2600 + VLAN routing

Discussion in 'Cisco' started by turnip, Nov 2, 2007.

  1. turnip

    turnip Guest

    router config:

    !
    !
    version 12.2
    service tcp-keepalives-in
    service timestamps debug uptime
    service timestamps log uptime
    service password-encryption
    !
    hostname cerberus
    !
    boot system flash c2600-js-mz.122-12a.bin
    no logging console
    aaa new-model
    aaa authentication login default group radius
    aaa authentication ppp default group radius
    aaa authorization network default group radius
    aaa accounting network default start-stop group radius
    enable secret 5 xxx
    enable password 7 xxx
    !
    clock timezone EST -5
    ip subnet-zero
    !
    !
    no ip domain-lookup
    !
    no ip bootp server
    ip cef
    !
    class-map match-all radmin-rdp
    match access-group 101
    class-map match-all ipsec
    match access-group 103
    class-map match-all voice
    match access-group 105
    class-map match-all www
    match access-group 102
    !
    !
    policy-map voip
    class voice
    bandwidth 150
    class class-default
    fair-queue
    policy-map outbound_shaper
    class ipsec
    bandwidth percent 50
    random-detect
    class www
    bandwidth percent 25
    random-detect
    class radmin-rdp
    bandwidth percent 25
    random-detect
    class class-default
    fair-queue
    !
    call rsvp-sync
    !
    !
    !
    !
    !
    !
    !
    !
    interface FastEthernet0/0
    no ip address
    no ip mroute-cache
    duplex auto
    speed auto
    no cdp enable
    !
    interface FastEthernet0/0.1
    encapsulation dot1Q 2
    ip address 192.168.44.253 255.255.255.0
    ip nat inside
    no cdp enable
    !
    interface FastEthernet0/0.4
    encapsulation dot1Q 1 native
    ip address 192.168.0.253 255.255.255.0
    ip nat inside
    no cdp enable
    !
    interface Serial0/0
    bandwidth 1536
    ip address 12.87.aa.aa 255.255.255.252
    ip access-group 125 in
    ip nat outside
    encapsulation ppp
    service-module t1 timeslots 1-24
    service-module t1 remote-alarm-enable
    no cdp enable
    !
    interface FastEthernet0/1
    ip address 10.0.0.253 255.255.255.0
    ip nat inside
    duplex auto
    speed auto
    no cdp enable
    !
    interface Serial0/1
    ip address 10.1.1.2 255.255.255.0
    ip nat inside
    encapsulation ppp
    service-policy output voip
    service-module t1 clock source internal
    no cdp enable
    hold-queue 200 in
    hold-queue 200 out
    !
    router rip
    network 10.0.0.0
    network 192.168.0.0
    network 192.168.1.0
    network 192.168.44.0
    !
    ip nat pool OVERLOAD 12.87.aa.aa 12.87.aa.aa netmask 255.255.255.252
    ip nat pool warehouse 12.170.bb.bb 12.170.bb.bb netmask
    255.255.255.252
    ip nat pool it-dept-vlan 12.170.bb.cc 12.170.bb.cc netmask
    255.255.255.252
    ip nat inside source list 1 pool OVERLOAD overload
    ip nat inside source list 2 pool warehouse overload
    ip nat inside source list 3 pool it-dept-vlan overload
    ip nat inside source static udp 192.168.0.200 3389 12.170.bb.cc 3389
    extendable
    ip nat inside source static tcp 192.168.0.200 3389 12.170.bb.cc 3389
    extendable
    ip nat inside source static tcp 192.168.0.200 1723 12.170.bb.cc 1723
    extendable
    ip nat inside source static tcp 192.168.0.55 3389 12.87.aa.aa 3389
    extendable
    ip nat inside source static udp 192.168.0.55 3389 12.87.aa.aa 3389
    extendable
    ip nat inside source static udp 10.0.0.254 5060 12.87.aa.aa 5060
    extendable
    ip nat inside source static udp 192.168.0.235 4326 12.87.aa.aa 4326
    extendable
    ip nat inside source static tcp 192.168.0.235 4326 12.87.aa.aa 4326
    extendable
    ip nat inside source static tcp 10.0.0.254 6600 12.87.aa.aa 6600
    extendable
    ip nat inside source static udp 10.0.0.254 6600 12.87.aa.aa 6600
    extendable
    ip nat inside source static tcp 192.168.0.199 443 12.170.bb.bb 443
    extendable
    ip nat inside source static udp 192.168.0.199 4500 12.170.bb.bb 4500
    extendable
    ip nat inside source static udp 192.168.0.199 500 12.170.bb.bb 500
    extendable
    ip nat inside source static tcp 192.168.0.111 22 12.170.bb.bb 22
    extendable
    ip nat inside source static tcp 192.168.0.111 80 12.170.bb.bb 80
    extendable
    ip nat inside source static tcp 10.0.0.254 22 12.87.aa.aa.22
    extendable
    ip nat inside source static tcp 10.0.0.254 80 12.87.aa.aa 80
    extendable
    ip nat inside source static tcp 192.168.0.45 3306 12.170.bb.cc 3306
    extendable
    ip nat inside source static udp 192.168.0.41 3389 12.170.bb.aa 3389
    extendable
    ip nat inside source static tcp 192.168.0.41 3389 12.170.bb.aa 3389
    extendable
    ip classless
    ip route 0.0.0.0 0.0.0.0 Serial0/0 12.87.16.37 name at&t
    ip route 192.168.1.0 255.255.255.0 Serial0/1 10.1.1.1 permanent
    no ip http server
    ip pim bidir-enable
    !
    access-list 1 permit 10.0.0.0 0.0.0.255
    access-list 1 permit 192.168.0.0 0.0.0.255
    access-list 2 permit 192.168.1.0 0.0.0.255
    access-list 3 permit 192.168.44.0 0.0.0.255
    access-list 101 remark remote admin acl
    access-list 101 permit tcp any eq 4326 any time-range business_hr
    access-list 101 permit tcp any eq 3389 any time-range business_hr
    access-list 102 remark www protocol
    access-list 102 permit tcp any eq www any time-range business_hr
    access-list 102 permit tcp any eq 443 any time-range business_hr
    access-list 102 permit tcp any eq ftp any time-range business_hr
    access-list 103 remark ipsec/lt2p/pptp/esp
    access-list 103 permit esp any any time-range business_hr
    access-list 103 permit udp any eq isakmp any time-range business_hr
    access-list 103 permit udp any eq 1701 any time-range business_hr
    access-list 103 permit udp any eq 1723 any time-range business_hr
    access-list 103 permit udp any eq 4500 any time-range business_hr
    access-list 103 permit ahp any any time-range business_hr
    access-list 103 permit gre any any time-range business_hr
    access-list 103 permit tcp any eq 1723 any time-range business_hr
    access-list 105 remark VOIP (SIP/IAX/IAX2) traffic gets top priority
    (5)
    access-list 105 permit udp any any eq 4569
    access-list 105 permit udp any any eq 5004
    access-list 105 permit udp any any eq 5036
    access-list 105 permit udp any any eq 5060
    access-list 105 permit ip host 10.0.0.254 any
    access-list 105 permit ip any host 10.0.0.254
    access-list 125 deny tcp any any eq telnet
    access-list 125 deny tcp any any eq chargen
    access-list 125 deny tcp any any eq ident
    access-list 125 deny tcp any any eq nntp
    access-list 125 deny tcp any any eq hostname
    access-list 125 deny tcp any any eq exec
    access-list 125 deny tcp any any eq cmd
    access-list 125 permit ip any any
    access-list 125 permit gre any any
    access-list 125 permit ip any host 192.168.0.200
    access-list 126 permit gre any any
    access-list 126 permit ip any any
    access-list 126 permit udp any any
    access-list 126 permit icmp any any
    access-list 126 permit esp any any
    access-list 126 permit ahp any any
    dialer-list 1 protocol ip permit
    dialer-list 1 protocol ipx permit
    no cdp run
    !
    snmp-server community public RO
    snmp-server contact jzakhar<>
    snmp-server enable traps snmp authentication linkdown linkup coldstart
    warmstart
    snmp-server enable traps tty
    snmp-server enable traps isdn call-information
    snmp-server enable traps isdn layer2
    snmp-server enable traps hsrp
    snmp-server enable traps config
    snmp-server enable traps entity
    snmp-server enable traps envmon
    snmp-server enable traps bgp
    snmp-server enable traps rsvp
    snmp-server enable traps frame-relay
    snmp-server enable traps syslog
    snmp-server enable traps rtr
    snmp-server host 192.168.0.111 public
    radius-server host 192.168.0.52 auth-port 1645 acct-port 1646
    radius-server retransmit 3
    radius-server key 7 140702021C077E7A7478
    radius-server vsa send accounting
    !
    dial-peer cor custom
    !
    !
    !
    !
    line con 0
    line aux 0
    line vty 0 4
    password 7 12170A223F2A2D45
    logout-warning 60
    absolute-timeout 15
    !
    ntp clock-period 17179984
    ntp server 10.0.0.254
    time-range business_hr
    periodic weekdays 8:00 to 18:00
    !
    time-range name
    periodic weekdays 8:00 to 18:00
    !
    end


    I cannot get the 192.168.44.0 vlan to route. When I plug into the
    switch (2924 XL) I can assign an address in teh range. Ping all
    networks internally, but not route out. Using an extended ping I can
    ping from every interface but the 192.168.44.253

    Wondering if anyone see's any glaring issues with my config.
    Everything (nat statements) work minus the one vlan ip nat inside

    Any help would be much appreciated
     
    turnip, Nov 2, 2007
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Dan Jenkins
    Replies:
    3
    Views:
    3,939
    Vincent C Jones
    Feb 19, 2004
  2. Paul Guthrie

    Cisco 2600 / VLAN

    Paul Guthrie, Mar 4, 2004, in forum: Cisco
    Replies:
    1
    Views:
    5,438
    Walter Roberson
    Mar 4, 2004
  3. TF
    Replies:
    9
    Views:
    6,648
    bedoel
    Nov 1, 2006
  4. JohnD
    Replies:
    3
    Views:
    4,298
    stephen
    Dec 18, 2007
  5. Replies:
    2
    Views:
    842
Loading...

Share This Page