be proved if the router can ping the server (it will use the 192 address as a source IP for the ping). If this is the case and you need to use a connection oriented protocol, you could use NAT at the router to NAT the 172 network traffic to a 192 source IP. This will allow you to PING or anything else from the PC to the server.

 

[stephenf33]

Wiz

Any idea on the commands i need to put into the router to use NAT to transport the 172 network traffic to a 192 source. I have very little knowledge of cisco, and information on the internet hasnt really helped. If you could it would be a great help

Many Thanks

Steve

 

[TheWiz]

Once again, this will only work if the router can ping the server on the 159 network. Add the following to your router config -

router#conf t
router(config)#interface FastEthernet4
router(config-if)# ip nat outside
router(config-if)#interface Vlan1
router(config-if)# ip nat inside
router(config-if)#exit
router(config)#ip nat inside source list 123 interface FastEthernet4 overload
router(config)#access-list 123 permit ip 172.17.0.0 0.0.255.255 159.151.179.0 0.0.0.255
router(config)#exit
router#copy run start
router#


Cheers
Wiz

 

[stephenf33]

Wiz

Sorry for the very late reply, that worked perfect....

Many Thanks

Steve

 

[TheWiz]

No problem

;-)