How do I connect router to internet

arifdatau · ‎02-06-2012

Here is my home topology:

1. Dell Server: Domain: SWLAB.lab, Static Ip 192.168.1.91/24, Default Gateway: 192.168.1.1/24, Running services DHCP and DNS. DCHP ip scope 192.168.1.1 - 192.168.1.100. Ip address excluded start ip add .1 end ip add .5, .50 - .60, and .90 - .99.

2. Asus wireless router LAN ip: 192.168.1.1/24 (DHCP Disable) Router has 4 ports.

2. WAN IP: 134.74.126.111/27

3. External Gateway 134.74.126.50

I want to connect to internet through Cisco router 1841. Currently, I connected FastEthernet0/0 to the Asus wireless router that I disable DHCP services and it captured DHCP ip from my Server.

interface FastEthernet0/0

ip address dhcp

ip nat outside

ip virtual-reassembly

interface FastEthernet0/1

description to switch 2960 on Fa0/1

ip address 192.168.10.5 255.255.255.0

ip nat inside

ip virtual-reassembly

R1#sh ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

C 192.168.1.0/24 is directly connected, FastEthernet0/0

S* 0.0.0.0/0 is directly connected, FastEthernet0/0

I can ping my server etc. as well as WAN IP but I cannot ping WAN IP Gateway 134.74.126.50. I also cannot ping www.yahoo.com

I would appreciate for your help on giving me the right configuration to access my PC that connected to Switch fas0/2 to the internet.

Thank you.

nkarpysh · ‎02-06-2012

Hi,

The thing is that your ASUS router sends packets from your 1841 and leave source ip of those packets unchanged. That means that packet enter internet with destination of yahoo ip address (for example) and source of 192.168.1.X (which is 1841 ip address). So there is no way for these packets to come back as those are source ip's not routable within internet.

You need to make your ASUS router to do NAT (PAT) from 192.168.1.X to it's WAN ip address 134.74.126.111. And send then those packets on behalf of 1841. Return packets then will be correctly router back to ASUS through internet which will do backward NAT and send those correctly to 1841.

Hope this helps,

Nik

HTH,
Niko

arifdatau · ‎02-06-2012

Hi Nik,

I check the Asus router NAT is enable under WAN advanced settings. What else it could be left not configure?

nkarpysh · ‎02-06-2012

From 1841 perspective you have all:

- ip to GW (Asus router )

- route to GW

- LAN interface

And you also see traffic is flowwing to your server through 1841. So you need to check if NAT is actually working. Do you see translations created on Asus when you try to connect to internet? What are those translations?

Nik

HTH,
Niko

cadet alain · ‎02-07-2012

Hi,

not being able to ping the WAN gateway is probably normal behaviour as this is surely forbidden by your ISP.

could you try to ping 8.8.8.8 and tell us if it works then if pinging by name still fails then you have a DNS problem.

Regards.

Alain

Don't forget to rate helpful posts.

johnlloyd_13 · ‎02-07-2012

hi alain,

i would disagree with you on this. i haven't encountered yet an ISP blocking ICMP from a CE router to their PE router (at least for the /30 IP). it would be difficult to verify your connection with the ISP if this is the case.

johnlloyd_13 · ‎02-07-2012

Hi,

I don't see any default route towards ISP next hop IP. Could you post your 1841 config (removing sensitive info)?

Sent from Cisco Technical Support iPhone App

arifdatau · ‎02-07-2012

Sure..np here it is John

R1#sh running-config

Building configuration...

Current configuration : 1550 bytes

!

version 12.4

no service timestamps debug uptime

no service timestamps log uptime

service password-encryption

!

hostname R1

!

boot-start-marker

boot-end-marker

!

logging message-counter syslog

!

no aaa new-model

memory-size iomem 25

dot11 syslog

ip source-route

!

ip cef

no ip domain lookup

no ipv6 cef

!

multilink bundle-name authenticated

!

archive

log config

hidekeys

!

ip tcp synwait-time 5

!

interface FastEthernet0/0

ip address dhcp

ip nat outside

ip virtual-reassembly

speed auto

half-duplex

!

interface FastEthernet0/1

no ip address

shutdown

duplex auto

speed auto

!

interface Serial0/0/0

no ip address

shutdown

clock rate 2000000

!

interface Serial0/1/0

no ip address

shutdown

clock rate 2000000

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 FastEthernet0/0

no ip http server

no ip http secure-server

!

ip nat inside source list 101 interface FastEthernet0/0 overload

!

access-list 101 permit ip 192.168.1.0 0.0.0.255 any

!

control-plane

!

alias exec t configure terminal

alias exec c copy runn start

!

line con 0

exec-timeout 0 0

privilege level 15

password 7 04480A08052E5F4B

login

line aux 0

line vty 0 4

privilege level 15

login

!

scheduler allocate 20000 1000

end

johnlloyd_13 · ‎02-07-2012

Hi,

Thanks for posting your config! Could you confirm with your ISP your WAN IP and what type of service are we talking about (MetroE, static ADSL)? This should be a /30 point-to-point IP.

2. WAN IP: 134.74.126.111/27.

Perform ping tests and let us know your results:

- To ISP next hop IP

- 4.2.2.2

Sent from Cisco Technical Support iPhone App

johnlloyd_13 · ‎02-07-2012

Whoops! My full post didn't show up. Buggy iPhone app. Let me do it again using my PC.

Sent from Cisco Technical Support iPhone App

johnlloyd_13 · ‎02-07-2012

ok. here we go.

2. WAN IP: 134.74.126.111/27 <<< Public LAN IP?

3. External Gateway 134.74.126.50 <<< ISP next hop?

interface FastEthernet0/0

ip address 255.255.255.252

ip nat outside

interface FastEthernet0/1

ip address 192.168.x.1 255.255.255.0

ip nat inside

no shutdown

ip route 0.0.0.0 0.0.0.0

ip nat inside source list 101 interface FastEthernet0/0 overload

access-list 101 permit ip 192.168.x.0 0.0.0.255 any

ip name-server

arifdatau · ‎02-07-2012

Hi John,

Here it is.....

R1#sh running-config brief

Building configuration...

ip cef

no ip domain lookup

ip name-server 209.18.47.61

ip name-server 209.18.47.62

no ipv6 cef

!

multilink bundle-name authenticated

!

archive

log config

hidekeys

!

ip tcp synwait-time 5

!

interface FastEthernet0/0

ip address 134.74.126.111 255.255.248.0

ip nat outside

ip virtual-reassembly

speed auto

half-duplex

!

interface FastEthernet0/1

ip address 192.168.1.5 255.255.255.0

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

!

interface Serial0/0/0

no ip address

shutdown

clock rate 2000000

!

interface Serial0/1/0

no ip address

shutdown

clock rate 2000000

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 134.74.126.50

no ip http server

no ip http secure-server

!

ip nat inside source list 101 interface FastEthernet0/0 overload

!

access-list 101 permit ip 192.168.1.0 0.0.0.255 any

!

control-plane

!

FYI, I got Time Warner cable as my ISP currently and the reason I am trying to make this thing to work is that I could telnet my in-home cisco rack from the outside.but so far with your guide above I even can't ping my LAN as well as WAN so this is far from soving John...? what you think? Thanks

johnlloyd_13 · ‎02-07-2012

hi,

have you confirmed if the ISP provided you with a /30 point-to-point IP and if the 134.74.126.111/27 is your LAN IP range.

could you provide a brief topology of your network?

try to do a quick test:

- connect a laptop/PC directly from the cable modem, set it to auto obtain IP and post your ipconfig.

- if you get an IP address from the direct connection, set your 1841 as below:

int f0/0

ip address dhcp

ip route 0.0.0.0 0.0.0.0 dhcp

#renew dhcp f0/0

and do ping tests again and post your results.

arifdatau · ‎02-07-2012

Sure np...but I was surprise when I direct connect to modem after ipconfig release & renew I got this information

So above is the info I got directly to modem. What do you think?

arifdatau · ‎02-07-2012

My brief topology I got cable modem wired to my Asus wireless WAN and the four ports one of them going to my Windows 2008 server that has DNS and DHCP services under AD running. That is why I disable the DHCP Asus wireless. I got my LAN all running through AD from the server. The 1841 got IP from the server too early. So that is my brief topology...would you to know what you think?