Solved: Configure 2821 Router for T1 access over LAN

ayamityndall · ‎05-03-2014

I am setting up a Cisco router for a T1 line for the first time and I have hit a barrier. The router, a 2821 with WIC-1DSU-T1-V2, is online (all statuses are up and I can ping outside sites). However, a laptop connected to the router cannot access the outside Internet.

My router's (sanitized) static IP from the ISP is 10.0.0.222. It is on the 10.0.0.220/30 Network, with a broadcast address of 10.0.0.223/30. The ISP's gateway is 10.0.0.221

I have the Gigabit Ethernet port set with an IP of 192.168.1.1/24

Here is the configuration:

!
version 12.4
service config
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
no service dhcp
!
hostname Router
!
boot-start-marker
boot-end-marker
!
enable secret 5 XXXXXXXX
enable password XXXXXX
!
no aaa new-model
no ip routing
!
!
no ip cef
!
!
ip name-server 10.0.0.3
ip name-server 10.0.0.4
!
!
!
!
!
interface GigabitEthernet0/0
no ip address
no ip route-cache
shutdown
duplex auto
speed auto
no cdp enable
!
interface GigabitEthernet0/1
ip address 192.168.1.1 255.255.255.0
no ip route-cache
duplex auto
speed auto
no cdp enable
no mop enabled
!
interface Serial0/0/0
ip address 10.0.0.222 255.255.255.252
encapsulation ppp
no ip route-cache
no fair-queue
!
ip default-gateway 10.0.0.221
ip forward-protocol nd
!
ip http server
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
password XXXXXX
login
!
scheduler allocate 20000 1000
no process cpu extended
no process cpu autoprofile hog
!
end

From the router command line I can ping 10.0.0.221 (ISP gateway) as well as outside IPs. Domain names resolve properly and can be pinged. From my regular Internet connection I can ping the router.

However, when I attach a laptop to the GigabitEthernet0/1 (Laptop's static IP is set to 192.168.1.2) I cannot get to the outside network. I can ping the Ethernet card's address and the T1 card's, but not the ISP gateway (10.0.0.221) or any other outside addresses.

I have tried setting the Laptop's gateway to nothing, 192.168.1.1 and 10.0.0.222. Setting it to 10.0.0.221 gives a "network unreachable" error.

I am new to Cisco routers so I assume it is something simple, maybe a needed IP routing rule or something?

In summary: Router is online on T1, can ping and be pinged, but laptop connected to router ethernet cannot access outside network.

Thanks for any help.

Alexander Cousins · ‎05-03-2014

Hi

I guess the issue is that your ISP does not know how to route the return packets to your 192.168.1.0 subnet. If you ping from the router with the source address of your inside interface this will confirm if this is the case or not.

You could run a dynamic routing protocol with your ISP which i am guessing would not be the prefered solution due to the complexity. You could request the ISP adds a route to your network but again i am guessing this is not an option.

The most suitable solution would be to run Network Address Translation NAT on your serial interface and use overload NAT to translate your entire inside network to your single WAN Address.

Hope that helps.

http://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/13772-12.html#topic4

View solution in original post

Alexander Cousins · ‎05-03-2014

Try

ip nat pool wan 10.0.0.222 10.0.0.222 prefix-length 30
ip nat inside source list 7 pool wan overload
access-list 7 permit 192.168.1.0 0.0.0.255

Hope it helps.

View solution in original post

Alexander Cousins · ‎05-03-2014

Hi

I guess the issue is that your ISP does not know how to route the return packets to your 192.168.1.0 subnet. If you ping from the router with the source address of your inside interface this will confirm if this is the case or not.

You could run a dynamic routing protocol with your ISP which i am guessing would not be the prefered solution due to the complexity. You could request the ISP adds a route to your network but again i am guessing this is not an option.

The most suitable solution would be to run Network Address Translation NAT on your serial interface and use overload NAT to translate your entire inside network to your single WAN Address.

Hope that helps.

http://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/13772-12.html#topic4

ayamityndall · ‎05-03-2014

Thanks for the pointed and link. NAT does sound like it might be the solution.

I followed that guide and added ip nat inside to the GigabitEthernet0/1 interface and ip nat outside to the Serial0/0/0 interface.

Then I added:

ip nat pool wan 10.0.0.222 10.0.0.222 prefix-length 24
ip nat inside source list 7 pool wan overload
access-list 7 permit 0.0.0.1 192.168.1.254

Which, as I understand, should translates any packets coming from a 192.168.1.x address to show as being from the single 10.0.0.222 address. However, I am still seeing the same problem; no traffic from the attached laptop is getting out of the local network.

Is there a way I can test if NAT is working right?

EDIT -

Both show ip nat translations and show ip nat statistics come up blank/empty, so NAT isn't kicking in for some reason. GigbitEthernet is set as NAT Inside, and Serial as NAT outside, so I'm not sure where the problem is.

Alexander Cousins · ‎05-03-2014

Try

ip nat pool wan 10.0.0.222 10.0.0.222 prefix-length 30
ip nat inside source list 7 pool wan overload
access-list 7 permit 192.168.1.0 0.0.0.255

Hope it helps.

ayamityndall · ‎05-03-2014

Lex Co, you nailed it. I also had to change it from ip default-gateway to ip route 0.0.0.0 0.0.0.0 10.0.0.221.

You rock a million.