05-18-2020 11:33 AM
I am fairly new to setting up networks but I am currently stuck trying to get out to the external internet. Right now I can ping from my internal network all the way to the gateway on the firewall but I cant can get any farther then that. My LAN network is on the 192.200.14.x.x and vlsm through out then the network my firewall is on the 192.175.20.x network.
R1#sh run
Building configuration...
Current configuration : 4740 bytes
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
no platform punt-keepalive disable-kernel-core
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
!
no aaa new-model
!
!
!
!ip host BKDC 192.200.16.228
ip name-server 192.200.16.228
ip dhcp excluded-address 192.200.14.1 192.200.14.3
ip dhcp excluded-address 192.200.15.254
ip dhcp excluded-address 192.200.16.1 192.200.16.5
ip dhcp excluded-address 192.200.16.126
ip dhcp excluded-address 192.200.16.129 192.200.16.138
ip dhcp excluded-address 192.200.16.190
ip dhcp excluded-address 192.200.16.193 192.200.16.194
ip dhcp excluded-address 192.200.16.222
ip dhcp excluded-address 192.200.16.225 192.200.16.228
ip dhcp excluded-address 192.200.16.238
ip dhcp excluded-address 192.200.16.241 192.200.16.244
ip dhcp excluded-address 192.200.16.254
!
ip dhcp pool GUEST-TEST-1
network 192.200.14.0 255.255.254.0
default-router 192.200.15.254
dns-server 192.200.16.228
domain-name SEAM.local
lease 1 1 10
!
ip dhcp pool WAREHOUSE-LAN-2
network 192.200.16.0 255.255.255.128
default-router 192.200.16.126
dns-server 192.200.16.228
domain-name SEAM.local
lease 1 1 10
!
ip dhcp pool OFFICE-LAN-3
network 192.200.16.128 255.255.255.192
default-router 192.200.16.190
dns-server 192.200.16.228
domain-name SEAM.local
lease 1 1 10
!
ip dhcp pool W_AP1
host 192.200.16.3 255.255.255.128
client-identifier 01e0.63da.33c8.69
dns-server 192.200.16.228
domain-name SEAM.local
default-router 192.200.16.126
!
ip dhcp pool W_AP2
host 192.200.16.4 255.255.255.128
client-identifier 01e0.63da.33b8.f4
dns-server 192.200.16.22
domain-name SEAM.local
default-router 192.200.16.126
!
ip dhcp pool T/G_AP1
host 192.200.14.3 255.255.254.0
client-identifier 01e0.63da.33da.40
dns-server 192.200.16.228
domain-name SEAM.local
default-router 192.200.15.254
!
!
subscriber templating
!
multilink bundle-name authenticated
!
license udi pid ISR4321/K9 sn FDO21080T13
license boot suite FoundationSuiteK9
license boot suite AdvUCSuiteK9
!
spanning-tree extend system-id
!
!
redundancy
mode none
!
!
vlan internal allocation policy ascending
!
!
interface GigabitEthernet0/0/0
description ****ROUTER ON A STICK INTERFACE*****
no ip address
negotiation auto
!
interface GigabitEthernet0/0/0.5
description ****G/T WIFI and WIRED****
encapsulation dot1Q 5
ip address 192.200.14.1 255.255.254.0
ip nat inside
standby 5 ip 192.200.15.254
standby 5 priority 200
standby 5 preempt
!
interface GigabitEthernet0/0/0.10
description ****WAREHOUSE****
encapsulation dot1Q 10
ip address 192.200.16.1 255.255.255.128
ip nat inside
standby 10 ip 192.200.16.126
standby 10 priority 200
standby 10 preempt
!
interface GigabitEthernet0/0/0.15
description ****OFFICE****
encapsulation dot1Q 15
ip address 192.200.16.129 255.255.255.192
ip nat inside
standby 15 ip 192.200.16.190
standby 15 priority 200
standby 15 preempt
!
interface GigabitEthernet0/0/0.20
description ****RESALE/EVAL****
encapsulation dot1Q 20
ip address 192.200.16.193 255.255.255.224
ip nat inside
standby 20 ip 192.200.16.222
standby 20 priority 200
standby 20 preempt
!
