Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1307
Views
5
Helpful
4
Replies

Cisco Router not reachable to LAN

Go to solution
arthurny
Level 1
Level 1

‎02-15-2022 11:26 PM - last edited on ‎02-16-2022 08:01 AM by Community Manager

Hi,

 

I'm new to router configuration and i've basically been following the summary steps on the Cisco site to configure a new Cisco 4221/K9 router with IOS XE Software, Version 16.12.03. My LAN has 2 subnets, 192.168.0.0/24 and 192.168.1.0/24. The latter is the subnet with my networking devices including the LAN facing interface of the router: 192.168.1.1. After basic configurations, i was able to ping outside addresses including my DNS and router's default gateway on 196.43.116.49 (both assigned by ISP) but i cannot ping the any internal addresses. I also cannot ping the router from the LAN. I'm unsure of my NAT configuration but somewhere there must be a mistake or omission. Please help!!! Below is my running config:

 

Router#show run
Building configuration...


Current configuration : 5887 bytes
!
! Last configuration change at 06:58:17 UTC Wed Feb 16 2022 by admin
!
version 16.12
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
platform qfp utilization monitor load 80
platform punt-keepalive disable-kernel-core
platform inspect match-statistics per-filter
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
vrf definition 65528
!
address-family ipv4
exit-address-family
!
logging buffered 262144
no logging rate-limit
!
no aaa new-model
fhrp version vrrp v3
no ip source-route
!
!
!
!
!
!
!
ip name-server 196.43.100.37 41.190.32.21
no ip dhcp use class
ip dhcp excluded-address 192.168.1.0
ip dhcp excluded-address 192.168.1.255 255.255.255.255
!
ip dhcp pool WEBUIPool
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
!
!
!
no ip igmp ssm-map query dns
login on-success log
ipv6 unicast-routing
!
!
!
!
!
!
!
subscriber templating
!
!
!
!
!
!
multilink bundle-name authenticated
!
domain permit
!
!
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-157559341
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-157559341
revocation-check none
rsakeypair TP-self-signed-157559341
!
!
!
!
!
!
!
license udi pid ISR4221/K9 sn FGL2521L7FL
no license smart enable
memory free low-watermark processor 67180
!
diagnostic bootup level minimal
!
spanning-tree extend system-id
!
username admin privilege 15 secret 9 $14$fRWB$mo5V/T24gf8FDk$27FQF0sQFFispPzzmkE8crWP0RpC2.PZy6qKZYmGhCM
username cisco password 7 08705F5C5D4B5746
!
redundancy
mode none
!
!
!
no crypto ikev2 diagnose error
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback65528
vrf forwarding 65528
ip address 192.168.1.1 255.255.255.255
!
interface GigabitEthernet0/0/0
description GE interface to WAN
ip address 196.43.116.50 255.255.255.0
ip nat outside
negotiation auto
!
interface GigabitEthernet0/0/1
description GE interface to LAN
ip address 192.168.1.1 255.255.255.252
ip nat inside
negotiation auto
!
ip default-gateway 196.43.116.49
ip forward-protocol nd
ip http server
ip http port 8080
ip http access-class 20
ip http authentication local
ip http secure-server
ip http max-connections 10
ip http timeout-policy idle 60 life 120 requests 100
ip http client source-interface GigabitEthernet0/0/1
ip http client proxy-server server1 proxy-port 52
ip http path slot1:
ip nat route vrf 65528 0.0.0.0 0.0.0.0 global
no ip nat service skinny tcp port 2000
no ip nat service sip tcp port 5060
no ip nat service sip udp port 5060
no ip nat service H225
no ip nat service ras
no ip nat service rtsp udp
no ip nat service rtsp tcp
no ip nat service dns tcp
no ip nat service dns udp
no ip nat service netbios-ns tcp
no ip nat service netbios-ns udp
no ip nat service netbios-ssn
no ip nat service netbios-dgm
no ip nat service ldap
no ip nat service sunrpc udp
no ip nat service sunrpc tcp
no ip nat service msrpc tcp
no ip nat service tftp
no ip nat service rcmd
no ip nat service pptp
no ip nat service ftp
no ip nat service gatekeeper
no ip nat service dns-reset-ttl
ip nat pool net-208 192.168.0.0 192.168.1.254 netmask 255.255.0.0
ip nat inside source static 192.168.1.1 196.43.116.50
ip nat inside source list NAT_THESE_ADDRESSES pool net-208 overload
ip route 0.0.0.0 0.0.0.0 196.43.116.49
ip ssh version 2
ip scp server enable
!
!
ip access-list standard NAT_THESE_ADDRESSES
!
!
!
!
!
!
!
control-plane
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
!
!
line con 0
login local
transport input none
stopbits 1
line aux 0
login local
stopbits 1
line vty 0 4
login local
transport input ssh
line vty 5 80
login local
transport input ssh
!
!
!
!
!
!
netconf-yang
netconf-yang feature candidate-datastore
end


Thanks for the help

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Georg Pauwen
VIP
VIP

‎02-16-2022 02:15 AM - last edited on ‎02-16-2022 08:03 AM by Community Manager

Hello,

 

make the changes marked in bold:

 

Current configuration : 5887 bytes
!
! Last configuration change at 06:58:17 UTC Wed Feb 16 2022 by admin
!
version 16.12
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
platform qfp utilization monitor load 80
platform punt-keepalive disable-kernel-core
platform inspect match-statistics per-filter
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
vrf definition 65528
!
address-family ipv4
exit-address-family
!
logging buffered 262144
no logging rate-limit
!
no aaa new-model
fhrp version vrrp v3
no ip source-route
!
ip name-server 196.43.100.37 41.190.32.21
no ip dhcp use class
--> no ip dhcp excluded-address 192.168.1.0
--> no ip dhcp excluded-address 192.168.1.255 255.255.255.255
--> ip dhcp excluded-address 192.168.1.1
!
ip dhcp pool WEBUIPool
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
!
no ip igmp ssm-map query dns
login on-success log
ipv6 unicast-routing
!
subscriber templating
!
multilink bundle-name authenticated
!
domain permit
!
crypto pki trustpoint TP-self-signed-157559341
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-157559341
revocation-check none
rsakeypair TP-self-signed-157559341
!
license udi pid ISR4221/K9 sn FGL2521L7FL
no license smart enable
memory free low-watermark processor 67180
!
diagnostic bootup level minimal
!
spanning-tree extend system-id
!
username admin privilege 15 secret 9 $14$fRWB$mo5V/T24gf8FDk$27FQF0sQFFispPzzmkE8crWP0RpC2.PZy6qKZYmGhCM
username cisco password 7 08705F5C5D4B5746
!
redundancy
mode none
!
no crypto ikev2 diagnose error
!
interface Loopback65528
vrf forwarding 65528
ip address 192.168.1.1 255.255.255.255
!
interface GigabitEthernet0/0/0
description GE interface to WAN
ip address 196.43.116.50 255.255.255.0
ip nat outside
negotiation auto
!
interface GigabitEthernet0/0/1
description GE interface to LAN
ip address 192.168.1.1 255.255.255.252
ip nat inside
negotiation auto
!
--> no ip default-gateway 196.43.116.49
ip forward-protocol nd
ip http server
ip http port 8080
ip http access-class 20
ip http authentication local
ip http secure-server
ip http max-connections 10
ip http timeout-policy idle 60 life 120 requests 100
ip http client source-interface GigabitEthernet0/0/1
ip http client proxy-server server1 proxy-port 52
ip http path slot1:
ip nat route vrf 65528 0.0.0.0 0.0.0.0 global
no ip nat service skinny tcp port 2000
no ip nat service sip tcp port 5060
no ip nat service sip udp port 5060
no ip nat service H225
no ip nat service ras
no ip nat service rtsp udp
no ip nat service rtsp tcp
no ip nat service dns tcp
no ip nat service dns udp
no ip nat service netbios-ns tcp
no ip nat service netbios-ns udp
no ip nat service netbios-ssn
no ip nat service netbios-dgm
no ip nat service ldap
no ip nat service sunrpc udp
no ip nat service sunrpc tcp
no ip nat service msrpc tcp
no ip nat service tftp
no ip nat service rcmd
no ip nat service pptp
no ip nat service ftp
no ip nat service gatekeeper
no ip nat service dns-reset-ttl
--> no ip nat pool net-208 192.168.0.0 192.168.1.254 netmask 255.255.0.0
ip nat inside source static 192.168.1.1 196.43.116.50
--> ip nat inside source list 1 interface GigabitEthernet0/0/0 overload
ip route 0.0.0.0 0.0.0.0 196.43.116.49
ip ssh version 2
ip scp server enable
!
--> access-list 1 permit 192.168.1.0 0.0.0.255
!
control-plane
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
line con 0
login local
transport input none
stopbits 1
line aux 0
login local
stopbits 1
line vty 0 4
login local
transport input ssh
line vty 5 80
login local
transport input ssh
!
netconf-yang
netconf-yang feature candidate-datastore
end

View solution in original post

4 Replies 4

Go to solution
Georg Pauwen
VIP
VIP

‎02-16-2022 02:15 AM - last edited on ‎02-16-2022 08:03 AM by Community Manager

Hello,

 

make the changes marked in bold:

 

