Need help from Cisco CCIE

[fireclown]

Hello all,

My first post, because I am in dire need of some help. I have a Cisco 2921 (K9/SEC) and a Metroclear fiber connection to IS (or Ignite, or whatever they are calling themselves this week). I have basic connectivity working, in that my main PC can connect through the fiber and everything works fine if I use one of my assigned IP addresses. However, I simply cannot seem to get NAT to work correctly. It was working just fine when I was using the ADSL HWIC but I cannot seem to get it working over the fiber. I have a pretty simple setup (this is for my home, not a company).

I would like to hire a CCIE consultant's expertise for an hour or two to help me get over this hurdle. I live in Benoni. Will happily pay for petrol and your time, if it's reasonable. If you are able to help please let me know how to contact you. Time is of the essence as I need to get this working properly so I can start looking for a work-from-home job.

Thanks in advance.

 

[ambo]

You don't really need a CCIE for that. They will probably charge you R1000 per hour for that.

Anyone who knows a little Cisco should be able to give it a bash though.

PS A 2921 seems overkill for a home connection.

 

[HApyM3al]

Why not ask IS support? They are full of CCNA and CCNP engineers.

You have a default route to IS router? Also are you able to discovery IS router?

Agree with ambo, a 2921 is def overkill for home use.

 

[Sinbad]

Agreed a CCNA will help you here.

PM me your config, I'll see if I can see anything glaringly wrong?

 

[irBosOtter]

Not really overkill at all, if you have 100Mb fibre then that router is already a bottleneck, we max ours out at 70Mbps. Was told to upgrade to higher speck model if we want full 100Mbps speeds through it.

 

[Sinbad]

Not really overkill at all, if you have 100Mb fibre then that router is already a bottleneck, we max ours out at 70Mbps. Was told to upgrade to higher speck model if we want full 100Mbps speeds through it.

throw it away and get a mikrotik?

 

[syntax]

Hello all,

My first post, because I am in dire need of some help. I have a Cisco 2921 (K9/SEC) and a Metroclear fiber connection to IS (or Ignite, or whatever they are calling themselves this week). I have basic connectivity working, in that my main PC can connect through the fiber and everything works fine if I use one of my assigned IP addresses. However, I simply cannot seem to get NAT to work correctly. It was working just fine when I was using the ADSL HWIC but I cannot seem to get it working over the fiber. I have a pretty simple setup (this is for my home, not a company).

I would like to hire a CCIE consultant's expertise for an hour or two to help me get over this hurdle. I live in Benoni. Will happily pay for petrol and your time, if it's reasonable. If you are able to help please let me know how to contact you. Time is of the essence as I need to get this working properly so I can start looking for a work-from-home job.

Thanks in advance.

Hey,

send me the config, I will do it for you for free

 

[koeksGHT]

throw it away and get a mikrotik?

hey hey, while I use them I wouldn't compare them to a Cisco

 

[Sinbad]

hey hey, while I use them I wouldn't compare them to a Cisco

Let's just say that I'm doing NAT and QoS over a 100mb line with my mikrotik with no performance issues at all, CPU doesn't even go over 10%...

 

[koeksGHT]

Let's just say that I'm doing NAT and QoS over a 100mb line with my mikrotik with no performance issues at all, CPU doesn't even go over 10%...

Which one? Got the big brother And a RB2011UiASRM at home.

 

[Sinbad]

Which one? Got the big brother

http://routerboard.com/RB2011UiAS-2HnD-IN

 

[koeksGHT]

http://routerboard.com/RB2011UiAS-2HnD-IN

Keen to try the RB962UiGS-5HacT2HnT

 

[fireclown]

Thank you very much for the responses and offers of help. To syntax and sinbad, I will PM you the config now.

Whether or not the 2921 is too powerful / not powerful enough, it's what I've got so I have to work with it. As for paying R1000 for a CCIE I am happy to do that, should it be required. After the absolute headache and 3 days of farting around to get even this current basic setup working I have little to no faith in the IS CCNA folks, which is why I thought I'd ratchet it up a notch and look for a CCIE.

To sinbad and syntax, here is a rough diagram of my network. Details in the PM.

+---------+     +---------+     +---------+
|  Lots   |     |    of   |     | devices |
+---------+     +---------+     +---------+
 192.168.42.10   192.168.42.11   192.168.42.12
     |               |               |
     v               v               v
    +----------------------------------+
    |    Dell X1052P Layer 2 Switch    |
    |           192.168.42.3           |
    +----------------------------------+
                     |
                     v
    +----------------------------------+
    |            Cisco 2921            |
    |           192.168.42.1           |
    +----------------------------------+
                     |
                     |--- my control stops here
                     v
    +----------------------------------+
    |  Telkom SAS-D Fiber Termination  |
    +----------------------------------+

 

[Nevar]

Prob missing
"ip nat outside" on the new interface.

Regards
C

 

[Sinbad]

Prob missing
"ip nat outside" on the new interface.

Regards
C

not missing.

 

[syntax]

he is doing a nat to an interface that will never receive traffic

My response to the OP was this:

"Just have your gig0/2 as inside, gig 0/1.10 as your outside.
Looking at your configuration, I dont think traffic will ever flow throught Gig0/0. It will go from inside (0/2) and then to outside (0/1.10). Which is likely why your NAT isnt working.

To keep with your current syntax, i would

Gig0/1.10
ip nat outside

ip nat pool PATPOOL 1.1.1.1 1.1.1.1 netmask 255.255.255.248
ip nat inside source list 1 pool PATPOOL overload

Let me know how it goes, but it should work.
IS needs to make sure they route the public /28 to your side of the point to point
You still have the other set of addresses to use a static's for web / mail servers if you want. It is not likely you will run out when overloading to a single IP"

 

[koeksGHT]

he is doing a nat to an interface that will never receive traffic

My response to the OP was this:

"Just have your gig0/2 as inside, gig 0/1.10 as your outside.
Looking at your configuration, I dont think traffic will ever flow throught Gig0/0. It will go from inside (0/2) and then to outside (0/1.10). Which is likely why your NAT isnt working.

To keep with your current syntax, i would

Gig0/1.10
ip nat outside

ip nat pool PATPOOL 1.1.1.1 1.1.1.1 netmask 255.255.255.248
ip nat inside source list 1 pool PATPOOL overload

Let me know how it goes, but it should work.
IS needs to make sure they route the /28 to your side of the point to point ()
You still have the other set of addresses to use a static's for web / mail servers if you want. It is not likely you will run out when overloading to a single IP"

Sounds like an ISP that could help the client set it up would be better

 

[fireclown]

I just want to say a HUGE and heartfelt thank you to Sinbad who spent nearly 3 hours on TeamViewer trying to help me sort this out, and to Syntax whose idea solved the problem in a few minutes. Thank you gentlemen so very very much indeed, I am in your debt.

 

[Sinbad]

I just want to say a HUGE and heartfelt thank you to Sinbad who spent nearly 3 hours on TeamViewer trying to help me sort this out, and to Syntax whose idea solved the problem in a few minutes. Thank you gentlemen so very very much indeed, I am in your debt.

I blame brain fade Shouldn't have taken so long. The interface thing was nagging at me but I'd forgotten about creating a pool.. Nice one syntax

 

[Excalibur]

Thumbs up gentlemen, well done.