Re: Lan can't ping wan

mattmacnish · ‎01-25-2011

I'm setting up an 1841 as a basic router for now and I cant get it to work.

Config

Current configuration : 1608 bytes
!
! Last configuration change at 00:29:28 UTC Thu Jan 1 1970 by pcl
!
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname PCL-GW1
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$J/bR$l/tjxfPKDU0GG5Q8WIY6v1
enable password 7 142313000956072A3C
!
aaa new-model
!
!
aaa authentication login local_auth local
!
!
!
!
!
aaa session-id common
!
!
!
dot11 syslog
ip source-route
!
!
!
!
ip cef
ip domain name pcl.net
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
license udi pid CISCO1841 sn FTX1120Z046
username pcl privilege 15 password 7 15260A070178062530
!
redundancy
!
!
ip ssh authentication-retries 5
ip ssh version 2
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 10.79.4.251 255.255.255.0
ip nat inside
ip virtual-reassembly
speed auto
full-duplex
no mop enabled
!
!
interface FastEthernet0/1
ip address 96.X.X.3 255.255.255.248
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat pool pcl-1 10.79.4.1 10.79.4.255 netmask 255.255.255.0
ip nat pool cblvision-1 96.X.X.2 96.X.X.5 netmask 255.255.255.248
ip nat inside source list 1 pool cblvision-1
ip nat outside source list 1 pool pcl-1
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1 96.56.203.1
!
access-list 1 permit 10.79.4.0
access-list 1 permit 10.79.4.0 0.0.0.255
!
!
!
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line vty 0 4
password 7 133116190E5E292B33
login authentication local_auth
!
scheduler allocate 20000 1000
end

What am I missing?

I can ping 4.2.2.2 but when I ping 4.2.2.2 source 10.79.4.251 nothing goes through.

cadet alain · ‎01-25-2011

Hi,

I can ping 4.2.2.2 but when I ping 4.2.2.2 source 10.79.4.251 nothing goes through.

your source address is an RFC1918 ip address so not routeable on the internet so it is normal it is not working.

Regards.

Alain.

Don't forget to rate helpful posts.

mattmacnish · ‎01-25-2011

I dont need it routable "on the internet".

What is missing to get my lan to communicate with the wan?

milan.kulik · ‎01-25-2011

Hi,

NAT is not applied on a traffic sent by the router itself, is it?

So 4.2.2.2 can't reply to the 10.79.4.251 source IP address.

HTH,

Milan

mattmacnish · ‎01-25-2011

Isn't this it?

ip nat pool pcl-1 10.79.4.1 10.79.4.255 netmask 255.255.255.0
ip nat pool cblvision-1 96.X.X.2 96.X.X.5 netmask 255.255.255.248
ip nat inside source list 1 pool cblvision-1
ip nat outside source list 1 pool pcl-1

milan.kulik · ‎01-25-2011

Hi,

you've configured:

interface FastEthernet0/0
ip address 10.79.4.251 255.255.255.0
ip nat inside

But when you issue

ping 4.2.2.2 source 10.79.4.251

the packet is not received on the interface FastEthernet0/0.

So NAT is not applied on the outgoing packet, the packet is sent out to the Internet with the original source IP address 10.79.4.251.

Am I clear now?

BR,

Milan

mattmacnish · ‎01-25-2011

No.

So whats missing thats preventing the router from routing traffic to the wan and back?

Shouldn't

ip route 0.0.0.0 0.0.0.0 FastEthernet0/1 96.56.203.1

Take care of this?

My pc on my lan can access my 1841 from the lan, so the lan is communicating with the router, and the router can communicate with the wan. But my pc can't communicate with the wan.

This is my first go around with Cisco so all I want is this to function like a simple router, allow the lan to the internet.

davidbranka · ‎01-25-2011

How about instead of

ip route 0.0.0.0 0.0.0.0 FastEthernet0/1 96.56.203.1

use

ip route 0.0.0.0 0.0.0.0 FastEthernet0/1

mattmacnish · ‎01-25-2011

I've tried that as well as

ip route 0.0.0.0 0.0.0.0 96.56.203.1

Same result

milan.kulik · ‎01-25-2011

OK, so far I was explaining why you can't Ping to the Internet from your router using the LAN IP address.

Now regarding access from your LAN:

Why don't you use some simple NAT configuration?

Like

ip nat inside source list 1 interface FastEthernet0/1 overload

instead of

ip nat pool pcl-1 10.79.4.1 10.79.4.255 netmask 255.255.255.0
ip nat pool cblvision-1 96.X.X.2 96.X.X.5 netmask 255.255.255.248
ip nat inside source list 1 pool cblvision-1
ip nat outside source list 1 pool pcl-1

?

See http://www.cisco.com/image/gif/paws/13772/12.pdf

for example configurations.

BR,

Milan