Current configuration : 5887 bytes
!
! Last configuration change at 06:58:17 UTC Wed Feb 16 2022 by admin
!
version 16.12
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
platform qfp utilization monitor load 80
platform punt-keepalive disable-kernel-core
platform inspect match-statistics per-filter
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
vrf definition 65528
!
address-family ipv4
exit-address-family
!
logging buffered 262144
no logging rate-limit
!
no aaa new-model
fhrp version vrrp v3
no ip source-route
!
ip name-server 196.43.100.37 41.190.32.21
no ip dhcp use class
--> no ip dhcp excluded-address 192.168.1.0
--> no ip dhcp excluded-address 192.168.1.255 255.255.255.255
--> ip dhcp excluded-address 192.168.1.1
!
ip dhcp pool WEBUIPool
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
!
no ip igmp ssm-map query dns
login on-success log
ipv6 unicast-routing
!
subscriber templating
!
multilink bundle-name authenticated
!
domain permit
!
crypto pki trustpoint TP-self-signed-157559341
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-157559341
revocation-check none
rsakeypair TP-self-signed-157559341
!
license udi pid ISR4221/K9 sn FGL2521L7FL
no license smart enable
memory free low-watermark processor 67180
!
diagnostic bootup level minimal
!
spanning-tree extend system-id
!
username admin privilege 15 secret 9 $14$fRWB$mo5V/T24gf8FDk$27FQF0sQFFispPzzmkE8crWP0RpC2.PZy6qKZYmGhCM
username cisco password 7 08705F5C5D4B5746
!
redundancy
mode none
!
no crypto ikev2 diagnose error
!
interface Loopback65528
vrf forwarding 65528
ip address 192.168.1.1 255.255.255.255
!
interface GigabitEthernet0/0/0
description GE interface to WAN
ip address 196.43.116.50 255.255.255.0
ip nat outside
negotiation auto
!
interface GigabitEthernet0/0/1
description GE interface to LAN
ip address 192.168.1.1 255.255.255.252
ip nat inside
negotiation auto
!
--> no ip default-gateway 196.43.116.49
ip forward-protocol nd
ip http server
ip http port 8080
ip http access-class 20
ip http authentication local
ip http secure-server
ip http max-connections 10
ip http timeout-policy idle 60 life 120 requests 100
ip http client source-interface GigabitEthernet0/0/1
ip http client proxy-server server1 proxy-port 52
ip http path slot1:
ip nat route vrf 65528 0.0.0.0 0.0.0.0 global
no ip nat service skinny tcp port 2000
no ip nat service sip tcp port 5060
no ip nat service sip udp port 5060
no ip nat service H225
no ip nat service ras
no ip nat service rtsp udp
no ip nat service rtsp tcp
no ip nat service dns tcp
no ip nat service dns udp
no ip nat service netbios-ns tcp
no ip nat service netbios-ns udp
no ip nat service netbios-ssn
no ip nat service netbios-dgm
no ip nat service ldap
no ip nat service sunrpc udp
no ip nat service sunrpc tcp
no ip nat service msrpc tcp
no ip nat service tftp
no ip nat service rcmd
no ip nat service pptp
no ip nat service ftp
no ip nat service gatekeeper
no ip nat service dns-reset-ttl
--> no ip nat pool net-208 192.168.0.0 192.168.1.254 netmask 255.255.0.0
ip nat inside source static 192.168.1.1 196.43.116.50
--> ip nat inside source list 1 interface GigabitEthernet0/0/0 overload
ip route 0.0.0.0 0.0.0.0 196.43.116.49
ip ssh version 2
ip scp server enable
!
--> access-list 1 permit 192.168.1.0 0.0.0.255
!
control-plane
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
line con 0
login local
transport input none
stopbits 1
line aux 0
login local
stopbits 1
line vty 0 4
login local
transport input ssh
line vty 5 80
login local
transport input ssh
!
netconf-yang
netconf-yang feature candidate-datastore
end

Go to solution
arthurny
Level 1
Level 1
In response to Georg Pauwen

‎02-16-2022 05:51 AM

Sweet success. I can now ping all addresses local and global from within my LAN, except my public IP's default gateway for some reason. I now have internet access via the router too. Thank you very much

0 Helpful

Go to solution
Squozen_EU
Level 1
Level 1
In response to arthurny

‎02-16-2022 06:22 AM 

description GE interface to LAN
ip address 192.168.1.1 255.255.255.252

You said this network was a /24, why have you configured the interface as a /30?

 

Have you mixed up the masks for the WAN and LAN interfaces?

0 Helpful

Go to solution
arthurny
Level 1
Level 1
In response to Squozen_EU

‎02-22-2022 07:02 AM

I will need to rectify that mask in the NAT because i only have 2 addresses I use in that subnet. The rest of the LAN is in the 192.168.0.0 network. But since its working, i'm uneasy about making further changes lest i find myself in a fix again

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card