# Connecting Two Routers to the Internet GNS3



## tallaght6504 (Jul 14, 2015)

Hi ,

I'm looking for some help in GNS3, i currently have a topology which is composed of two routers (c7200) the first router is named R1 the second named Edge. The issues i have is that the edge can connect to the Internet and can ping my routers default gateway and can ping ip domains such as google.com and so on. The issue is R1 cannot, I've tried enabling OSPF routing thinking that if Edge knew the route to the internet then so would R! as there would be an entry in the routing table however this is not the case. I Also thought maybe that it might be a NAT issue so i enabled NAT listing my inside & outside interface however still no luck. This is really starting to bug me as I'm trying to prepare for my CCNA Security Studies & it's my 1st time using GNS3 any help is much appreciated I've also listed the configs as well as an image of the current topology.


R1 Config

*Jul 14 10:09:06.179: %SYS-5-CONFIG_I: Configured from console by console

R1#ping 192.168.0.69

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.0.69, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 12/24/40 ms

R1#ping 192.168.0.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.0.1, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

R1#ping Google

Translating "www.google.com"...domain server (8.8.8.8) (4.4.4.4)

% Unrecognized host or address, or protocol not running.

R1#

R1#sh runn

R1#sh running-config

Building configuration...

Current configuration : 1266 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname R1

!

boot-start-marker

boot-end-marker

!

!

no aaa new-model

!

resource policy

!

ip subnet-zero

no ip icmp rate-limit unreachable

ip cef

ip tcp synwait-time 5

!

!

!

interface FastEthernet0/0

no ip address

shutdown

duplex half

!

interface GigabitEthernet1/0

ip address 10.1.0.1 255.255.255.0

negotiation auto

!

interface GigabitEthernet2/0

ip address dhcp

negotiation auto

!

interface GigabitEthernet3/0

no ip address

shutdown

negotiation auto

!

interface GigabitEthernet4/0

no ip address

shutdown

negotiation auto

!

router ospf 1

log-adjacency-changes

network 10.1.0.0 0.0.0.255 area 0

network 192.168.0.0 0.0.0.255 area 0

network 192.168.1.0 0.0.0.255 area 0

network 192.168.28.0 0.0.0.255 area 0

!

ip classless

no ip http server

no ip http secure-server

!

!

!

logging alarm informational

no cdp log mismatch duplex

!

!

!

!

control-plane

!

!

!

!

!

!

gatekeeper

shutdown

!

!

line con 0

exec-timeout 0 0

privilege level 15

logging synchronous

stopbits 1

line aux 0

exec-timeout 0 0

privilege level 15

logging synchronous

stopbits 1

line vty 0 4

login

!

!

end

________________________________________________

Edge Config

Edge#sh running-config

Building configuration...

Current configuration : 1793 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Edge

!

boot-start-marker

boot-end-marker

!

!

no aaa new-model

!

resource policy

!

ip subnet-zero

no ip icmp rate-limit unreachable

ip cef

ip tcp synwait-time 5

!

!

no ip dhcp use vrf connected

ip dhcp excluded-address 192.168.1.0 192.168.1.99

!

ip dhcp pool MY_LAN

network 192.168.1.0 255.255.255.0

default-router 192.168.1.1

dns-server 8.8.8.8 4.4.4.4

!

!

!

interface FastEthernet0/0

no ip address

shutdown

duplex half

!

interface GigabitEthernet1/0

description ## INTERNET ##

ip address dhcp

ip access-group MY_WAN in

ip nat outside

ip virtual-reassembly

negotiation auto

!

interface GigabitEthernet2/0

description ## MY LAN ##

ip address 192.168.1.1 255.255.255.0

ip nat inside

ip virtual-reassembly

negotiation auto

!

interface GigabitEthernet3/0

no ip address

shutdown

negotiation auto

!

interface GigabitEthernet4/0

no ip address

shutdown

negotiation auto

!

router ospf 1

log-adjacency-changes

network 192.168.0.0 0.0.0.255 area 0

network 192.168.1.0 0.0.0.255 area 0

!

ip classless

no ip http server

no ip http secure-server

!

!

ip nat inside source list MY_LAN interface GigabitEthernet2/0 overload

!

ip access-list standard MY_LAN

permit 192.168.1.0 0.0.0.255

!

ip access-list extended MY_WAN

permit tcp any any established

deny tcp any any

permit ip any any

!

logging alarm informational

no cdp log mismatch duplex

!

!

!

!

control-plane

!

!

!

!

!

!

gatekeeper

shutdown

!

!

line con 0

exec-timeout 0 0

privilege level 15

logging synchronous

stopbits 1

line aux 0

exec-timeout 0 0

privilege level 15

logging synchronous

stopbits 1

line vty 0 4

login

!

!

end


----------



## MitchConner (May 8, 2015)

A couple of things jump out as immediately obvious:

R1 gi1/0 has the wrong ip (10.1.0.1) which is connected to your edge router. They will need to be in the same subnet in order to route across the link. If you want to use a 10.x address, you'll need to NAT that onto your 192 range (and change gi2 to match).

R1 is not advertising any of the 192 ranges via OSPF as they aren't configured on any interfaces on your router. Also as an fyi, R1 should be configured as an OSPF stub router 

Your ACL is configured incorrectly, the deny statement is in the middle of the acl, it should be at the bottom.

Please review your configs, verify connectivity and basic routing and then re-test. If you're still having issues after that then please let me know. And excuse my brevity as i'm posting via my phone


----------



## MitchConner (May 8, 2015)

Sorry, i misread a little of your post (i blame my phone  ).

Gi1/0 is your lan (10.x.x.x)?

Remove the dhcp config from your routed links between the two routers and statically configure them.

In order for 10.x.x.x to reach the internet, you'll need to nat that onto the routed link address range on R1 then nat again from the edge to the internet (which you already have).


----------



## MitchConner (May 8, 2015)

So, for example:

R1:

int gi2/0
desc Link to Edge router
ip address 192.168.1.1 255.255.255.252
no shut
ip nat outside

int gi1/0.1
desc Inter-vlan sub-interface for LAN
encapsulation dot1q 1
ip address 10.0.0.1 255.255.255.0
ip nat inside
no shut

ip access-list standard INSIDE_NAT
permit ip 10.0.0.0 0.0.0.255

ip nat inside source-list INSIDE_NAT int gi2/0 overload

ip route 0.0.0.0 0.0.0.0 192.168.1.2

R2:

int gi2/0
desc Link to R1
ip address 192.168.1.2 255.255.255.252
ip nat inside
no shut

int gi1/0
(use current config)

You won't need any routes to the stub router as 192.168.1.1/30 will show as a directly connected route.

Let me know how you get on mate and please excuse any phone-related spelling errors


----------



## tallaght6504 (Jul 14, 2015)

Hi Mitch really appreciate your help but still so far no joy I'll post my config that you suggested just to see what you think,

Connected to Dynamips VM "R1" (ID 1, type c7200) - Console port
Press ENTER to get the prompt.

R1#sh running-config
Building configuration...

Current configuration : 1569 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
ip subnet-zero
no ip icmp rate-limit unreachable
ip cef
ip tcp synwait-time 5
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface GigabitEthernet1/0
ip address 10.1.0.1 255.255.255.0
negotiation auto
!
interface GigabitEthernet1/0.1
encapsulation dot1Q 1 native
ip address 10.0.0.2 255.255.255.0
ip nat inside
ip virtual-reassembly
no snmp trap link-status
!
interface GigabitEthernet2/0
ip address dhcp
ip nat outside
ip virtual-reassembly
negotiation auto
!
interface GigabitEthernet3/0
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet4/0
no ip address
shutdown
negotiation auto
!
router ospf 1
log-adjacency-changes
network 192.168.0.0 0.0.0.255 area 0
network 192.168.1.0 0.0.0.255 area 0
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.1
no ip http server
no ip http secure-server
!
!
ip nat inside source list INSIDE_NAT interface GigabitEthernet2/0 overload
!
ip access-list standard INSIDE_NAT
permit 10.0.0.0 0.0.0.255
!
logging alarm informational
no cdp log mismatch duplex
!
!
!
!
control-plane
!
!
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
!
!
end

R1#

_______________

Edge#sh run
Edge#sh running-config
Edge#sh running-config
Building configuration...

Current configuration : 1711 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Edge
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
ip subnet-zero
no ip icmp rate-limit unreachable
ip cef
ip tcp synwait-time 5
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.0 192.168.1.99
!
ip dhcp pool MY_LAN
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 8.8.8.8 4.4.4.4
!
!
!
!
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface GigabitEthernet1/0
description ## INTERNET ##
ip address dhcp
ip access-group MY_WAN in
negotiation auto
!
interface GigabitEthernet2/0
description ## MY LAN ##
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
negotiation auto
!
interface GigabitEthernet3/0
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet4/0
no ip address
shutdown
negotiation auto
!
router ospf 1
log-adjacency-changes
network 192.168.0.0 0.0.0.255 area 0
network 192.168.1.0 0.0.0.255 area 0
!
ip classless
no ip http server
no ip http secure-server
!
!
ip nat inside source list MY_LAN interface GigabitEthernet2/0 overload
!
ip access-list extended MY_WAN
permit tcp any any
permit tcp any any established
deny tcp any any
permit ip any any
!
logging alarm informational
no cdp log mismatch duplex
!
!
!
!
control-plane
!
!
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
!
!
end

Edge#


Once again cheers i really do appreciate your help


----------



## tallaght6504 (Jul 14, 2015)

Also something else i found interesting is that the router can go out to the internet but if i open a cmd prompt i can't ping 192.168.0.13 which is the routers G1/0 interface


----------



## MitchConner (May 8, 2015)

Hi mate,

Please disable ospf on your routers, you don't need it. Then please enter the config I posted above and try not to modify the masks. You'll also need to remove the ip from the physical interface where the sub interface has been configured.

It'll be easier to type wri erase into the router and re-do it.


----------



## MitchConner (May 8, 2015)

Here you go mate, i've knocked up a basic setup for you matching your gns3 lab equipment. If you wipe both routers in your lab and just add the config below, it'll work:

hostname edge-router
!
interface GigabitEthernet1/0
description Link to WAN
ip address *192.168.0.253 255.255.255.0*
ip nat outside
negotiation auto
!
interface GigabitEthernet2/0
description Link to R1
ip address 192.168.1.1 255.255.255.252
ip nat inside
negotiation auto
!
ip nat inside source list 1 interface GigabitEthernet1/0 overload
!
ip route 0.0.0.0 0.0.0.0 *192.168.0.1*
!
access-list 1 permit 192.168.1.0 0.0.0.3

hostname r1-router
!
*interface Loopback1
ip address 10.10.10.1 255.255.255.0
ip nat inside*
!
interface GigabitEthernet1/0
ip address 192.168.1.2 255.255.255.252
ip nat outside
negotiation auto
!
ip nat inside source list 1 interface GigabitEthernet1/0 overload
!
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
access-list 1 permit 10.10.10.0 0.0.0.255

Gi1/0 on the edge router will need to have a valid, unused address from your own network.

The default route on the edge router will need to point to whatever is currently your default gateway.

I added the loopback but this can be any type of interface.

Also screenshot showing traffic sourced from both subnets accessing the wan.

If you're studying for your CCNA Security, don't get caught up in too much routing & switching, keep the labs simple enough so you're focused on the requirements. 

Best of luck for your exam mate


----------



## tallaght6504 (Jul 14, 2015)

Hi Mitch,
I'm really sorry mate i just saw your post there now, normally i get an email alert when someone has posted.

I tried the config that you posted however no lucky, but i wasn't sure what you ment when you said: 

"Gi1/0 on the edge router will need to have a valid, unused address from your own network.

The default route on the edge router will need to point to whatever is currently your default gateway.
"

When you say valid address do you mean the public ip address thats assigned to me by my ISP and if so where do i apply the address ?

Once again sorry for not getting back to you sooner, really appreciate the help been at this for 3 days now


----------



## tallaght6504 (Jul 14, 2015)

Also here are the configs that i assigned basic on your configuration

Edge

Edge#sh running-config
Building configuration...

