Solved: Internet Access with Cisco 2621

majunior882 · ‎01-07-2005

I am having a problem getting my router to reach the internet. I can ping my gateway, but cant get beyond that. This is the set up:

Router (backbone)>> Switch (buildings switch) >> my Router

I can ping the gateway that is on the backbone Router but cant get any further then that. Due to how the building is set up I have to connect to the buildings switch through a fastethernet port.

Here is my config:

hostname Router

!

ip subnet-zero

!

call rsvp-sync

!

interface FastEthernet0/0

ip address 64.45.175.yyy 255.255.255.xxx secondary

ip address 64.45.175.xxx 255.255.255.xxx

duplex auto

speed auto

!

interface Serial0/0

no ip address

shutdown

!

interface FastEthernet0/1

ip address 172.16.0.1 255.255.0.0

duplex auto

speed auto

!

interface Serial0/1

no ip address

shutdown

!

ip classless

ip http server

!

dial-peer cor custom

!

line con 0

line aux 0

line vty 0 4

!

end

Any help would be most welcome.

Kevin Dorrell · ‎01-08-2005

When you do an ipconfig /all on the PC, can you see a DNS server address? If not, you need to configure one. If so, can you ping it? If not, then you are missing a route to it somehow, or it is not a DNS server.

Kevin Dorrell

Luxembourg

View solution in original post

Kevin Dorrell · ‎01-07-2005

Is your PC on the 172.16.0.0/16 network? Those addresses are not routable on the Internet. Your gateway admnistrator would have to translate them before they go out. The admin might even be denying them with an access list to stop them going out.

Kevin Dorrell

Luxembourg

cdfowlie · ‎01-07-2005

You also don't have a default route configured. Add "ip route 0.0.0.0 0.0.0.0 x.x.x.x"

Where x.x.x.x is the gateway IP address. This will get you ROUTER to the internet. As previously mentioned, you'll need to NAT the 172.16.0.0 network.

-HTH

Colin

marikakis · ‎01-07-2005

If fa0/1 is a transit only link,

the private addresses shouldn't be a problem.

Can you try adding a default route via fa0/1

to the IP address of the backbone router's interface ?

And make sure the backbone router knows your LAN addresses with some static route perhaps.

M.

majunior882 · ‎01-07-2005

Thanks for the responses. I cant touch the backbone or the buildings switch. The only thing that I could possibly do is have them run a dedicated t1 line, that way I would have a WAN connection instead of LAN.

I must also apologize, I posted the config not the running config. Here is my current config:

hostname Router

!

ip subnet-zero

!

call rsvp-sync

!

interface FastEthernet0/0

ip address 64.45.175.yyy 255.255.255.248 secondary

ip address 64.45.175.xxx 255.255.255.248

ip nat outside

speed auto

half-duplex

!

interface Serial0/0

no ip address

shutdown

!

interface FastEthernet0/1

ip address 172.16.0.1 255.255.0.0

ip nat inside

duplex auto

speed auto

!

interface Serial0/1

no ip address

shutdown

!

ip nat inside source list 102 interface FastEthernet0/0 overload

ip classless

ip route 0.0.0.0 0.0.0.0 64.45.175.169

ip route 64.45.175.xxx 255.255.255.248 FastEthernet0/1

ip route 64.45.175.xxx 255.255.255.248 FastEthernet0/0

ip http server

!

access-list 102 permit ip 172.16.0.0 0.0.255.255 any

access-list 102 permit tcp 172.16.0.0 0.0.255.255 any

!

dial-peer cor custom

!

line con 0

logging synchronous

line aux 0

line vty 0 4

login

!

end

Kevin Dorrell · ‎01-07-2005

There are a few things to comment on here:

I presume that 64.45.175.169 falls within one of the subnets configured on F0/0. If so, good.

I'm not sure what the ip route 64.45.175.xxx lines do, but I suspect they are spurious, especially the one that points to F0/0. If the one pointing to F0/0 is just a repeat of one of the subnets already configured on F0/0, then it too is superfluous; connected networks get put in the routing table anyway. In fact, the default route may also make it superfluous.

The second line of access-list 102 is also superfluous.

I've not seen this type of NAT done on an extended access-list; I have always used a standard access-list.

Since you are NATing into the primary address of F0/1, try this. Find out the address of a well known site, e.g. www.cisco.com, go to the router, and see if you can ping the site. The ping will go out with the address configured on F0/1. That, at least, will take the NAT out of the equation.

Kevin Dorrell

Luxembourg

majunior882 · ‎01-07-2005

Alright, sorry for the late return, it has been one of those days.

Yes, I can ping any IP such as google.com, and I can get to google from the browser, however it isn't resolving the name. Meaning in order for me to get to google I have to type the IP address of google.com.

How can I fix this?

Kevin Dorrell · ‎01-08-2005

When you do an ipconfig /all on the PC, can you see a DNS server address? If not, you need to configure one. If so, can you ping it? If not, then you are missing a route to it somehow, or it is not a DNS server.

Kevin Dorrell

Luxembourg

majunior882 · ‎01-10-2005

Works like a charm thanks.