I am glad that my response was helpful.  Thank you for using the rating system to mark this question as answered. This will help other readers in the forum to identify threads that have helpful information

HTH

Rick

Just out of curiosity, any ideas why ping would respond to addresses such as 8.8.8.8 on the router with this ip route in the table but without it they don't respond on the router?

Thank you for your help 

I am not sure that I understand your question. Are you saying that with the default route that you mention that the router can ping Internet resources and without the default route it can not ping Internet resources? Or are you saying that only some Internet resources are available? Clarification of this point would be helpful.

It would also be helpful to know what is configured on this router for a default route for the router? And whether anything different is configured for the devices behind the router.

HTH

Rick

With the config below I have no issues accessing the internet from any of the computers on the network, so this isn't a problem per say just more of a curiosity as to why I can't ping 8.8.8.8 from the router and get a response but from any computer on the network I can. If I add the route ip route 0.0.0.0 0.0.0.0 gigabitethernet 0/0 I am able to ping wan addresses from the router but without it I cannot.

Building configuration...

Current configuration : 4624 bytes
!
! Last configuration change at 03:29:58 UTC Sun Feb 8 2015 by admin
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Router2821
!
boot-start-marker
boot-end-marker
!
!
no logging console
!
aaa new-model
!
!
!
!
!
!
!
aaa session-id common
!
!
dot11 syslog
ip source-route
!
!
ip cef
!
!
!
ip domain name Home
ip name-server 8.8.8.8
ip name-server 8.8.4.4
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
voice-card 0
!
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-1210990****
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-121099****
 revocation-check none
 rsakeypair TP-self-signed-121099****
!
!
crypto pki certificate chain TP-self-signed-1210990455
 certificate self-signed 01
  3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 31323130 39393034 3535301E 170D3135 30323037 30343433
  34365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 32313039
  39303435 3530819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100DEDD 726BDA99 E054D416 25F93046 BA91A4E0 56C8CA07 73097F64 CE01A6B0
  82A6B25B 100A95D8 89EDB16C 48533CA0 B9FA8B94 E0B784E5 D3D6296D FBB1E657
  CE65F44D 25E4A34C EAFC2083 722B9D6F 03944291 DF793346 50CF786B 9BC645CD
  4934D862 D8142CD5 F04F35ED C5D49059 C33689FF 3B21A5EF 245FE4E2 81C65EE8
  4C950203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
  551D2304 18301680 1445F1A7 19FEAD5F 65BFB327 5BFAE732 0644DF75 E5301D06
  03551D0E 04160414 45F1A719 FEAD5F65 BFB3275B FAE73206 44DF75E5 300D0609
  2A864886 F70D0101 05050003 81810061 A3041694 8D1BD946 E2417879 21D16C4C
  7C14F25A 3C4E6379 D7EAF817 **************FA53DF50 4E30B741 410401E9 C1AE8BAD
  9B7CA010 4DEC3D9B 742B36A0 494B3657 25B7F117 706557B2 8B22C6BC 5F0E7E02
  2AFA7C9D F7831580 D6A71AD9 7C0804E8 350CF09B 9CCAE9AE BFAD3716 AB45860C
  AD7D4855 8FFFC121 37E1E5FC CFCCF3
        quit
!
!
license udi pid CISCO2821 sn FTX1121*****
username admin privilege 15 password 7 13432E3A21************
!
redundancy
!
!
ip ssh time-out 70
ip ssh authentication-retries 2
ip ssh version 1
!
class-map type inspect match-any All_Protocols
 match protocol tcp
 match protocol udp
 match protocol icmp
!
!
policy-map type inspect Trusted_to_Internet
 class type inspect All_Protocols
  inspect
 class class-default
  drop
!
zone security Trusted
zone security Internet
zone-pair security Trusted->Internet source Trusted destination Internet
 service-policy type inspect Trusted_to_Internet
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0
 description WAN
 ip address dhcp
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 no ip address
 duplex auto
 speed auto
!
interface GigabitEthernet0/1.1
 description LAN
 encapsulation dot1Q 1 native
 ip address 10.10.1.253 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
!
interface GigabitEthernet0/1.2
 description WIRELESS
 encapsulation dot1Q 2
 ip address 192.168.2.254 255.255.255.0
 ip access-group wifi_block in
 ip access-group wifi_block out
 ip nat inside
 ip virtual-reassembly in
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
!
!
ip nat inside source static tcp 10.10.1.14 3389 interface GigabitEthernet0/0 3389
ip nat inside source list NAT interface GigabitEthernet0/0 overload
ip nat inside source static udp 10.10.1.249 1194 interface GigabitEthernet0/0 1194
ip nat inside source static udp 10.10.1.249 1195 interface GigabitEthernet0/0 1195
ip nat inside source static tcp 10.10.1.249 443 interface GigabitEthernet0/0 443
ip nat inside source static tcp 10.10.1.249 22 interface GigabitEthernet0/0 1022
ip route 10.28.0.0 255.255.255.0 10.10.1.249
ip route 10.29.0.0 255.255.255.0 10.10.1.249
ip route 10.30.0.0 255.255.255.0 10.10.1.249
!
ip access-list extended NAT
 deny   ip 10.10.1.0 0.0.0.255 192.168.2.0 0.0.0.255
 deny   ip 192.168.2.0 0.0.0.255 10.10.1.0 0.0.0.255
 permit ip any any
ip access-list extended wifi_block
 deny   ip 10.10.1.0 0.0.0.255 192.168.2.0 0.0.0.255
 permit ip any any
!
!
!
!
!
snmp-server community fast_stats RO
snmp-server host 10.10.1.249 version 2c fast_stats
!
!
!
!
control-plane
!
!
!
!
mgcp profile default
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
 privilege level 15
 password 7 054D3F270B67**************
 transport input ssh
!
scheduler allocate 20000 1000
end

Thanks for posting the router config. It does help to know what is in the config. I am surprised that with this config computers inside the network are successful in accessing Internet resources but the router is not. And that if you add that default route then the router can access Internet resources.

Could you post the output of show ip route from the router (when the default route is not configured)? Perhaps that will shed some light on things.

HTH

Rick

Gateway of last resort is 68.***.64.1 to network 0.0.0.0

S*    0.0.0.0/0 [254/0] via 68.***.64.1
      10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks
C        10.10.1.0/24 is directly connected, GigabitEthernet0/1.1
L        10.10.1.253/32 is directly connected, GigabitEthernet0/1.1
S        10.28.0.0/24 [1/0] via 10.10.1.249
S        10.29.0.0/24 [1/0] via 10.10.1.249
S        10.30.0.0/24 [1/0] via 10.10.1.249
      68.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        68.***.64.0/20 is directly connected, GigabitEthernet0/0
L        68.***.75.45/32 is directly connected, GigabitEthernet0/0
      172.19.0.0/32 is subnetted, 1 subnets
S        172.19.121.13 [254/0] via 68.***.64.1, GigabitEthernet0/0
      192.168.2.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.2.0/24 is directly connected, GigabitEthernet0/1.2
L        192.168.2.254/32 is directly connected, GigabitEthernet0/1.2

Thanks again for the help.

I had tried to post a response a little while ago. But it seems to have disappeared. If a duplicate post turns up I apologize.

Thank you for posting the output of show ip route. It does show that the router has learned a default route from the peer on the public interface. This does explain why devices inside the network are able to access Internet resources. But I am puzzled why the learned default route is not working for traffic generated from the router.

I am also puzzled at the other route that your router seems to have learned on the public interface.

S        172.19.121.13 [254/0] via 68.***.64.1, GigabitEthernet0/0

Do you have any insight into what this address is?

Could you configure the static default route that makes the router able to ping and then post the output of show ip route

HTH

Rick

I have that 0/0 interface which connects to my cable modem set to DHCP as I don't have a static IP address. So not sure what I would put in for the static route other than a gateway of the interface itself. should I make a static route of ip route 0.0.0.0/0  68.***.64.1? The only problem is when my ISP assigns me a new IP address I think that gateway changes on occasion.

No you should not try to create a static route and put in a next hop address based on the current assignment. As you note this would possibly become a problem as addresses assignments change. In your original post you mention this static route and it is the one that I suggest that you put into the config

ip route 0.0.0.0 0.0.0.0 gigabitethernet 0/0

There is a form of the static route that tells the router to use DHCP for the default and if we need it you can use that one. But for now I would like to see the results if you use the form of static route that you identified in your original post.

HTH

Rick

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

S*    0.0.0.0/0 is directly connected, GigabitEthernet0/0
      10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks
C        10.10.1.0/24 is directly connected, GigabitEthernet0/1.1
L        10.10.1.253/32 is directly connected, GigabitEthernet0/1.1
S        10.28.0.0/24 [1/0] via 10.10.1.249
S        10.29.0.0/24 [1/0] via 10.10.1.249
S        10.30.0.0/24 [1/0] via 10.10.1.249
      68.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        68.102.64.0/20 is directly connected, GigabitEthernet0/0
L        68.102.75.45/32 is directly connected, GigabitEthernet0/0
      172.19.0.0/32 is subnetted, 1 subnets
S        172.19.121.13 [254/0] via 68.102.64.1, GigabitEthernet0/0
      192.168.2.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.2.0/24 is directly connected, GigabitEthernet0/1.2
L        192.168.2.254/32 is directly connected, GigabitEthernet0/1.2

I will say though that after I add this route my internet is very sluggish. takes about 30 seconds to load cnn.com where as before it was pretty instant. I should also note that the workstations are all setup to use 8.8.8.8 for DNS

I am quite puzzled at why both forms of the default route work for devices inside your network. But only one form of the default route works for traffic originated from the router. Perhaps the next step to investigate this would be to remove the manual static default route that you added and go back to the config with no configured default route. Then at some time when network traffic is at a low level of activity turn on debug ip packet and try the ping from the router to 8.8.8.8 and post the debug output.

HTH

Rick

I found my issue, however it makes no sense to me. I removed my 3 static routes, once removed I can now ping 8.8.8.8 from the router and get a response. On the same note the if I set my workstation to the router for dns it cannot do name resolution, but I can from the router ping www.google.com and get a response.

ip route 10.28.0.0 255.255.255.0 10.10.1.249

ip route 10.29.0.0 255.255.255.0 10.10.1.249

ip route 10.30.0.0 255.255.255.0 10.10.1.249

I don't know why this would make a difference. These routes point to my OpenVPN server that is used for the only. My main network is 10.10.1.0/24 and a wireless network at 192.168.2.0/24

update: so I added the routes back into the config so my openvpn server would function and everything as of now is working...I have no idea on why this would be. I setup a 1841 with the same config a few days ago and had the same issue. Both on IOS 15.1 so I'm stumped to why I had this issue. Hopefully it won't come back.

I am glad to know that you have resolved this issue. I am quite surprised that those static routes would have been part of the issue. It would be easier to understand that the static routes had an impact if they also impacted access from devices inside the network. But it is very strange that they impacted ping from the router but not from devices inside.

I wonder if something in the routing logic had gotten into an unexpected state and if removing the static routes allowed the routing logic to get back into its normal state.

HTH

Rick