Current configuration : 1377 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Edge
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
ip subnet-zero
no ip icmp rate-limit unreachable
ip cef
ip tcp synwait-time 5
!
!
!
!
!
!
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface GigabitEthernet1/0
description Link to WAN
ip address 192.168.0.253 255.255.255.0
ip nat outside
ip virtual-reassembly
negotiation auto
!
interface GigabitEthernet2/0
description Link to R1
ip address 192.168.1.1 255.255.255.252
ip nat inside
ip virtual-reassembly
negotiation auto
!
interface GigabitEthernet3/0
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet4/0
no ip address
shutdown
negotiation auto
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.0.1
no ip http server
no ip http secure-server
!
!
ip nat inside source list 1 interface GigabitEthernet1/0 overload
!
logging alarm informational
access-list 1 permit 192.168.1.0 0.0.0.3
no cdp log mismatch duplex
!
!
!
!
control-plane
!
!
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
!
!
end

Edge#

_____________

R1

R1#sh running-config
Building configuration...

Current configuration : 1095 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
ip subnet-zero
no ip icmp rate-limit unreachable
ip cef
ip tcp synwait-time 5
!
!
!
!
no ip domain lookup
!
!
!
!
!
!
!
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface GigabitEthernet1/0
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet2/0
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet3/0
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet4/0
no ip address
shutdown
negotiation auto
!
ip classless
no ip http server
no ip http secure-server
!
!
!
logging alarm informational
no cdp log mismatch duplex
!
!
!
!
control-plane
!
!
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
!
!
end

R1#
R1#conft
Translating "conft"

Translating "conft"
% Unknown command or computer name, or unable to find computer address
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#int lo1
R1(config-if)#
*Jul 15 20:30:51.155: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback1, changed state to up
R1(config-if)#ip add
R1(config-if)#ip address 10.10.10.1 255.255.255.0
R1(config-if)#ip nat
R1(config-if)#ip nat ins
R1(config-if)#ip nat inside

*Jul 15 20:31:17.703: %LINEPROTO-5-UPDOWN: Line protocol on Interface NVI0, changed state to up
R1(config-if)#
R1(config-if)#int g1/0
R1(config-if)#ip add
R1(config-if)#ip address 192.168.1.2 255.255.255.252
R1(config-if)#ip nat
R1(config-if)#ip nat outsi
R1(config-if)#ip nat outside
R1(config-if)#neg
R1(config-if)#negotiation au
R1(config-if)#negotiation auto
R1(config-if)#exit
R1(config)#ip na
R1(config)#ip nains
R1(config)#ip nainsso
R1(config)#ip na
R1(config)#ip nat
R1(config)#ip nat ins
R1(config)#ip nat inside sou
R1(config)#ip nat inside source li
R1(config)#ip nat inside source list 1 int
R1(config)#ip nat inside source list 1 interface gi
R1(config)#ip nat inside source list 1 interface gigabitEthernet 1/0 ov
R1(config)#$de source list 1 interface gigabitEthernet 1/0 overload
R1(config)#ip rou
R1(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.1
R1(config)#acc
R1(config)#access-list 1 per
R1(config)#access-list 1 permit 10.10.10.0 0.0.0.255
R1(config)#ip do
R1(config)#ip domain-lo
R1(config)#ip domain-lookup
R1(config)#^Z
R1#p
*Jul 15 20:36:18.243: %SYS-5-CONFIG_I: Configured from console by console
R1#ping Google

Translating "www.google.com"...domain server (255.255.255.255)
% Unrecognized host or address, or protocol not running.

R1#sh int g1/0
GigabitEthernet1/0 is administratively down, line protocol is down
Hardware is 82543, address is ca01.15e8.001c (bia ca01.15e8.001c)
Internet address is 192.168.1.2/30
MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 1000Mb/s, link type is autonegotiation, media type is SX
output flow-control is unsupported, input flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 0 multicast, 0 pause input
0 input packets with dribble condition detected
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out

R1#sh running-config
Building configuration...

Current configuration : 1381 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
ip subnet-zero
no ip icmp rate-limit unreachable
ip cef
ip tcp synwait-time 5
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback1
ip address 10.10.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface GigabitEthernet1/0
ip address 192.168.1.2 255.255.255.252
ip nat outside
ip virtual-reassembly
shutdown
negotiation auto
!
interface GigabitEthernet2/0
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet3/0
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet4/0
no ip address
shutdown
negotiation auto
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.1
no ip http server
no ip http secure-server
!
!
ip nat inside source list 1 interface GigabitEthernet1/0 overload
!
logging alarm informational
access-list 1 permit 10.10.10.0 0.0.0.255
no cdp log mismatch duplex
!
!
!
!
control-plane
!
!
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
!
!
end

R1#


----------



## tallaght6504 (Jul 14, 2015)

Sorry Mitch notice there were a few mistakes in my config here's the correct one


R1#sh run
Building configuration...

Current configuration : 1394 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
ip subnet-zero
no ip icmp rate-limit unreachable
ip cef
ip tcp synwait-time 5
!
!
!
!
!
interface Loopback1
ip address 10.10.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface GigabitEthernet1/0
ip address 192.168.1.2 255.255.255.252
ip nat outside
ip virtual-reassembly
shutdown
negotiation auto
!
interface GigabitEthernet2/0
ip address 192.168.1.2 255.255.255.0
negotiation auto
!
interface GigabitEthernet3/0
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet4/0
no ip address
shutdown
negotiation auto
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.1
no ip http server
no ip http secure-server
!
!
ip nat inside source list 1 interface GigabitEthernet1/0 overload
!
logging alarm informational
access-list 1 permit 10.10.10.0 0.0.0.255
no cdp log mismatch duplex
!
!
!
!
control-plane
!
!
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
!
!
end

R1#


Edge

Edge#sh running-config
Building configuration...

Current configuration : 1377 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Edge
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
ip subnet-zero
no ip icmp rate-limit unreachable
ip cef
ip tcp synwait-time 5
!
!
!
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface GigabitEthernet1/0
description Link to WAN
ip address 192.168.0.253 255.255.255.0
ip nat outside
ip virtual-reassembly
negotiation auto
!
interface GigabitEthernet2/0
description Link to R1
ip address 192.168.1.1 255.255.255.252
ip nat inside
ip virtual-reassembly
negotiation auto
!
interface GigabitEthernet3/0
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet4/0
no ip address
shutdown
negotiation auto
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.0.1
no ip http server
no ip http secure-server
!
!
ip nat inside source list 1 interface GigabitEthernet1/0 overload
!
logging alarm informational
access-list 1 permit 192.168.1.0 0.0.0.3
no cdp log mismatch duplex
!
!
!
!
control-plane
!
!
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
!
!
end

Edge#


----------



## tallaght6504 (Jul 14, 2015)

Sorry Mitch actually every thing is working its just it's just that it could not ping domain-names ie the router has no DNS Server but it pings 8.8.8.8 wahoo thank you mate......

Also i have another question if i add another router and add a different subnet will i also have to configure nat on that router ?

e.g i add Router 3 with a sub network of 192.168.28.0/24 ???


----------



## MitchConner (May 8, 2015)

Hi mate,

Glad it's all working for you 

You can disable the domain lookup on your router using no ip domain-lookup, which won't try to resolve incorrect commands all the time, especially if you're learning your way around IOS.

If you need to add a new router on another interface on the edge router, you'll have address that link (192.168.1.5 & 192.168.1.6 255.255.255.252) and yes, you'll need to nat the new subnet as well. You'll only need the nat inside command on the new interface and change your PAT access-list.


----------



## tallaght6504 (Jul 14, 2015)

Hi Mitch just wanted to say a big thanks really appreciated your help mate was starting to get a bit frustrated lol, Also i just wanted to know I've added a WinXP VM to R1 and it cannot ping the Edge routers interfaces, i have also add the 10.1.0.0/24 subnet to the ACL's and given R1's G1/0 interface a ip nat inside command is this correct. I've also included an Image and Configs. Once again a huge thanks mate  

R1 Router Config

R1#sh running-config
Building configuration...

Current configuration : 3134 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
ip subnet-zero
no ip icmp rate-limit unreachable
ip cef
ip tcp synwait-time 5
!
!
!
!
ip name-server 8.8.8.8
!
!
!
!
!
crypto pki trustpoint TP-self-signed-4279256517
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-4279256517
revocation-check none
rsakeypair TP-self-signed-4279256517
!
!
crypto pki certificate chain TP-self-signed-4279256517
certificate self-signed 01
3082023B 308201A4 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 34323739 32353635 3137301E 170D3135 30373135 32313433
35395A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 32373932
35363531 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100B854 EA9EE643 E0613C72 DFD3AFC2 99895632 DD815B44 D8CB862F F5EB4A7E
9B720A98 E816D02C 3359AF40 662F4CF6 739B5ABC F7EFB783 DB5AFEA2 D8091F6C
D1DDF41C 53CAA6F1 D96F9034 EB35201A A48F8E61 7BDA1C75 00325F2B B18175EE
8636C10F FBB6B3E7 18AA91A0 F9FA9C4B B0600C73 7904386D 7C790A33 AC3974A1
29450203 010001A3 63306130 0F060355 1D130101 FF040530 030101FF 300E0603
551D1104 07300582 0352312E 301F0603 551D2304 18301680 14D5480F 2A9954D3
1B9D8E1A 27BF1E81 545267C7 D5301D06 03551D0E 04160414 D5480F2A 9954D31B
9D8E1A27 BF1E8154 5267C7D5 300D0609 2A864886 F70D0101 04050003 81810032
F0AA6E00 567B37DE 7EB39F29 4A627824 DC268F6C A50AC84D A691B57A 27194BB9
361E198A 67E99F65 51208394 C8AEB749 C21C3266 D1C75734 EFEE1EE1 9E7E7819
2DD83082 AC4B0291 ACD2E7D4 4801EEAE 1EEF5E61 7AAF3101 921D8D3B D9DB3F36
A6A1466B 91F8F0B4 1B2D3C88 DFB2AB72 D8AEBCE9 B6EE89E0 D6BDEE1C 28800E
quit
username addmin privilege 15 secret 5 $1$EebD$ZSrzdUKtZyukfKZPNPbzQ.
!
!
!
!
!
!
!
interface Loopback1
ip address 10.10.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface GigabitEthernet1/0
ip address 10.1.0.2 255.255.255.0
ip nat inside
ip virtual-reassembly
negotiation auto
!
interface GigabitEthernet2/0
ip address 192.168.1.2 255.255.255.0
negotiation auto
!
interface GigabitEthernet3/0
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet4/0
no ip address
shutdown
negotiation auto
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.1
no ip http server
ip http secure-server
!
!
ip nat inside source list 1 interface GigabitEthernet1/0 overload
!
logging alarm informational
access-list 1 permit 10.10.10.0 0.0.0.255
access-list 1 permit 10.1.0.0 0.0.0.255
no cdp log mismatch duplex
!
!
!
!
control-plane
!
!
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
!
!
end

R1#

_____________________________________________________

Edge Router Config

Edge#sh run
Building configuration...

Current configuration : 1440 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Edge
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
ip subnet-zero
no ip icmp rate-limit unreachable
ip cef
ip tcp synwait-time 5
!
!
!
!
ip name-server 8.8.8.8
!
!
!
!
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface GigabitEthernet1/0
description Link to WAN
ip address 192.168.0.253 255.255.255.0
ip nat outside
ip virtual-reassembly
negotiation auto
!
interface GigabitEthernet2/0
description Link to R1
ip address 192.168.1.1 255.255.255.252
ip nat inside
ip virtual-reassembly
negotiation auto
!
interface GigabitEthernet3/0
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet4/0
no ip address
shutdown
negotiation auto
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.0.1
no ip http server
no ip http secure-server
!
!
ip nat inside source list 1 interface GigabitEthernet1/0 overload
!
logging alarm informational
access-list 1 permit 192.168.1.0 0.0.0.3
access-list 1 permit 10.1.0.0 0.0.0.255
no cdp log mismatch duplex
!
!
!
!
control-plane
!
!
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
!
!
end

Edge#


----------



## tallaght6504 (Jul 14, 2015)




----------



## MitchConner (May 8, 2015)

Hi mate, can you change the following please:

edge router:
no access-list 1permit 10.1.0.0 0.0.0.255

R1:
Remove the PAT acl and recreate using 10.0.0.0 0.0.0.255

Then on both routers, type:

clear ip nat translations *

Then retest using:

ping 8.8.8.8 source 10.1.0.2


----------



## tallaght6504 (Jul 14, 2015)

Hey Mitch just managed to get everything working, can i just say once again a massive thank you i was really starting to pull my hair out but you managed to help me out, really appreciated mate.....

Now on to the next problem, trying to get CCP to work properly... lol


----------



## MitchConner (May 8, 2015)

You're most welcome mate 

Any future problems, just let me know!


----------

