01-24-2010 11:46 AM - edited 03-04-2019 07:17 AM
Hello you all,
Iam kinda new in the field although i really like to play around with all sorts of hardware. My setup contains a dell 2900 server with ESX4 and enough resources and offcourse some cisco equipment.
My problem is as follows,
I have set up my 851/w which as you can see in the picture is directly connected with the internet. Is give's ip addresses to any client who connects on the router. So i thought let's put in a switch and connect some virtual server and you know, it works! The servers get an ip address in the same range as the client pc. Nothing funny so far but the problem arises when i put all the server in seperate VLANs i can't seem to get internet form the server side. I know the switch is capable of routing and it does route, because on the 851 i can ping the each server and vice versa. Also when i connect a pc to any other port on the switch is just give's a ip address with internet access.
Needles to say that i configured static route for each network in which a server reside on the 851 router so that is why the pings work.
What am i missing and how do i fix it,
Kind Gegards,
Henk Velthoven
The picture show the actual setup with ip addresses except the wan side because that is dynamic, also the config from both router and switch are included as attachments (some line's are omitted for brevity, hmm i have read that before ).
Solved! Go to Solution.
01-24-2010 01:22 PM
velthovenh wrote:
Hey Jon,
Thanks for helping me out, much appreciated.
Ik took my laptop and hooked it up to Fa0/11 on the switch and configured it with the same ip address as server 10.55.80.2
Here is wat works,
Ping to Default gateway 10.55.80.1 ok
Ping to 851 interface ok
Ping to 851 external ok
But then when i ping 74.15.77.104 which is google.nl it also works fine. (before the change of the "Permit list" it didn't so something started working) Still with the explorer i get no internet access.
Tracing route to 74.125.77.104 over a maximum of 30 hops
1 1 ms <1 ms <1 ms 10.55.80.1
2 1 ms 5 ms 1 ms 192.168.1.254
3 11 ms 9 ms 11 ms 10.15.30.1
4 11 ms 12 ms 16 ms 212.142.3.1
5 17 ms 15 ms 13 ms 84.116.244.17
6 18 ms 13 ms 13 ms 84.116.131.9
7 14 ms 15 ms 18 ms 72.14.218.61
8 18 ms 15 ms 55 ms 209.85.248.93
9 22 ms 15 ms 18 ms 64.233.175.246
10 17 ms 17 ms 22 ms 72.14.239.197
11 26 ms 33 ms 45 ms 209.85.255.110
12 22 ms 17 ms 25 ms 74.125.77.104Trace complete.
SH IP ROUTE of 3550
Gateway of last resort is 192.168.1.254 to network 0.0.0.0
192.168.120.0/30 is subnetted, 1 subnets
C 192.168.120.0 is directly connected, Vlan3
172.20.0.0/30 is subnetted, 1 subnets
C 172.20.80.0 is directly connected, Vlan2
10.0.0.0/30 is subnetted, 1 subnets
C 10.55.80.0 is directly connected, Vlan4
C 192.168.1.0/24 is directly connected, Vlan1
S* 0.0.0.0/0 [1/0] via 192.168.1.254SH IP ROUTE of 851
Gateway of last resort is 77.251.146.1 to network 0.0.0.0
192.168.120.0/30 is subnetted, 1 subnets
S 192.168.120.0 is directly connected, Vlan1
172.20.0.0/30 is subnetted, 1 subnets
S 172.20.80.0 is directly connected, Vlan1
77.0.0.0/24 is subnetted, 1 subnets
C 77.251.146.0 is directly connected, FastEthernet4
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
S 10.15.30.1/32 [254/0] via 77.251.146.1, FastEthernet4
S 10.55.80.0/30 is directly connected, Vlan1
C 192.168.1.0/24 is directly connected, Vlan1
S* 0.0.0.0/0 [254/0] via 77.251.146.1SH IP NAT TRA
Pro Inside global Inside local Outside local Outside global
udp 77.251.146.29:137 10.55.80.2:137 10.15.30.1:137 10.15.30.1:137
udp 77.251.146.29:137 10.55.80.2:137 64.233.175.246:137 64.233.175.246:137
udp 77.251.146.29:137 10.55.80.2:137 72.14.218.61:137 72.14.218.61:137
udp 77.251.146.29:137 10.55.80.2:137 72.14.239.197:137 72.14.239.197:137
udp 77.251.146.29:137 10.55.80.2:137 74.125.77.104:137 74.125.77.104:137
udp 77.251.146.29:137 10.55.80.2:137 84.116.131.9:137 84.116.131.9:137
udp 77.251.146.29:137 10.55.80.2:137 84.116.244.17:137 84.116.244.17:137
udp 77.251.146.29:137 10.55.80.2:137 209.85.248.93:137 209.85.248.93:137
udp 77.251.146.29:137 10.55.80.2:137 209.85.255.110:137 209.85.255.110:137
udp 77.251.146.29:137 10.55.80.2:137 212.142.3.1:137 212.142.3.1:137
udp 77.251.146.29:51984 10.55.80.2:51984 192.168.2.99:161 192.168.2.99:161
tcp 77.251.146.29:49838 192.168.1.1:49838 66.102.13.102:80 66.102.13.102:80Hope it is any good to you
Just a quick question. You can ping google.nl so NAT and routing are working.
What happens if you try to access google.nl in your web browser but use the IP rather than the name ie.
Jon
01-24-2010 12:10 PM
velthovenh wrote:
Hello you all,
Iam kinda new in the field although i really like to play around with all sorts of hardware. My setup contains a dell 2900 server with ESX4 and enough resources and offcourse some cisco equipment.
My problem is as follows,
I have set up my 851/w which as you can see in the picture is directly connected with the internet. Is give's ip addresses to any client who connects on the router. So i thought let's put in a switch and connect some virtual server and you know, it works! The servers get an ip address in the same range as the client pc. Nothing funny so far but the problem arises when i put all the server in seperate VLANs i can't seem to get internet form the server side. I know the switch is capable of routing and it does route, because on the 851 i can ping the each server and vice versa. Also when i connect a pc to any other port on the switch is just give's a ip address with internet access.
Needles to say that i configured static route for each network in which a server reside on the 851 router so that is why the pings work.
What am i missing and how do i fix it,
Kind Gegards,
Henk Velthoven
The picture show the actual setup with ip addresses except the wan side because that is dynamic, also the config from both router and switch are included as attachments (some line's are omitted for brevity, hmm i have read that before ).
Please change the acls on your router -
access-list 2 permit 192.168.120.0 0.0.0.252
access-list 3 remark INTENET TOEGANG
access-list 3 permit 172.20.80.0 0.0.0.252
access-list 4 remark INTENET TOEGANG
access-list 4 permit 10.55.80.0 0.0.0.252
to
access-list 2 permit 192.168.120.0 0.0.0.3
access-list 3 remark INTENET TOEGANG
access-list 3 permit 172.20.80.0 0.0.0.3
access-list 4 remark INTENET TOEGANG
access-list 4 permit 10.55.80.0 0.0.0.3
Jon
01-24-2010 12:31 PM
Hoi Jon,
I have changed the rules just like you told me to but it still doesn't work. Thought a reload might do the trick but it won't, really gets me thinking why it won't work. Any more ideas?
Gr Henk
01-24-2010 12:40 PM
velthovenh wrote:
Hoi Jon,
I have changed the rules just like you told me to but it still doesn't work. Thought a reload might do the trick but it won't, really gets me thinking why it won't work. Any more ideas?
Gr Henk
Okay, a few ping tests are in order. Apologies if you've covered this but with a config change, best to test it all
1) from the server 172.20.80.2 can you ping -
i) it's default-gateway - 172.20.80.1
ii) the 851 internal interface - 192.168.1.254
iii) the 851 external interface - whatever that is
After doing this can you try pinging and also tracerouting to a web server on the internet via it's IP address - 88.221.32.170 and post results.
Finally can you post result of a "sh ip nat translations" from the 851.
Edit - oops sorry forgot. Can i have a "show ip route" from the 3550 and the 851.
Jon
01-24-2010 01:17 PM
Hey Jon,
Thanks for helping me out, much appreciated.
Ik took my laptop and hooked it up to Fa0/11 on the switch and configured it with the same ip address as server 10.55.80.2
Here is wat works,
Ping to Default gateway 10.55.80.1 ok
Ping to 851 interface ok
Ping to 851 external ok
But then when i ping 74.15.77.104 which is google.nl it also works fine. (before the change of the "Permit list" it didn't so something started working) Still with the explorer i get no internet access.
Tracing route to 74.125.77.104 over a maximum of 30 hops
1 1 ms <1 ms <1 ms 10.55.80.1
2 1 ms 5 ms 1 ms 192.168.1.254
3 11 ms 9 ms 11 ms 10.15.30.1
4 11 ms 12 ms 16 ms 212.142.3.1
5 17 ms 15 ms 13 ms 84.116.244.17
6 18 ms 13 ms 13 ms 84.116.131.9
7 14 ms 15 ms 18 ms 72.14.218.61
8 18 ms 15 ms 55 ms 209.85.248.93
9 22 ms 15 ms 18 ms 64.233.175.246
10 17 ms 17 ms 22 ms 72.14.239.197
11 26 ms 33 ms 45 ms 209.85.255.110
12 22 ms 17 ms 25 ms 74.125.77.104
Trace complete.
SH IP ROUTE of 3550
Gateway of last resort is 192.168.1.254 to network 0.0.0.0
192.168.120.0/30 is subnetted, 1 subnets
C 192.168.120.0 is directly connected, Vlan3
172.20.0.0/30 is subnetted, 1 subnets
C 172.20.80.0 is directly connected, Vlan2
10.0.0.0/30 is subnetted, 1 subnets
C 10.55.80.0 is directly connected, Vlan4
C 192.168.1.0/24 is directly connected, Vlan1
S* 0.0.0.0/0 [1/0] via 192.168.1.254
SH IP ROUTE of 851
Gateway of last resort is 77.251.146.1 to network 0.0.0.0
192.168.120.0/30 is subnetted, 1 subnets
S 192.168.120.0 is directly connected, Vlan1
172.20.0.0/30 is subnetted, 1 subnets
S 172.20.80.0 is directly connected, Vlan1
77.0.0.0/24 is subnetted, 1 subnets
C 77.251.146.0 is directly connected, FastEthernet4
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
S 10.15.30.1/32 [254/0] via 77.251.146.1, FastEthernet4
S 10.55.80.0/30 is directly connected, Vlan1
C 192.168.1.0/24 is directly connected, Vlan1
S* 0.0.0.0/0 [254/0] via 77.251.146.1
SH IP NAT TRA
Pro Inside global Inside local Outside local Outside global
udp 77.251.146.29:137 10.55.80.2:137 10.15.30.1:137 10.15.30.1:137
udp 77.251.146.29:137 10.55.80.2:137 64.233.175.246:137 64.233.175.246:137
udp 77.251.146.29:137 10.55.80.2:137 72.14.218.61:137 72.14.218.61:137
udp 77.251.146.29:137 10.55.80.2:137 72.14.239.197:137 72.14.239.197:137
udp 77.251.146.29:137 10.55.80.2:137 74.125.77.104:137 74.125.77.104:137
udp 77.251.146.29:137 10.55.80.2:137 84.116.131.9:137 84.116.131.9:137
udp 77.251.146.29:137 10.55.80.2:137 84.116.244.17:137 84.116.244.17:137
udp 77.251.146.29:137 10.55.80.2:137 209.85.248.93:137 209.85.248.93:137
udp 77.251.146.29:137 10.55.80.2:137 209.85.255.110:137 209.85.255.110:137
udp 77.251.146.29:137 10.55.80.2:137 212.142.3.1:137 212.142.3.1:137
udp 77.251.146.29:51984 10.55.80.2:51984 192.168.2.99:161 192.168.2.99:161
tcp 77.251.146.29:49838 192.168.1.1:49838 66.102.13.102:80 66.102.13.102:80
Hope it is any good to you
01-24-2010 01:22 PM
velthovenh wrote:
Hey Jon,
Thanks for helping me out, much appreciated.
Ik took my laptop and hooked it up to Fa0/11 on the switch and configured it with the same ip address as server 10.55.80.2
Here is wat works,
Ping to Default gateway 10.55.80.1 ok
Ping to 851 interface ok
Ping to 851 external ok
But then when i ping 74.15.77.104 which is google.nl it also works fine. (before the change of the "Permit list" it didn't so something started working) Still with the explorer i get no internet access.
Tracing route to 74.125.77.104 over a maximum of 30 hops
1 1 ms <1 ms <1 ms 10.55.80.1
2 1 ms 5 ms 1 ms 192.168.1.254
3 11 ms 9 ms 11 ms 10.15.30.1
4 11 ms 12 ms 16 ms 212.142.3.1
5 17 ms 15 ms 13 ms 84.116.244.17
6 18 ms 13 ms 13 ms 84.116.131.9
7 14 ms 15 ms 18 ms 72.14.218.61
8 18 ms 15 ms 55 ms 209.85.248.93
9 22 ms 15 ms 18 ms 64.233.175.246
10 17 ms 17 ms 22 ms 72.14.239.197
11 26 ms 33 ms 45 ms 209.85.255.110
12 22 ms 17 ms 25 ms 74.125.77.104Trace complete.
SH IP ROUTE of 3550
Gateway of last resort is 192.168.1.254 to network 0.0.0.0
192.168.120.0/30 is subnetted, 1 subnets
C 192.168.120.0 is directly connected, Vlan3
172.20.0.0/30 is subnetted, 1 subnets
C 172.20.80.0 is directly connected, Vlan2
10.0.0.0/30 is subnetted, 1 subnets
C 10.55.80.0 is directly connected, Vlan4
C 192.168.1.0/24 is directly connected, Vlan1
S* 0.0.0.0/0 [1/0] via 192.168.1.254SH IP ROUTE of 851
Gateway of last resort is 77.251.146.1 to network 0.0.0.0
192.168.120.0/30 is subnetted, 1 subnets
S 192.168.120.0 is directly connected, Vlan1
172.20.0.0/30 is subnetted, 1 subnets
S 172.20.80.0 is directly connected, Vlan1
77.0.0.0/24 is subnetted, 1 subnets
C 77.251.146.0 is directly connected, FastEthernet4
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
S 10.15.30.1/32 [254/0] via 77.251.146.1, FastEthernet4
S 10.55.80.0/30 is directly connected, Vlan1
C 192.168.1.0/24 is directly connected, Vlan1
S* 0.0.0.0/0 [254/0] via 77.251.146.1SH IP NAT TRA
Pro Inside global Inside local Outside local Outside global
udp 77.251.146.29:137 10.55.80.2:137 10.15.30.1:137 10.15.30.1:137
udp 77.251.146.29:137 10.55.80.2:137 64.233.175.246:137 64.233.175.246:137
udp 77.251.146.29:137 10.55.80.2:137 72.14.218.61:137 72.14.218.61:137
udp 77.251.146.29:137 10.55.80.2:137 72.14.239.197:137 72.14.239.197:137
udp 77.251.146.29:137 10.55.80.2:137 74.125.77.104:137 74.125.77.104:137
udp 77.251.146.29:137 10.55.80.2:137 84.116.131.9:137 84.116.131.9:137
udp 77.251.146.29:137 10.55.80.2:137 84.116.244.17:137 84.116.244.17:137
udp 77.251.146.29:137 10.55.80.2:137 209.85.248.93:137 209.85.248.93:137
udp 77.251.146.29:137 10.55.80.2:137 209.85.255.110:137 209.85.255.110:137
udp 77.251.146.29:137 10.55.80.2:137 212.142.3.1:137 212.142.3.1:137
udp 77.251.146.29:51984 10.55.80.2:51984 192.168.2.99:161 192.168.2.99:161
tcp 77.251.146.29:49838 192.168.1.1:49838 66.102.13.102:80 66.102.13.102:80Hope it is any good to you
Just a quick question. You can ping google.nl so NAT and routing are working.
What happens if you try to access google.nl in your web browser but use the IP rather than the name ie.
Jon
01-24-2010 01:34 PM
Hey Jon,
Ik kinda feel like scratch @ the moment because it started working once i filled in the DNS information on the windows client. How could i forget such easy thing.
So you helped after al, especially with the ACL list. 0.0.0.3 because that did the trick.
Again thank you very much and i hope one day to help some else to when i get more experience, time will tell.
Greetings
Henk Velthoven
01-24-2010 01:43 PM
velthovenh wrote:
Hey Jon,
Ik kinda feel like scratch @ the moment because it started working once i filled in the DNS information on the windows client. How could i forget such easy thing.
So you helped after al, especially with the ACL list. 0.0.0.3 because that did the trick.
Again thank you very much and i hope one day to help some else to when i get more experience, time will tell.
Greetings
Henk Velthoven
Henk
No problem, glad to have helped. And also would like to say that you provided exactly the right information in your initial post which helped us to sort it out very quickly.
Jon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide