02-10-2012 05:41 AM - edited 03-04-2019 03:13 PM
Hello CISCO community,
I need help with this simple configuration.(DETAILS BELOW)
The goal is to add a 2801 router between a DSL modem and a switch
and obviously still access the internet
I connected and configured as explained below and the results are:
- I am able to ping internet addresses from the 2801 router
- I am not able to ping internet addresses from userlaptop but I am able to
ping LAN gateway (192.168.254.254)
I cannot understand why the internet requests from the user laptopuser are not
routed to the internet but the router itself can access the internet.
Thanks for you help. PLEASE SEE CONFIGURATION BELOW
John
INTERNET====DSLmodem=====CISCO2801=====unmanagedSwitch=====userlaptop
DSLmodem:
non-bridged mode and does the PPPOe authentication.
WAN interface: Dynamic IP address assigned by ISP
LAN interface: 192.168.253.254
DHCP: disabled
CISCO 2801:
configuration
Router#sh run
Building configuration...
Current configuration : 987 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.254.230 192.168.254.254
!
ip dhcp pool mypool
network 192.168.254.0 255.255.255.0
domain-name domain.com
dns-server 208.67.222.222 208.67.220.220
default-router 192.168.254.254
lease 8
!
!
multilink bundle-name authenticated
!
!
!
archive
log config
hidekeys
!
!
!
!
!
interface FastEthernet0/0
ip address 192.168.253.253 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.254.254 255.255.255.0
duplex auto
speed auto
!
interface Serial0/2/0
no ip address
shutdown
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.253.254
!
!
no ip http server
!
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
login
!
scheduler allocate 20000 1000
end
Solved! Go to Solution.
02-10-2012 08:54 AM
Cadet,
I think you wanted to use the following config (inside & outside interfaces are reversed):
int f0/0
ip nat outside
int f0/1
ip nat inside
access-list 1 permit 192.168.254.0 0.0.0.255
ip nat inside source list 1 interface f0/0 overload
HTH
Neeraj
02-10-2012 05:52 AM
Hi John,
you should NAT the LAN traffic like this:
int f0/0
ip nat inside
int f0/1
ip nat outside
access-list 1 permit 192.168.253.0 0.0.0.255
ip nat inside source list 1 interface f0/1
Regards.
Alain.
02-10-2012 08:54 AM
Cadet,
I think you wanted to use the following config (inside & outside interfaces are reversed):
int f0/0
ip nat outside
int f0/1
ip nat inside
access-list 1 permit 192.168.254.0 0.0.0.255
ip nat inside source list 1 interface f0/0 overload
HTH
Neeraj
02-11-2012 06:19 AM
neeraj,
thanks for making the correction to Alain's answer.
It is working now as far as ip connectivity. DNS resolution is not working.
Would I need to explicitly indicate DNS traffic in the router to be allow to go outside?
I tried changing the DNS servers(208.67.222.222 208.67.220.220) from those in the config to the DSL modem itself(192.168.253.254) and still would not work.
Any ideas?,
before adding the router in the middle, DNS resolution was all handled by the DSL modem itself with its default config
Thanks in advance for your help
John
02-11-2012 06:55 AM
John,
DNS should work if internet connectivity from the laptop is there now. there is no additional configuration required on the router for this.
Try and see if you are able to ping the DNS servers which you have configured, otherwise try and assign the DNS server on the laptop manually as 4.2.2.2
If the above step worked then the issue would be most probably with your DNS server, not the router or your setup.
HTH
Neeraj
02-11-2012 10:07 AM
neeraj,
It is very odd. I am able to ping those DNS servers from laptops(tried from several) and when I disconnect the router and set it all back the way it was with just DSL modem , then DNS resolution works
Well I will keep looking but it seems very straightforward. I even issued "ipconfig /flushdns" on the laptops
Thanks anyway for your reply
John
02-11-2012 10:59 AM
this really is a bummer
although I am not sure if it will make any difference but try issuing the following commands on the router while you are testing other stuff:
------------------------------------------------------------------------
ip dhcp pool mypool
no domain-name domain.com
exit
no ip domain-lookup
ip domain-lookup
------------------------------------------------------------------------
And also add the name-server commands on the router and check if you are getting name resolution from the router itself:
name-server 208.67.222.222 208.67.220.220
ping google.com
02-10-2012 09:03 AM
Alain,
thanks for your quick reply . I will give a try tonight when I get home. However, why the "ip nat outside" goes on the "LAN" interface-int fa0/1- instead of the "WAN" interface-int fa0/0?
Thanks
John
02-10-2012 09:53 AM
Hi,
yes I had reversed the interfaces:) the right config was corrected by Neeraj
Regards.
Alain
02-10-2012 06:43 PM
I see a typo in your ip route statement
ip route 0.0.0.0 0.0.0.0 192.168.253.254
it should be
ip route 0.0.0.0 0.0.0.0 192.168.253.253
to match the ip on Fa0/0 interface
Hope this helps
Eugen
02-11-2012 06:12 AM
eugen,
192.168.253.254 is the next hop(DSL modem), therefore it is correct. Thanks for your reply anyway
John
02-11-2012 01:27 PM
Hi,
can you do a nslookup for an url while launching wireshark and post the capture file.
Regards.
Alain
02-11-2012 02:09 PM
Sorry my mistake...
Eugen
02-11-2012 03:59 PM
Thanks everyone for your support on this question.
When I get a chance tonight I will try Alain and Neeraj's suggestions.
John
02-11-2012 08:32 PM
OK. Got it figured out to a degree, but it is no the router config.
I connected a XP laptop to internet with no issues. Found out that it was happening only to windows 7 machines. So I did go into connections in the browser proxy settings and unchecked "automatically detect settings" for IE and checked the same setting for Chrome and it worked.....huh???? yes, exactly. Why I would not change it when connected straight to DSL modem, I do not know. But it is working and that's what mattters. Thanks for your help and I think I should assign correct answer to Neeraj.
John
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide