cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5303
Views
5
Helpful
50
Replies

Configuring Cisco router 4451 for Internet Access

mm5451
Level 1
Level 1

I am trying to get my cisco router 4451 to route to my ISP, but have been unsuccessful. Here is what i have.

 

ge0/0/1

192.168.1.129 255.255.255.128

ge0/0/2

192.168.1.1 255.255.255.0

 

ISP Static Address

IP Address 50.78.70.245

50.78.70.252

Gateway 50.78.70.246

 

Need to have both ge networks to route to the ISP for internet access. Have tried using IP Route 0.0.0.0 0.0.0.0 of both ge networks but with no success, I have even taken an additional ge port and configured it with my ISP static info, but again unable to connect to the internet. I am also unable to ping any of the ISP addresses, from either of the ge networks, but can ping both ge networks.

2 Accepted Solutions

Accepted Solutions

I have looked at what you have posted. There may be multiple things to address and I will start with 2 major issues.

1) the addressing of your serial interfaces will not work. Both serial interfaces have IP addresses in the same network (100.100.100.0/24). I am surprised that you were able to get it into the configuration. You can not have the same subnet operate successfully on 2 physically separated links. You need to change the addressing so that B to A is one subnet and B to C is a different subnet. You might solve this by dividing your /24 into 2 subnets. But for a point to point serial connection all you really need is a /30 subnet (255.255.255.252). So your first step should be to change the addressing and subnetting of the serial interfaces.

2) router B has 3 static default routes configured. That is 2 too many.

- You have a default route on B with the next hop being the address of router A. This is good and you should keep it.

- You have a static default with the next hop being the address of router C. The syntax is ok. But this route makes no logical sense. Remember that the default route is used when you are not sure where the destination really is. It makes no sense to forward a packet for an unknown destination to C. What can C do with it? So remove this default route.

- You have a static default with the next hop being the provider address. You are correct that this is ultimately where we want the packet to an unknown destination to go. But router B has no information about where the ISP address really is and so would not be able to insert this default route into the routing table. Remove this default route.

 

Fix these 2 issues and let us know how things are working.

 

HTH

 

Rick

HTH

Rick

View solution in original post

Thanks, made changes, and improved the network, but i still a couple of problems,

Router C unable to ping 100.100.100.1 or beyond.

Router C from a pc attached to either network can ping everything except 50.78.70.246 ISP gateway.

 

Router B unable to 50.78.70.246 ISP Gateway

 

Router A This the strange part can ping both networks on B&C but unable to ping router B serial interface 200.200.2001 or router C 200.200.200.2

 

Router A from a pc attached to either network can ping everything, except serial interfaces 200.200.200.1 or 200.200.200.2

 

Have attached updated config and network page.

 

I really appreciate all the assistance, advice???  

 

View solution in original post

50 Replies 50

Hello,

 

add the lines in bold to your config:

 

ge0/0/1

192.168.1.129 255.255.255.128

ip nat inside

!

ge0/0/2

192.168.1.1 255.255.255.0

ip nat inside

!

interface X

ip address 50.78.70.245 255.255.255.252

ip nat outside

!

ip nat inside source list 1 interface X overload <-- where 'x' is the interface connected to the ISP

!

access-list 1 permit 192.168.1.0

!

ip route 0.0.0.0 0.0.0.0  50.78.70.246

 

 

 

mm5451
Level 1
Level 1

I added the lines you suggested, had no affect on the network, I have switch connected to ge0/0/1 and a pc connected to the switch, pc network is configured as IPaddress 192.168.1.5 255.255.255.128 Gateway 192.168.1.1 I can ping ge0/0/0 50.78.70.245 but unable to ping 50.78.70.246 which is the gateway, also the pc is unable to see the internet side of the router, I have attached a copy of the config of the router.

Thanks

Thanks for posting the router config. The main issue I see in the config is that Gig0/0/2 does not have ip nat inside. Please add that. Otherwise the config seems appropriate. 

 

I am quite puzzled about why the PC can successfully ping 50.78.70.245 but can not ping 50.78.70.246. It seems to suggest that there might be an issue with address translation. Can you try the ping again and then show the content of the translation table?

 

HTH

 

Rick 

 

 

 

HTH

Rick

Hello,

 

in addition to Richard's post, in your original post you said:

 

ISP Static Address

IP Address 50.78.70.245

50.78.70.252

Gateway 50.78.70.246

 

What is 50.78.70.252, or is that just a typo, and you meant to type 255.255.255.252 ?

 

You could try and use a route map for your NAT (changes are marked in bold). Also, although it is not recommended, try and change the default route to point to the outgoing interface:

 

! Last configuration change at 17:14:06 UTC Wed Jan 30 2019
!

!
interface GigabitEthernet0/0/0
description #Outside Internet#
ip address 50.78.70.245 255.255.255.252
ip nat outside
negotiation auto
!
interface GigabitEthernet0/0/1
description #Internal Network#
ip address 192.168.1.1 255.255.255.128
ip nat inside
negotiation auto
!
interface GigabitEthernet0/0/2
ip address 192.168.1.129 255.255.255.128
ip nat inside
negotiation auto
!
interface GigabitEthernet0/0/3
no ip address
shutdown
negotiation auto
!
interface Serial1/0/0
ip address 100.100.100.1 255.255.255.0
dsu bandwidth 44210
framing c-bit
cablelength 10
no cdp enable
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
ip address 194.169.2.65 255.255.255.0
negotiation auto
!
interface Vlan1
no ip address
shutdown
!
ip nat inside source route-map TO_ISP interface GigabitEthernet0/0/0 overload
no ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0
!
route-map TO_ISP
match ip address 1
match interface GigabitEthernet0/0/0

!

access-list 1 permit 192.168.1.0
!
control-plane
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
password Password!
login
!
end

I agree that the original post had garbled information about the addressing. The router config makes it pretty clear about the interface address and the gateway.

 

I agree that it might be a possibility to use a route map for the translation. But since the main use of route map for address translation is when you have more than one outbound interface (you want to match the interface as well as match the acl) and this situation has one a single outbound interface I do not see where there would be benefit in doing this.

 

I absolutely disagree with the suggestion to change the default route. Configuring a static route to point at an outbound ethernet interface without specifying the next hop will have a negative impact on router performance (how much impact is not clear but certainly having to arp for every destination address, having a larger arp table, and the cpu cycles to maintain that larger arp table are certainly negatives) but also introduces the possibility that the static route might not work at all. For this type of static route to work requires that the next hop router has enabled proxy arp, and many organizations are moving away from proxy arp because of the security issues associated with it.

 

HTH

 

Rick

HTH

Rick

My bad, I should have explained better what I am after. It is not a good idea to use the interface for a default route, absolutely true. The purpose of suggesting to do that was to find out if the IP address used might be the wrong one. The initial post has no subnet mask given for the IP addresses, so maybe it is not a /30, but a /28, and maybe the default gateway is the .252 ? I don't know why the .252 is in the post and what its purpose is.

If the static route works using the interface, then at least we know that the .246 is not the correct address...

I added the changes you suggested, but had no affect, so i am providing the exact plan of what iam trying to do, attached is the router config with the changes you suggested, also attached is the plan iam trying to do in a pdf file. This is what my ISP gave me as network info to use.

CPE IP-1 50.78.70.244/30

CPE gateway - 1 50.78.70.246

CPE subnet mask -1 255.255.255.252

CPE subnet mask -2 75.75.75.75

CPE subnet mask -3 75.75.76.76

Static IP address 50.78.70.245

even with the changes you suggested, from the router i can ping all the ip listed above, but from the pc attached to a switch with an ip address 192.168.1.5 subnet mask 255.255.255.128 Gateway 192.168.1.1, iam only able to ping the ge0/0/0 interface of the router ip address 50.78.70.245.

 

sorry the router config is attached to this post

Hello,

It seems, that NAT doesn't work. Please check access-list 1. It's standard ACL, and wildcard is not applied, so it could be 0.0.0.0 by default:

show ip access-list 1

 

then you can change it:

no access-list 1

access-list 1 permit 192.168.1.0 0.0.0.255

 

and check again:

show ip access-list 1

 

or better to use named ACL.

Hello,

 

the IP addresses you listed look odd. Which ones are you supposed to you use ? For the sake of testing, try and use the 75 addresses. The config would look like this:

 

! Last configuration change at 17:14:06 UTC Wed Jan 30 2019
!

!
interface GigabitEthernet0/0/0
description #Outside Internet#
ip address 75.75.76.75 255.255.255.252
ip nat outside
negotiation auto
!
interface GigabitEthernet0/0/1
description #Internal Network#
ip address 192.168.1.1 255.255.255.128
ip nat inside
negotiation auto
!
interface GigabitEthernet0/0/2
ip address 192.168.1.129 255.255.255.128
ip nat inside
negotiation auto
!
interface GigabitEthernet0/0/3
no ip address
shutdown
negotiation auto
!
interface Serial1/0/0
ip address 100.100.100.1 255.255.255.0
dsu bandwidth 44210
framing c-bit
cablelength 10
no cdp enable
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
ip address 194.169.2.65 255.255.255.0
negotiation auto
!
interface Vlan1
no ip address
shutdown
!
ip nat inside source list 1 interface GigabitEthernet0/0/0 overload
no ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip route 0.0.0.0 0.0.0.0 75.75.76.76

!

access-list 1 permit 192.168.1.0
!
control-plane
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
password Password!
login
!
end

Better yet, post a screenshotof what your ISP gave you...

interface GigabitEthernet0/0/0
description #Outside Internet#
ip address 75.75.76.75 255.255.255.252
ip nat outside
negotiation auto

 

Tried this, received message from router bad mask /30 for address 75.75.76.75

75.75.76.75 is broadcast address with mask 30. It's invalid, and you can't configure it on interface with such mask.

Moreover, these addresses look like DNS servers.

I think, you don't need to change IP addressing, please, return as it was before.

Try option which, I wrote with ACL. You ACL doesn't match the traffic for NAT now, because it has wildcard 0.0.0.0

Configure following:

 

no access-list 1

access-list 1 permit 192.168.1.0 0.0.0.255

 

and then try connectivity and send running config on router

 

 

Hello,

 

without seeing what you actualy got from your ISP it is just guesswork. The mask could be /31 (255.255.255.254). Best to check back with your ISP to make sure you are using the correct addresses...

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: