Buy or Renew
Buy or Renew
Cisco + Splunk: Itā€™s a new day for your data. Learn more.
Ā 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
1656
Views
0
Helpful
2
Replies

Cisco 2901 Cannot ping outside

Go to solution
nfolts320
Level 1
Level 1

ā€Ž01-24-2014 12:47 PM - edited ā€Ž03-04-2019 10:09 PM

I have a Cisco 2901 Router with an add-on Gigabit interface card

What I am attempting to do is take the existing network of 206.22.4.0 /25 and add a new 10.69.0.0 /22 network, while also connecting to our already existing guest cable network to allow for a fail-over if our main fiber line goes down. I have EIGRP configured and all routes are installed and I can ping Locally and outside on the router console interface. However when I connect a host to the 10.69.0.0 /22 network with all correct network settings using 8.8.8.8 and 8.8.4.4 for dns, and I am unable to configure out just local LAN addresses. After TRACERTing I have it narrowed it down to NAT not being setup correctly. The guest network is connected (coming from the modem to the 2901) to A TWC cable modem(Gateway address being 192.168.0.1). The TWC cable modem is connected to the WAN port (192.168.2.1) of an E1500 running DD-WRT (For a VPN which is required to reach an offsite asset if our Fiber already containing a VPN goes down.) From the E1500 coming out of a LAN port on the E1500 connected via Ethernet to the GigabitEthernet 0/0 of the 2901. I am able to ping the Gateway of the E1500 and the gateway of the 206.22.4.0 /25 network from the console interface of the 2901. I am able to ping LAN addresses on 206.22.4.0 /25 network from a 10.69.0.0 /22 network but not E1500 gateway (192.168.2.1) I will post my running config. I

appreciate all advice and help. Thank you.

Current configuration : 1751 bytes

!

! Last configuration change at 19:53:17 UTC Fri Jan 24 2014

version 15.2

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Maple

!

boot-start-marker

boot-end-marker

!

!

!

no aaa new-model

!

ip cef

!

!

!

!

!

!

no ipv6 cef

multilink bundle-name authenticated

!

!

!

!

license udi pid CISCO2901/K9 sn FTX1751866E

!

!

!

!

!

!

!

!

interface Embedded-Service-Engine0/0

no ip address

shutdown

!

interface GigabitEthernet0/0

ip address 192.168.2.145 255.255.255.0

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

!

interface GigabitEthernet0/1

ip address 10.69.0.1 255.255.252.0

ip nat inside

ip virtual-reassembly in

duplex auto

speed auto

!

interface GigabitEthernet0/0/0

ip address 206.22.4.24 255.255.255.128

duplex auto

speed 100

!

!

router eigrp 48

network 10.69.0.0 0.0.3.255

network 192.168.2.0

network 206.22.4.0 0.0.0.127

!

!

router eigrp 100

network 10.69.0.0 0.0.3.255

network 192.168.2.0

network 206.22.4.0 0.0.0.127

!

ip forward-protocol nd

!

no ip http server

no ip http secure-server

!

ip route 0.0.0.0 0.0.0.0 192.168.2.1

ip route 0.0.0.0 0.0.0.0 206.22.4.126

ip route 192.168.0.0 255.255.255.0 192.168.2.1

!

!

!

!

control-plane

!

!

!

line con 0

exec-timeout 0 0

password cisco

logging synchronous

login

line aux 0

logging synchronous

line 2

logging synchronous

no activation-character

no exec

transport preferred none

transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

stopbits 1

line vty 0 4

exec-timeout 0 0

password cisco

logging synchronous

login

transport input all

line vty 5 1114

exec-timeout 0 0

password cisco

logging synchronous

login

transport input all

!

scheduler allocate 20000 1000

!

end

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
cadet alain
VIP Alumni
VIP Alumni

ā€Ž01-25-2014 02:10 AM

Hi,

I see you have 2 default routes  but only one outgoing interface has NAT enabled and also you are missing the NAT statements.

Try this configuration and tell us if it solved your connectivity problem.

If problem not solved then post a diagram of your topology please.

int g0/0/0

ip nat outside

access-list 1 permit 10.69.0.0 0.0.3.255

route-map NAT1

match ip address 1

match interface g0/0

route-map NAT2

match ip address 1

match interface g0/0/0

ip nat inside source route-map NAT1 interface g0/0

ip nat inside source route-map NAT2 interface g0/0/0

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
cadet alain
VIP Alumni
VIP Alumni

ā€Ž01-25-2014 02:10 AM

Hi,

I see you have 2 default routes  but only one outgoing interface has NAT enabled and also you are missing the NAT statements.

Try this configuration and tell us if it solved your connectivity problem.

If problem not solved then post a diagram of your topology please.

int g0/0/0

ip nat outside

access-list 1 permit 10.69.0.0 0.0.3.255

route-map NAT1

match ip address 1

match interface g0/0

route-map NAT2

match ip address 1

match interface g0/0/0

ip nat inside source route-map NAT1 interface g0/0

ip nat inside source route-map NAT2 interface g0/0/0

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
0 Helpful

Go to solution
nfolts320
Level 1
Level 1
In response to cadet alain

ā€Ž01-27-2014 09:14 AM

Thank you so much, I was just brain locked after staring at it for about 5 days. I am actually writing this reply from the network.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card