02-06-2012 07:29 PM - edited 03-04-2019 03:09 PM
Here is my home topology:
1. Dell Server: Domain: SWLAB.lab, Static Ip 192.168.1.91/24, Default Gateway: 192.168.1.1/24, Running services DHCP and DNS. DCHP ip scope 192.168.1.1 - 192.168.1.100. Ip address excluded start ip add .1 end ip add .5, .50 - .60, and .90 - .99.
2. Asus wireless router LAN ip: 192.168.1.1/24 (DHCP Disable) Router has 4 ports.
2. WAN IP: 134.74.126.111/27
3. External Gateway 134.74.126.50
I want to connect to internet through Cisco router 1841. Currently, I connected FastEthernet0/0 to the Asus wireless router that I disable DHCP services and it captured DHCP ip from my Server.
interface FastEthernet0/0
ip address dhcp
ip nat outside
ip virtual-reassembly
interface FastEthernet0/1
description to switch 2960 on Fa0/1
ip address 192.168.10.5 255.255.255.0
ip nat inside
ip virtual-reassembly
R1#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
C 192.168.1.0/24 is directly connected, FastEthernet0/0
S* 0.0.0.0/0 is directly connected, FastEthernet0/0
I can ping my server etc. as well as WAN IP but I cannot ping WAN IP Gateway 134.74.126.50. I also cannot ping www.yahoo.com
I would appreciate for your help on giving me the right configuration to access my PC that connected to Switch fas0/2 to the internet.
Thank you.
02-06-2012 08:12 PM
Hi,
The thing is that your ASUS router sends packets from your 1841 and leave source ip of those packets unchanged. That means that packet enter internet with destination of yahoo ip address (for example) and source of 192.168.1.X (which is 1841 ip address). So there is no way for these packets to come back as those are source ip's not routable within internet.
You need to make your ASUS router to do NAT (PAT) from 192.168.1.X to it's WAN ip address 134.74.126.111. And send then those packets on behalf of 1841. Return packets then will be correctly router back to ASUS through internet which will do backward NAT and send those correctly to 1841.
Hope this helps,
Nik
02-06-2012 10:34 PM
Hi Nik,
I check the Asus router NAT is enable under WAN advanced settings. What else it could be left not configure?
02-06-2012 11:05 PM
From 1841 perspective you have all:
- ip to GW (Asus router )
- route to GW
- LAN interface
And you also see traffic is flowwing to your server through 1841. So you need to check if NAT is actually working. Do you see translations created on Asus when you try to connect to internet? What are those translations?
Nik
02-07-2012 01:30 AM
Hi,
not being able to ping the WAN gateway is probably normal behaviour as this is surely forbidden by your ISP.
could you try to ping 8.8.8.8 and tell us if it works then if pinging by name still fails then you have a DNS problem.
Regards.
Alain
02-07-2012 05:06 PM
hi alain,
i would disagree with you on this. i haven't encountered yet an ISP blocking ICMP from a CE router to their PE router (at least for the /30 IP). it would be difficult to verify your connection with the ISP if this is the case.
02-07-2012 01:44 AM
Hi,
I don't see any default route towards ISP next hop IP. Could you post your 1841 config (removing sensitive info)?
Sent from Cisco Technical Support iPhone App
02-07-2012 02:40 PM
Sure..np here it is John
R1#sh running-config
Building configuration...
Current configuration : 1550 bytes
!
version 12.4
no service timestamps debug uptime
no service timestamps log uptime
service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
!
no aaa new-model
memory-size iomem 25
dot11 syslog
ip source-route
!
ip cef
no ip domain lookup
no ipv6 cef
!
multilink bundle-name authenticated
!
archive
log config
hidekeys
!
ip tcp synwait-time 5
!
interface FastEthernet0/0
ip address dhcp
ip nat outside
ip virtual-reassembly
speed auto
half-duplex
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
shutdown
clock rate 2000000
!
interface Serial0/1/0
no ip address
shutdown
clock rate 2000000
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
no ip http server
no ip http secure-server
!
ip nat inside source list 101 interface FastEthernet0/0 overload
!
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
!
control-plane
!
alias exec t configure terminal
alias exec c copy runn start
!
line con 0
exec-timeout 0 0
privilege level 15
password 7 04480A08052E5F4B
login
line aux 0
line vty 0 4
privilege level 15
login
!
scheduler allocate 20000 1000
end
02-07-2012 03:45 PM
Hi,
Thanks for posting your config! Could you confirm with your ISP your WAN IP and what type of service are we talking about (MetroE, static ADSL)? This should be a /30 point-to-point IP.
2. WAN IP: 134.74.126.111/27.
Perform ping tests and let us know your results:
- To ISP next hop IP
- 4.2.2.2
Sent from Cisco Technical Support iPhone App
02-07-2012 03:48 PM
Whoops! My full post didn't show up. Buggy iPhone app. Let me do it again using my PC.
Sent from Cisco Technical Support iPhone App
02-07-2012 04:10 PM
ok. here we go.
2. WAN IP: 134.74.126.111/27 <<< Public LAN IP?
3. External Gateway 134.74.126.50 <<< ISP next hop?
interface FastEthernet0/0
ip address
ip nat outside
interface FastEthernet0/1
ip address 192.168.x.1 255.255.255.0
ip nat inside
no shutdown
ip route 0.0.0.0 0.0.0.0
ip nat inside source list 101 interface FastEthernet0/0 overload
access-list 101 permit ip 192.168.x.0 0.0.0.255 any
ip name-server
02-07-2012 08:12 PM
Hi John,
Here it is.....
R1#sh running-config brief
Building configuration...
ip cef
no ip domain lookup
ip name-server 209.18.47.61
ip name-server 209.18.47.62
no ipv6 cef
!
multilink bundle-name authenticated
!
archive
log config
hidekeys
!
ip tcp synwait-time 5
!
interface FastEthernet0/0
ip address 134.74.126.111 255.255.248.0
ip nat outside
ip virtual-reassembly
speed auto
half-duplex
!
interface FastEthernet0/1
ip address 192.168.1.5 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
shutdown
clock rate 2000000
!
interface Serial0/1/0
no ip address
shutdown
clock rate 2000000
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 134.74.126.50
no ip http server
no ip http secure-server
!
ip nat inside source list 101 interface FastEthernet0/0 overload
!
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
!
control-plane
!
FYI, I got Time Warner cable as my ISP currently and the reason I am trying to make this thing to work is that I could telnet my in-home cisco rack from the outside.but so far with your guide above I even can't ping my LAN as well as WAN so this is far from soving John...? what you think? Thanks
02-07-2012 09:03 PM
hi,
have you confirmed if the ISP provided you with a /30 point-to-point IP and if the 134.74.126.111/27 is your LAN IP range.
could you provide a brief topology of your network?
try to do a quick test:
- connect a laptop/PC directly from the cable modem, set it to auto obtain IP and post your ipconfig.
- if you get an IP address from the direct connection, set your 1841 as below:
int f0/0
ip address dhcp
ip route 0.0.0.0 0.0.0.0 dhcp
#renew dhcp f0/0
and do ping tests again and post your results.
02-07-2012 09:17 PM
Sure np...but I was surprise when I direct connect to modem after ipconfig release & renew I got this information
So above is the info I got directly to modem. What do you think?
02-07-2012 09:31 PM
My brief topology I got cable modem wired to my Asus wireless WAN and the four ports one of them going to my Windows 2008 server that has DNS and DHCP services under AD running. That is why I disable the DHCP Asus wireless. I got my LAN all running through AD from the server. The 1841 got IP from the server too early. So that is my brief topology...would you to know what you think?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide