- Cisco Community
- Technology and Support
- Networking
- Routing
- Re: My WAN interface is not reachable (CISCO 1811 router).
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
My WAN interface is not reachable (CISCO 1811 router).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-24-2012 07:36 AM - edited 03-04-2019 04:27 PM
My router has two WAN Interfaces :
I use the f1 for all my vlans (16). Internally, all things work. All my vlans are reachables and can ping my internals LAN subinterfaces (f1.1, f1.2, etc.).
But my WAN still stay unreacheable. Here is it config :
Has you can see on my show interface commande, FastEthernet0 is up, line protocol is up
# show interface
FastEthernet0 is up, line protocol is up
Hardware is PQ3_TSEC, address is c471.fe2f.acc6 (bia c471.fe2f.acc6)
Internet address is w.x.y.18/29
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:09, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 1 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
5027 packets input, 462139 bytes
Received 1479 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog
0 input packets with dribble condition detected
1206 packets output, 73180 bytes, 0 underruns
0 output errors, 0 collisions, 2 interface resets
5 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
# show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is w.x.y.17 to network 0.0.0.0
w.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C w.x.y.16/29 is directly connected, FastEthernet0
S w.0.0.0/8 [1/0] via w.x.y.16
10.0.0.0/24 is subnetted, 14 subnets
C 10.10.1.0 is directly connected, FastEthernet1.1
C 10.10.2.0 is directly connected, FastEthernet1.2
C 10.10.3.0 is directly connected, FastEthernet1.3
C 10.10.4.0 is directly connected, FastEthernet1.4
C 10.10.5.0 is directly connected, FastEthernet1.5
C 10.10.6.0 is directly connected, FastEthernet1.6
C 10.10.7.0 is directly connected, FastEthernet1.7
C 10.10.8.0 is directly connected, FastEthernet1.8
C 10.10.9.0 is directly connected, FastEthernet1.9
C 10.10.10.0 is directly connected, FastEthernet1.10
C 10.10.11.0 is directly connected, FastEthernet1.11
C 10.10.12.0 is directly connected, FastEthernet1.12
C 10.10.13.0 is directly connected, FastEthernet1.13
C 10.10.14.0 is directly connected, FastEthernet1.14
# sho ip nat stat
Total active translations: 6 (2 static, 4 dynamic; 4 extended)
Peak translations: 7, occurred 00:46:39 ago
Outside interfaces:
FastEthernet0
Inside interfaces:
FastEthernet1.1, FastEthernet1.2, FastEthernet1.3, FastEthernet1.4
FastEthernet1.5, FastEthernet1.6, FastEthernet1.7, FastEthernet1.8
FastEthernet1.9, FastEthernet1.10, FastEthernet1.11, FastEthernet1.12
FastEthernet1.13, FastEthernet1.14
# show run
...
dot11 syslog
ip source-route
!
!
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool ccp-pool
import all
network 10.10.10.0 255.255.255.248
default-router 10.10.10.1
lease 0 2
!
!
ip cef
no ip domain lookup
ip domain name unikis.cd
ip name-server 10.10.1.3
ip name-server w.x.y.17
ip name-server a.b.c.d
ip name-server 10.10.1.4
ip dhcp-server 10.10.1.3
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
username root privilege 15 secret 5 $1$f5k4$q3SYzlWss5D04R5ttstcU.
...
!
interface FastEthernet0
ip address w.x.y.18 255.255.255.248
ip access-group 112 in
ip verify unicast source reachable-via any
ip helper-address w.x.y.17
ip helper-address a.b.c.d
no ip unreachables
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet1
no ip address
ip nat allow-static-host
ip nat enable
duplex auto
speed auto
!
interface FastEthernet1.1
encapsulation dot1Q 1 native
ip address 10.10.1.1 255.255.255.0
ip helper-address 10.10.1.3
ip nat inside
ip virtual-reassembly
no cdp enable
!
...
!
interface Async1
no ip address
encapsulation slip
!
ip default-gateway 10.10.1.1
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 w.x.y.17
ip route w.0.0.0 255.0.0.0 w.x.y.16
ip route w.0.0.0 255.0.0.0 w.x.y.16
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
But the f0 still stay unreacheable. Not even self pings do work.
Help, please !!!!!!!
- Labels:
-
Other Routers
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-24-2012 08:00 AM
First thing I'd check, is to see if the ACL you have applied to that interface is causing a connectivity problem (remove it temporarily to confirm). Next I'd check your network mask on that interface and make sure it matches the upstream router.
-Chris
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-24-2012 08:53 AM
Thanks for you answer Chris.
Nothing change when removing the ACL.
The ip adress and mask was used on a small linksys router : E3200 (I have access to Internet if I use it). The network address is 85.31.68.16/29. Even if you ping my gateway it works, but on my router (WAN interface) I have an ICMP unreachable message (even self ping on the router doesn't work). I have the same message when i ping it from an other computer (on wan side) ?!!!!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-24-2012 10:47 AM
try this.
Remove
ip verify unicast source reachable-via any
ip nat outside
from Fa0/0
just for test and see if it makes any difference
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-26-2012 01:09 PM
Thanks for all. Just changing the interface (Fa1 for WAN and Fa0 for subnetting) the problem was resolved. I don't understand but this was the solution. Now I can ping all my interface but I reach an other problem : (external) DNS and NAT overload (PAT) do not work. (I must replace my linsys by my cisco 1811).
Here are my configuration and the test I did :
current configuration : 7853 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname MAIN
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
...
!
no aaa new-model
!
!
dot11 syslog
ip source-route
!ip cef
ip name-server 10.10.1.3
ip name-server 10.10.1.4
ip name-server 85.31.68.17
ip name-server 80.251.0.4
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
archive
log config
hidekeys
!
!
interface FastEthernet0
interface FastEthernet0
no ip address
duplex auto
speed auto
!
interface FastEthernet0.1
encapsulation dot1Q 1 native
ip address 10.10.1.1 255.255.255.0
ip access-group 111 in
ip helper-address 10.10.1.3
ip helper-address 10.10.1.4
ip helper-address 85.31.68.17
ip helper-address 80.251.0.4
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0.2
encapsulation dot1Q 2
ip address 10.10.2.1 255.255.255.0
ip access-group 111 in
ip helper-address 10.10.1.3
ip helper-address 10.10.1.4
ip nat inside
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0.3
encapsulation dot1Q 3
ip address 10.10.3.1 255.255.255.0
ip access-group 111 in
ip helper-address 10.10.1.3
ip helper-address 10.10.1.4
ip nat inside
ip virtual-reassembly
!
...
interface FastEthernet1
ip address 85.31.68.18 255.255.255.248
ip access-group 112 in
ip helper-address 85.31.68.17
ip helper-address 80.251.0.4
ip helper-address 85.31.68.20
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
!
ip default-gateway 85.31.68.17
ip forward-protocol nd
ip route 85.0.0.0 255.0.0.0 85.31.68.16
ip route 85.31.68.16 255.255.255.248 FastEthernet1
no ip http server
no ip http secure-server
!
!
ip nat source static 10.10.1.3 85.31.68.20
ip nat inside source list 111 interface FastEthernet1 overload
ip nat inside source static 10.10.1.2 85.65.30.19
ip nat inside source static 10.10.1.3 85.65.30.20
!
