Solved: Re: Cisco 1921 not passing traffic

johnathanmefford · ‎09-17-2019

Hi everyone my network i have a cisco 1921 router passing traffic from a separate lan network as my isp, i've done a lot of trace route and pings, and it comes down to this router being the issue, when connected i don't have internet connection the default gateway is 192.168.15.1 which the interface g0/0 is connected to. when ever i do a trace route from either my pc or any other router in my network it reaches this router but it won't escape even when i do trace route from this router it doesn't escape the router to 192.168.15.1. below is the configuration, what can be the cause of problem here and how can i fix it?? Thank you.

Current configuration : 1759 bytes
!
! Last configuration change at 16:29:21 UTC Tue Sep 17 2019
!
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Router-1
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$Baae$VyAgSJhYiib7JZ7TkpI1t/
enable password 7 0308521A0715741A
!
no aaa new-model
!
no ipv6 cef
ip source-route
ip cef
!
!
!
!
multilink bundle-name authenticated
!
crypto pki token default removal timeout 0
!
!
license udi pid CISCO1921/K9 sn FTX1545811C
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0
ip address 192.168.15.2 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
no mop enabled
!
interface GigabitEthernet0/1
ip address 50.232.137.37 255.255.255.252
duplex auto
speed auto
no mop enabled
!
interface Serial0/0/0
ip address 10.253.253.1 255.255.255.0
ip nat inside
ip nat enable
ip virtual-reassembly
encapsulation ppp
no clock rate 2000000
!
router rip
redistribute connected
network 10.0.0.0
network 192.168.100.0
network 192.168.101.0
!
ip default-gateway 192.168.15.1
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source list 100 interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 192.168.15.1
ip route 50.232.137.96 255.255.255.224 50.232.137.38
!
access-list 100 remark NAT all test nets
access-list 100 permit ip 192.168.100.0 0.0.0.255 any
access-list 100 permit ip 192.168.101.0 0.0.0.255 any
access-list 100 permit ip 10.253.253.0 0.0.0.255 any
dialer-list 1 protocol ip permit
!
!
!
control-plane
!
!
line con 0
password 7 05080F1C2243
logging synchronous
login
line aux 0
line vty 0 4
password 7 01030717481C091D25
login
transport input all
!
scheduler allocate 20000 1000
end

johnathanmefford · ‎09-19-2019

i figured out the issue for the no internet connection was that the int g0/0 should be set to nat outside along with nat enable. also you were correct the gateway has a firewall which will not allow me to trace route to that specific ip address but if i trace any ip address in the network then it is successful.

View solution in original post

luis_cordova · ‎09-17-2019

Hi @johnathanmefford ,

Try this:

Your gateway: 192.165.15.1

Then

interface GigabitEthernet0/0
ip address 192.165.15.2 255.255.255.0

router rip

default-information originate <—this command distributes the default route to all routers that participate in RIP

ip route 0.0.0.0 0.0.0.0 192.165.15.1

Regards

Richard Burts · ‎09-17-2019

@luis_cordova is certainly correct that there is a mismatch between the description in the text about the gateway and the config. I believe that the text 192.165.15.1 is a typo mistake and the interface address and the static default route next hop address are actually correct.

I believe that the most significant part of the original post is this statement " even when i do trace route from this router it doesn't escape the router to 192.165.15.1". So it looks like there is not communication between the 1921 and the gateway. Would the original poster provide the output of these commands on the 1921:

show interface gig0/0

ping 192.168.15.1

show arp

HTH

Rick

HTH

Rick

johnathanmefford · ‎09-17-2019

Router-1(config)#do show int g0/0
GigabitEthernet0/0 is up, line protocol is up
Hardware is CN Gigabit Ethernet, address is ccef.4857.9b00 (bia ccef.4857.9b00)
Internet address is 192.168.15.2/24
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, media type is RJ45
output flow-control is XON, input flow-control is XON
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:01, output 00:00:04, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 12000 bits/sec, 3 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
610 packets input, 232837 bytes, 0 no buffer
Received 384 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 0 multicast, 0 pause input
0 input packets with dribble condition detected
30 packets output, 3368 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
54 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out

Router-1#ping 192.168.15.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.15.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

Router-1(config)#do show arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 50.232.137.37 - ccef.4857.9b01 ARPA GigabitEthernet0/1
Internet 192.168.15.1 0 18b1.6959.1d20 ARPA GigabitEthernet0/0
Internet 192.168.15.2 - ccef.4857.9b00 ARPA GigabitEthernet0/0

johnathanmefford · ‎09-17-2019

My apologies it was a typo in my original post i didn't mean to put 192.165 it was supposed to be 192.168.... i have edited my original post and i will try what you mentioned about the router rip and see if that fixes the issues.

Richard Burts · ‎09-18-2019

Thank you for the confirmation that the 192.165 was a typo.

From your description of the issue I expected to see problems of your 1921 attempting to communicate with the gateway. I was pleasantly surprised to see that the 1921 communication with the gateway using ping was successful. So we need to look for other issues. Can you tell us what is the address of the device you are using to do the traceroute that gets to the 1921 and then stops responding?

HTH

Rick

HTH

Rick

johnathanmefford · ‎09-19-2019

That address that it reaches before it quits responding when i do a trace route is 10.253.253.1 which is the serial port on the 1921 router and that's if i am doing a trace route from a source putside of the 1921 router if i do trace route from the 1921 rputer it just doesn't respond at all and only pops up the * * * *

Richard Burts · ‎09-19-2019

I find it puzzling that ping from the router to gateway is successful but apparently traceroute from the router fails. Would you post the output of an attempt to do traceroute from the router?

HTH

Rick

HTH

Rick

johnathanmefford · ‎09-19-2019

Router-1#traceroute 192.168.15.1

Type escape sequence to abort.
Tracing the route to 192.168.15.1

1 * * *
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *

paul driver · ‎09-19-2019

Hello
Try disabling source routing on that router an test again

conf t
no ip source-route

Router rip
no auto summary
ver 2

traceroute xxxx numeric

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

johnathanmefford · ‎09-19-2019

i disabled the ip source routing and this was still the same output i received when i tried to trace route from the router

Router-1#traceroute 192.168.15.1

Type escape sequence to abort.
Tracing the route to 192.168.15.1

1 * * *
2 * * *
3 * * *

paul driver · ‎09-19-2019

Did you did also change the rip protocol for version 2 and doable auto-summarisation?

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

johnathanmefford · ‎09-19-2019

yes i did and i still have received the same output for trace route from this router.

Richard Burts · ‎09-19-2019

Thanks for the additional information. We are faced with a major inconsistency. There is successful IP connectivity between the 1921 and the gateway as shown in the successful ping. But traceroute from the 1921 to the gateway does not receive the expected response. The explanation that makes sense to me is that there is some security policy on the gateway that prevents it from generating the time to line exceeded response.

HTH

Rick

HTH

Rick

johnathanmefford · ‎09-19-2019

i figured out the issue for the no internet connection was that the int g0/0 should be set to nat outside along with nat enable. also you were correct the gateway has a firewall which will not allow me to trace route to that specific ip address but if i trace any ip address in the network then it is successful.