- Posts: 2
- Thank you received: 0
Single Cisco 2600 Router & Two subnets using single gate
This is my first post over here and I hope somebody would able to help me with configuring a Cisco 2600 Series router.
Networks:
A. 192.168.10.0/24
B. 192.168.20.0/24
Cisco router is connected to a switch (1900 series cisco) and I have to host machines.
Host A
192.168.10.10/24
DG: 192.168.10.1
Host B
192.168.20.20/24
DG: 192.168.20.1
I have set up the ethernet 0 with two ip addresses
192.168.10.1/24
192.168.20.1/24 secondary
The positive part is I can ping machines from both subnets within the lan and 192.168.10.xxx/24 computers could go out of the network to other networks through 192.168.10.1
Though the e0/0 has two ip addresses, primary and secondary I cannot ping the secondary e0 IP address from the router itself.
Would somebody able to tell me what is wrong with my configurations? Below you can find the current configurations.
Router Con0 is now available
Press RETURN to get started!
Router>en
Router#show run
Building configuration...
Current configuration : 625 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router
!
!
!
ip subnet-zero
!
!
!
!
!
interface FastEthernet0/0
ip address 192.168.20.1 255.255.255.0 secondary
ip address 192.168.10.1 255.255.255.0
no ip directed-broadcast
ip nat inside
!
interface Serial0/0
ip address 172.16.3.1 255.255.255.0
no ip directed-broadcast
clockrate 64000
!
interface FastEthernet0/1
no ip address
no ip directed-broadcast
shutdown
!
interface Serial0/1
no ip address
no ip directed-broadcast
shutdown
!
!
no ip classless
no ip http server
!
!
!
line con 0
line aux 0
line vty 0 4
login
!
end
Router#
If it is a door, it will open
Do you want to have to different subnets, using one and only switch? If this is what you want to do, then you have to use VLANs.
Well we are adding one UTM device (WatchGuard firebox 550e) and the SSL VPN is established against a private ip address range (192.168.10.0/24)What exactly do you want to do?
Do you want to have to different subnets, using one and only switch? If this is what you want to do, then you have to use VLANs.
Everything works fine, but the vpn clients are limited to the primary network.
We asked our ISP who provides as data link between 6 branches to make secondary routing for the ssl vpn subnet and seems the guys are totally confused at their end.
Hence we had set up a small lab and started doing the exercises to see whether we could help the "kids" at ISP side.
Anyway, I just managed to achieve the target. I created virtual interfaces against ethernet 0 and used router rip with both routers and the test lab configurations seems pretty functional. Please find below the configurations I had done with both routers:
Router A
Router Con0 is now available
Press RETURN to get started!
Router>en
Router#config t
Enter configuration commands, one per line. End with CNTL/Z
Router(config)#exit
Router#show run
Building configuration...
Current configuration : 625 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router
!
!
!
ip subnet-zero
!
!
!
!
!
interface FastEthernet0/0
no ip address
no ip directed-broadcast
ip access-group 100 out
!
interface FastEthernet0/0.1
ip address 192.168.10.1 255.255.255.0
!
interface FastEthernet0/0.2
ip address 192.168.20.1 255.255.255.0
!
interface Serial0/0
ip address 172.16.3.1 255.255.255.0
no ip directed-broadcast
clockrate 64000
!
interface FastEthernet0/1
no ip address
no ip directed-broadcast
shutdown
!
interface Serial0/1
no ip address
no ip directed-broadcast
shutdown
!
router rip
network 131.102.0.0
!
!
ip classless
no ip http server
ip route 0.0.0.0 0.0.0.0 172.16.3.2
!
!
!
line con 0
line aux 0
line vty 0 4
login
!
end
Router#
Router B
Router Con0 is now available
Press RETURN to get started!
Router>en
Router#show run
Building configuration...
Current configuration : 625 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router
!
!
!
ip subnet-zero
!
!
!
!
!
interface FastEthernet0/0
ip address 131.102.2.1 255.255.255.0
no ip directed-broadcast
!
interface Serial0/0
ip address 172.16.3.2 255.255.255.0
no ip directed-broadcast
!
interface FastEthernet0/1
no ip address
no ip directed-broadcast
shutdown
!
interface Serial0/1
no ip address
no ip directed-broadcast
shutdown
!
router rip
network 131.102.0.0
network 172.16.0.0
network 192.168.10.0
network 192.168.20.0
!
!
ip classless
no ip http server
ip route 0.0.0.0 0.0.0.0 172.16.3.1
!
!
!
line con 0
line aux 0
line vty 0 4
login
!
end
Router#
This way all the computers do talk to each other as well are able to go out of the network to external ones.
Thank you very much for your kind post. It was not a bad experiences for a beginner with this forum.
Regards,
If it is a door, it will open