Re: Cannot access the Internet on newly created network segment

janardosa · ‎08-06-2004

Hello to all. We have an existing LAN segment and right now we're running out of address space for class C private network address 192.168.0.0 so my boss ordered me to create a new segment i.e. 192.168.1.1 and use our cisco 2651 router to connect the network segments.

Our Internet connection was setup on a PC with two LAN cards located on our original network segment. The PCS' connected to this segment uses this host to connect to the Internet, it basically serves as our gateway and firewall. I managed to connect the two segments using RIP, PC's connected to one segment can access the other PC's on the other segment and vice-versa. My problem right now is PC's connected to the new network segment cannot access the Internet. I tried putting default-gateway (i.e. our PC acting as our gateway/firewall) and name-servers (DNS servers of our ISP) but still it cannot access the Internet. I tried to troubleshoot this problem by using traceroute on the router but it seems it's not working. Does anyone have an idea or solution to my problem. Any help will be very much appreciated

Thanks

Georg Pauwen · ‎08-06-2004

Hello,

can you post the configuration of the 2651 router ?

Regards,

GP

janardosa · ‎08-08-2004

Using 751 out of 29688 bytes

!

version 12.1

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname Pointwest

!

enable secret xxxx

enable password xxxx

!

no ip subnet-zero

ip name-server 202.73.160.43

ip name-server 202.73.160.39

!

interface FastEthernet0/0

ip address 192.168.0.126 255.255.255.0

speed auto

full-duplex

!

interface FastEthernet0/1

ip address 192.168.1.1 255.255.255.0

speed auto

full-duplex

!

router rip

network 192.168.0.0

network 192.168.1.0

!

no ip classless

ip route 0.0.0.0 0.0.0.0 192.168.0.1

ip http server

!

dialer-list 1 protocol ip permit

dialer-list 1 protocol ipx permit

!

line con 0

transport input none

line aux 0

line vty 0 4

password password

login

!

no scheduler allocate

end

Before anything else I want to thank you for responding to my email, thanks. Here's what i've done to troubleshoot this problem

1) I connected a host on the newly created subnet and (192.168.1.2) and put a static route to the existing

subnet (route add 192.168.0.0 mask 255.255.255.0 192.168.1.1 metric 1). The 192.168.1.1 is the ip address of the

second interface of the cisco 2651. This host has default route pointed at 192.168.1.1.

2) OK at first i cannot reach other PC's on the existing subnet so if figured that they should have knowledge of routes to one

another. So put static routes on 3 hosts on the existing network segment it worked except the Internet gateway i've already mention

3) So here's what I observed. From the Internet gateway I can reach the first interface of the cisco router (192.168.0.126) but not the second interface (192.168.1.1)

4) I tried pathping and i noticed that it sending the packets to the default route 192.168.0.1 -> 0.0.0.0, it seems to me that it doesnt recognized that packets destined

to 192.168.1.0 net segment should be forwarded to the 192.168.0.126 interface. BTW, this Internet gateway PC has two lan card 1 configured for internal lan and the other for external connection to the Internet. I inherited the management of this PC and it has checkpoint running configured for VPN/firewall.

5) I used pathping on the host connected to the newly created segment to reach the Internet gateway but it appears that the packets can reach only up the second interface (192.168.1.1) then

it bounces back. This is weird because when i tried this procedure with the other hosts on the existing net segment it worked.

6) I can reach both net segments on the cisco router and I can even ping the Internet gateway and perform traceroute.

I dont think I still have problems with routing because from my PC which is connected to net segment 192.168.0.0 can reach host 192.168.1.2 using tcp/ip utilities and I can even connect to it using remote desktop (win XP).

I suspect that Internet gateway is the culprit but what are other methods I can use to confirm this? The internet gateway is running on win2k server, running remote access service, checkpoint vpn/firewall.

Thanks again for any help you can extend.

konigl · ‎08-06-2004

Check three things:

1. The 2651 router connecting both LAN subnets to each other needs to point its default route to the nearest LAN card in the Internet gateway PC (because the 2651 already knows how to route between the connected LAN segments, it doesn't need RIP for that).

On the 2651, adding the default route to the Internet gateway would look something like this:

ip route 0.0.0.0 0.0.0.0 192.168.0.g

where the "g" is the unique IP address of the LAN card in the Internet gateway PC that connects it to your original LAN segment.

2. The Internet gateway (PC with two LAN cards) needs a static route to the new subnet, that points to the nearest 2651 LAN interface as the next hop (so the Internet gateway knows how to reach the new internal subnet; if the Internet gateway could do RIP, then it should have learned this route already).

My guess is that the PC acting as the Internet gateway is the problem. If it's running Microsoft Windows, use something like this to add the static route to the new subnet:

route -p add 192.168.1.0 mask 255.255.255.0 192.168.0.x metric 1

where the "x" is the unique IP address of the 2651 LAN interface that connects to your original LAN segment.

3. The PCs on the new subnet need to point their default routes to the 2651 LAN interface that sits on their subnet, using it as their default gateway (so anything they send to addresses not on their subnet goes to the 2651 first).

Hope this helps.

janardosa · ‎08-08-2004