interface GigabitEthernet0/0/0.25
description ****SERVER CLOSET****
encapsulation dot1Q 25
ip address 192.200.16.225 255.255.255.240
ip nat inside
standby 25 ip 192.200.16.238
standby 25 priority 200
standby 25 preempt
!
interface GigabitEthernet0/0/0.30
encapsulation dot1Q 30
ip address 192.200.16.241 255.255.255.240
ip nat inside
standby 30 ip 192.200.16.254
standby 30 priority 200
standby 30 preempt
!
interface GigabitEthernet0/0/1
description ****WAN INTERFACE****
ip address dhcp
ip nat outside
ip access-group TEST_WAN in
standby 2 priority 200
standby 2 preempt
negotiation auto
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
no ip address
shutdown
negotiation auto
!
interface Vlan1
no ip address
shutdown
!
router rip
version 2
network 192.200.0.0
default-information originate
no auto-summary
!
ip forward-protocol nd
no ip http server
no ip http secure-server
ip tftp source-interface GigabitEthernet0
!
!
control-plane
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
banner login ^CAuthorized Personnel Only! Please enter your username and password.^C
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
!
end
05-18-2020 12:04 PM - edited 05-18-2020 12:07 PM
It seems that you are missing a default route so that packages with an unknown destination can go to the internet.
ip route 0.0.0.0 0.0.0.0 dhcp
I also see that NAT is applied to interfaces, but you do not have configured the traffic that will be nated
Regards
05-18-2020 01:54 PM
Hi should the configuration look something along the lines like this?
ip nat inside source list 1 interface GigabitEthernet0/0/0 overload
ip forward-protocol nd
no ip http server
no ip http secure-server
ip tftp source-interface GigabitEthernet0
ip route 0.0.0.0 0.0.0.0 dhcp
!
!
access-list 1 permit 192.200.0.0 0.0.1.255
05-18-2020 02:01 PM - edited 05-18-2020 02:06 PM
Correct, you could try that setting.
You only have to change the exit interface, because that must be the one that points to the internet.
ip nat inside source list 1 interface Gi 0/0/1 overload
interface GigabitEthernet0/0/1
description ****WAN INTERFACE****
ip address dhcp
ip nat outside
ip access-group TEST_WAN in <---You have applied an ACL, but I don't see the arguments for that ACL. If you are not using it, it would be best to remove this line
standby 2 priority 200
standby 2 preempt
negotiation auto
Regards
05-18-2020 02:40 PM
Okay I put the new commands in and got rid of the that on error and I was able to ping google from the router but I wasn't able to ping from my laptop.
C:\Users\Nicholas>ping 192.175.20.82<---Can ping WAN interface on the router
Pinging 192.175.20.82 with 32 bytes of data:
Reply from 192.175.20.82: bytes=32 time<1ms TTL=255
Reply from 192.175.20.82: bytes=32 time<1ms TTL=255
Reply from 192.175.20.82: bytes=32 time<1ms TTL=255
Reply from 192.175.20.82: bytes=32 time<1ms TTL=255
Ping statistics for 192.175.20.82:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
C:\Users\Nicholas>ping 8.8.8.8
Pinging 8.8.8.8 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 8.8.8.8:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/34/38 ms
SEAM_R1#sh run
Building configuration...
Current configuration : 4914 bytes
!
! Last configuration change at 21:44:31 UTC Mon May 18 2020
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
no platform punt-keepalive disable-kernel-core
!
hostname SEAM_R1
!
boot-start-marker
boot-end-marker
!
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
!
no aaa new-model
!
!
!
!
!
!
!
!
!
!
!
ip host BKDC_SEAM 192.200.16.228
ip name-server 192.200.16.228
ip dhcp excluded-address 192.200.14.1 192.200.14.3
ip dhcp excluded-address 192.200.15.254
ip dhcp excluded-address 192.200.16.1 192.200.16.5
ip dhcp excluded-address 192.200.16.126
ip dhcp excluded-address 192.200.16.129 192.200.16.138
ip dhcp excluded-address 192.200.16.190
ip dhcp excluded-address 192.200.16.193 192.200.16.194
ip dhcp excluded-address 192.200.16.222
ip dhcp excluded-address 192.200.16.225 192.200.16.228
ip dhcp excluded-address 192.200.16.238
ip dhcp excluded-address 192.200.16.241 192.200.16.244
ip dhcp excluded-address 192.200.16.254
!
ip dhcp pool GUEST-TEST-1
network 192.200.14.0 255.255.254.0
default-router 192.200.15.254
dns-server 192.200.16.228
domain-name SEAM.local
lease 1 1 10
!
ip dhcp pool WAREHOUSE-LAN-2
network 192.200.16.0 255.255.255.128
default-router 192.200.16.126
dns-server 192.200.16.228
domain-name SEAM.local
lease 1 1 10
!
ip dhcp pool OFFICE-LAN-3
network 192.200.16.128 255.255.255.192
default-router 192.200.16.190
dns-server 192.200.16.228
domain-name SEAM.local
lease 1 1 10
!
ip dhcp pool W_AP1
host 192.200.16.3 255.255.255.128
client-identifier 01e0.63da.33c8.69
dns-server 192.200.16.228
domain-name SEAM.local
default-router 192.200.16.126
!
ip dhcp pool W_AP2
host 192.200.16.4 255.255.255.128
client-identifier 01e0.63da.33b8.f4
dns-server 192.200.16.22
domain-name SEAM.local
default-router 192.200.16.126
!
ip dhcp pool T/G_AP1
host 192.200.14.3 255.255.254.0
client-identifier 01e0.63da.33da.40
dns-server 192.200.16.228
domain-name SEAM.local
default-router 192.200.15.254
!
!
!
!
!
!
!
!
!
!
subscriber templating
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
license udi pid ISR4321/K9 sn FDO21080T13
license boot suite FoundationSuiteK9
license boot suite AdvUCSuiteK9
!
spanning-tree extend system-id
!
!
redundancy
mode none
!
!
!
!
!
vlan internal allocation policy ascending
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0/0
description ****ROUTER ON A STICK INTERFACE*****
no ip address
negotiation auto
!
interface GigabitEthernet0/0/0.5
description ****G/T WIFI and WIRED****
encapsulation dot1Q 5
ip address 192.200.14.1 255.255.254.0
ip nat inside
standby 5 ip 192.200.15.254
standby 5 priority 200
standby 5 preempt
!
interface GigabitEthernet0/0/0.10
description ****WAREHOUSE****
encapsulation dot1Q 10
ip address 192.200.16.1 255.255.255.128
ip nat inside
standby 10 ip 192.200.16.126
standby 10 priority 200
standby 10 preempt
!
interface GigabitEthernet0/0/0.15
description ****OFFICE****
encapsulation dot1Q 15
ip address 192.200.16.129 255.255.255.192
ip nat inside
standby 15 ip 192.200.16.190
standby 15 priority 200
standby 15 preempt
!
interface GigabitEthernet0/0/0.20
description ****RESALE/EVAL****
encapsulation dot1Q 20
ip address 192.200.16.193 255.255.255.224
ip nat inside
standby 20 ip 192.200.16.222
standby 20 priority 200
standby 20 preempt
!
interface GigabitEthernet0/0/0.25
description ****SERVER CLOSET****
encapsulation dot1Q 25
ip address 192.200.16.225 255.255.255.240
ip nat inside
standby 25 ip 192.200.16.238
standby 25 priority 200
standby 25 preempt
!
interface GigabitEthernet0/0/0.30
encapsulation dot1Q 30
ip address 192.200.16.241 255.255.255.240
ip nat inside
standby 30 ip 192.200.16.254
standby 30 priority 200
standby 30 preempt
!
interface GigabitEthernet0/0/1
description ****WAN INTERFACE****
ip address dhcp
ip nat outside
standby 2 priority 200
standby 2 preempt
negotiation auto
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
no ip address
shutdown
negotiation auto
!
interface Vlan1
no ip address
shutdown
!
router rip
version 2
network 192.200.0.0
default-information originate
no auto-summary
!
ip nat inside source list 1 interface GigabitEthernet0/0/1 overload
ip forward-protocol nd
no ip http server
no ip http secure-server
ip tftp source-interface GigabitEthernet0
ip route 0.0.0.0 0.0.0.0 dhcp
!
!
access-list 1 permit 192.200.0.0 0.0.1.255
!
!
!
control-plane
!
!
!
!
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
!
banner login ^CAuthorized Personell Only! Please enter your username and password.^C
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
!
end
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide