cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1972
Views
0
Helpful
11
Replies

ISR 4331: Enable routing?

Baphijmm1
Level 1
Level 1

This is a stupid question, but I've been chasing it around for 24 hours now with no positive answer. This is the best way I've found to specifically ask this question, because frankly it's the only thing I can think might be the issue.

I'm simply trying to enable routing on a 4331 router. The router can see the internet, and devices internal to the router can see the router; however, devices internal to the router cannot see the internet.

I presently have this turned off, but have already tried adding "ip nat inside source list 1 interface GigabitEthernet0/0/0 overload", which seemed to work for about five seconds before everything shut off again. I also at one time had "ip route 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx" set, where the 'x's represent the IP address of the internet gateway; it is set again now, but having this set or not made no difference either. Present running config is thus:

Router#show running-config
Building configuration...

Current configuration : 2059 bytes
!
! Last configuration change at 16:39:50 MST Fri Mar 12 2021
! NVRAM config last updated at 00:41:09 MST Fri Mar 12 2021
!
version 15.5
service timestamps debug uptime
service timestamps log datetime localtime show-timezone
service password-encryption
no service dhcp
no platform punt-keepalive disable-kernel-core
platform hardware throughput level 300000
!
hostname Router
!
boot-start-marker
boot system bootflash:isr4300-universalk9.03.15.03.S.155-2.S3-std.SPA.bin
boot-end-marker
!
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
enable secret 5 XXX
enable password 7 XXX
!
no aaa new-model
clock timezone MST -7 0
clock summer-time MDT recurring
no ip source-route
!
!
!
!
!
!
!
!
!

 

!
!
!
!
!
!
!
!
!
!
subscriber templating
multilink bundle-name authenticated
!
!
!
!
license udi pid XXX
spanning-tree extend system-id
!
!
redundancy
mode none
!
!
vlan internal allocation policy ascending
!
!
!
!
!
!
interface GigabitEthernet0/0/0
description Ethernet Link to External
ip address xxx.xxx.xxx.xxx 255.255.255.0
ip nat outside
speed 1000
no negotiation auto
no cdp enable
!
interface GigabitEthernet0/0/1
description Connection to Internal
ip address yyy.yyy.yyy.yyy 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
speed 1000
no negotiation auto
no cdp enable
!
interface GigabitEthernet0/0/2
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
no ip address
shutdown
negotiation auto
!
interface Vlan1
no ip address
shutdown
!
ip forward-protocol nd
no ip http server
no ip http secure-server
ip tftp source-interface GigabitEthernet0
!
!
access-list 1 permit yyy.yyy.yyy.0 0.0.0.255
!
snmp-server community public RO
!
!
control-plane
!
!
line con 0
password 7 XXX
login
stopbits 1
line aux 0
stopbits 1
line vty 0 4
password 7 XXX
login
transport input none
!
ntp server 192.5.41.40
!
end

 

 

Any thoughts? Ideas, suggestions? Literally anything would be helpful at this point, I feel.

EDIT: Hey uh, so I can't see replies to this anymore, suddenly? And I can't reply to it myself? Was this cut by Cisco or something?

11 Replies 11

Joseph W. Doherty
Hall of Fame
Hall of Fame

Forgot to mention, that had been the case previously as well, and it didn't help. Attempted it again just now, and no change.

From your router, can you ping Internet hosts from both router's IPs (i.e. both internal and external)?

From your interior host(s) can you ping both router's IPs (i.e. both internal and external)?

To answer your question before this thread gets closed again:

I don't know how to try pinging external addresses from the router's internal IP; however, I can confirm that internal devices can see the internal IP, but cannot see the external IP. External devices can see the router's external IP, and the router is able to see external addresses, presumably from the external IP.

"Extended" ping has the feature to use a different interface/IP from the "closest" interface/IP that would normally be used for a ping.

"Extended" ping can be invoked by additional options on the command line or in prompted mode, just enter the command ping.

Alright, with that information, I figured out how to do this. On the router, I do get ping responses from outside addresses, pinged from the inside port; and I get ping responses from inside addresses, pinged from the outside port.

Did you also try pinging the router's external IP from an interior host?

I had before, and I just did again now to be sure; internal hosts cannot ping the router's external IP address.

Hello

Please close this thread you already have a duplicate one open.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

This thread magically disappeared yesterday, which is why I opened the second. I am incredibly surprised to see it magically reappeared while I was asleep.

I... don't see how to close it anywhere.