access-list 111 permit ip 10.10.1.0 0.0.0.255 any
access-list 111 permit udp 10.10.1.0 0.0.0.255 85.31.68.0 0.0.0.248 eq domain
access-list 111 permit ip host 10.10.1.3 any
access-list 111 permit icmp any any
access-list 111 permit tcp any 85.31.68.16 0.0.0.7 eq www
access-list 111 permit tcp any 85.31.68.16 0.0.0.7 eq 8080
access-list 111 permit tcp any 85.31.68.16 0.0.0.7 eq pop3
access-list 111 permit tcp any 85.31.68.16 0.0.0.7 eq 22
access-list 111 permit udp any 85.31.68.16 0.0.0.7 eq domain
access-list 111 permit tcp any 85.31.68.16 0.0.0.7 eq telnet
access-list 111 permit tcp any 85.31.68.16 0.0.0.7 eq smtp
access-list 111 permit tcp any 85.31.68.16 0.0.0.7 eq 143
access-list 111 permit tcp any 85.31.68.16 0.0.0.7 eq 123
access-list 111 permit udp any 85.31.68.16 0.0.0.7 eq ntp
access-list 111 permit udp any 85.31.68.16 0.0.0.7 eq snmp
access-list 111 permit tcp any 85.31.68.16 0.0.0.7 eq 443
access-list 111 permit tcp any 85.31.68.16 0.0.0.7 eq ftp-data
access-list 111 permit tcp any 85.31.68.16 0.0.0.7 eq ftp
access-list 111 permit tcp any host 10.10.1.2 eq www
access-list 111 permit tcp any host 10.10.1.2 eq 8080
access-list 111 permit tcp any host 10.10.1.2 eq pop3
access-list 111 permit tcp any host 10.10.1.2 eq 443
access-list 111 permit tcp any host 10.10.1.2 eq 143
access-list 111 permit tcp any host 10.10.1.2 eq 22
access-list 111 permit udp any host 10.10.1.3 eq domain
access-list 111 permit tcp any host 10.10.1.2 eq 445
access-list 111 permit udp any host 10.10.1.3 eq bootps
ccess-list 111 permit udp any host 10.10.1.3 eq bootpc
access-list 111 permit udp any host 10.10.1.3 eq 389
access-list 111 permit tcp any host 10.10.1.3 eq 389
access-list 111 permit tcp any host 10.10.1.3 eq 636
access-list 111 permit icmp any host 10.10.1.3
access-list 111 permit ip host 10.10.2.26 any
access-list 111 permit ip host 10.10.2.25 any
access-list 111 permit udp any 10.10.1.0 0.0.0.255 eq bootps
access-list 111 permit udp any 10.10.1.0 0.0.0.255 eq bootpc
access-list 111 permit tcp any 10.10.1.0 0.0.0.255 eq 68
access-list 111 permit tcp any 10.10.1.0 0.0.0.255 eq 67
access-list 112 permit tcp any 85.31.68.16 0.0.0.7 eq www
access-list 112 permit tcp any 85.31.68.16 0.0.0.7 eq 8080
access-list 112 permit tcp any 85.31.68.16 0.0.0.7 eq 22
access-list 112 permit tcp any 85.31.68.16 0.0.0.7 eq 443
access-list 112 permit udp any 85.31.68.16 0.0.0.7 eq domain
access-list 112 permit icmp any 85.31.68.16 0.0.0.7
access-list 112 permit icmp any 0.0.0.2 255.255.255.248
access-list 113 permit ip host 10.10.1.3 any
!
!
TEST :
------
MAIN#sho ip nat statist
Total active translations: 40 (2 static, 38 dynamic; 38 extended)
Peak translations: 45, occurred 00:01:35 ago
Outside interfaces:
FastEthernet1
Inside interfaces:
FastEthernet0.1, FastEthernet0.2, FastEthernet0.3, FastEthernet0.4
FastEthernet0.5, FastEthernet0.6, FastEthernet0.7, FastEthernet0.8
FastEthernet0.9, FastEthernet0.10, FastEthernet0.11, FastEthernet0.12
FastEthernet0.13, FastEthernet0.14, FastEthernet0.15, FastEthernet0.16
Hits: 1252 Misses: 0
CEF Translated packets: 556, CEF Punted packets: 431
Expired translations: 250
Dynamic mappings:
-- Inside Source
[Id: 1] access-list 111 interface FastEthernet1 refcount 28
Appl doors: 0
Normal doors: 0
Queued Packets: 0
MAIN#debug ip nat
IP NAT debugging is on
MAIN#
*May 25 15:41:33.363: NAT: s=10.10.1.3->85.65.30.20, d=85.31.68.17 [46997]
*May 25 15:41:33.731: NAT*: s=10.10.1.3->85.65.30.20, d=85.31.68.17 [0]
*May 25 15:41:33.955: NAT: expiring 85.31.68.18 (10.10.1.58) udp 49743 (49743)
*May 25 15:41:33.955: NAT: expiring 85.31.68.18 (85.31.68.18) udp 1133 (49743)
*May 25 15:41:34.035: NAT: s=10.10.1.3->85.65.30.20, d=85.31.68.17 [46998]
MAIN#
*May 25 15:41:34.739: NAT*: s=10.10.1.3->85.65.30.20, d=85.31.68.17 [0]
MAIN#
*May 25 15:41:35.747: NAT*: s=10.10.1.3->85.65.30.20, d=85.31.68.17 [0]
*May 25 15:42:05.367: NAT: s=10.10.1.58->85.31.68.18, d=85.31.68.17 [19340]
*May 25 15:42:05.711: NAT: expiring 85.31.68.18 (10.10.1.58) udp 57847 (57847)
*May 25 15:42:05.711: NAT: expiring 85.31.68.18 (85.31.68.18) udp 1137 (57847)
*May 25 15:42:05.987: NAT*: s=10.10.1.3->85.65.30.20, d=85.31.68.17 [0]
*May 25 15:42:06.995: NAT*: s=10.10.1.3->85.65.30.20, d=85.31.68.17 [0]
*May 25 15:42:07.083: NAT: s=10.10.1.58->85.31.68.18, d=85.31.68.17 [19347]
*May 25 15:42:07.555: NAT: s=10.10.1.58->85.31.68.18, d=85.31.68.17 [19351]
*May 25 15:42:07.759: NAT: expiring 85.65.30.20 (10.10.1.3) udp 25102 (25102)
*May 25 15:42:07.759: NAT: expiring 85.31.68.18 (10.10.1.58) udp 62831 (62831)
*May 25 15:42:07.759: NAT: expiring 85.31.68.18 (85.31.68.18) udp 1138 (62831)
MAIN#
*May 25 15:42:46.983: NAT*: s=10.10.1.58->85.31.68.18, d=85.31.68.17 [19579]
*May 25 15:42:46.983: NAT*: s=85.31.68.17, d=85.31.68.18->10.10.1.58 [37775]
*May 25 15:42:47.983: NAT*: s=10.10.1.58->85.31.68.18, d=85.31.68.17 [19588]
*May 25 15:42:47.983: NAT*: s=85.31.68.17, d=85.31.68.18->10.10.1.58 [37776]
MAIN#ping 85.31.68.17
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 85.31.68.17, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
MAIN#ping 173.194.69.94
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 173.194.69.94, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
MAIN#ping google.fr
Translating "google.fr"...domain server (10.10.1.3) (10.10.1.4) (85.31.68.17) (8
0.251.0.4)
% Unrecognized host or address, or protocol not running.
MAIN#show ip route
...
Gateway of last resort is not set
85.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 85.31.68.16/29 is directly connected, FastEthernet1
S 85.0.0.0/8 [1/0] via 85.31.68.16
10.0.0.0/24 is subnetted, 16 subnets
C 10.10.1.0 is directly connected, FastEthernet0.1
C 10.10.2.0 is directly connected, FastEthernet0.2
C 10.10.3.0 is directly connected, FastEthernet0.3
...
MAIN#show protocol
Global values:
Internet Protocol routing is enabled
Async1 is down, line protocol is down
FastEthernet0 is up, line protocol is up
FastEthernet0.1 is up, line protocol is up
Internet address is 10.10.1.1/24
FastEthernet0.2 is up, line protocol is up
Internet address is 10.10.2.1/24
FastEthernet0.3 is up, line protocol is up
Internet address is 10.10.3.1/24
...
FastEthernet1 is up, line protocol is up
Internet address is 85.31.68.18/29
Vlan1 is up, line protocol is down
Is there anything wrong ? :-(
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide
