Need help getting out of the network

nicholasshields · ‎05-18-2020

I am fairly new to setting up networks but I am currently stuck trying to get out to the external internet. Right now I can ping from my internal network all the way to the gateway on the firewall but I cant can get any farther then that. My LAN network is on the 192.200.14.x.x and vlsm through out then the network my firewall is on the 192.175.20.x network.

R1#sh run
Building configuration...

Current configuration : 4740 bytes
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
no platform punt-keepalive disable-kernel-core
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
!
no aaa new-model
!
!
!
!ip host BKDC 192.200.16.228
ip name-server 192.200.16.228

ip dhcp excluded-address 192.200.14.1 192.200.14.3
ip dhcp excluded-address 192.200.15.254
ip dhcp excluded-address 192.200.16.1 192.200.16.5
ip dhcp excluded-address 192.200.16.126
ip dhcp excluded-address 192.200.16.129 192.200.16.138
ip dhcp excluded-address 192.200.16.190
ip dhcp excluded-address 192.200.16.193 192.200.16.194
ip dhcp excluded-address 192.200.16.222
ip dhcp excluded-address 192.200.16.225 192.200.16.228
ip dhcp excluded-address 192.200.16.238
ip dhcp excluded-address 192.200.16.241 192.200.16.244
ip dhcp excluded-address 192.200.16.254
!
ip dhcp pool GUEST-TEST-1
network 192.200.14.0 255.255.254.0
default-router 192.200.15.254
dns-server 192.200.16.228
domain-name SEAM.local
lease 1 1 10
!
ip dhcp pool WAREHOUSE-LAN-2
network 192.200.16.0 255.255.255.128
default-router 192.200.16.126
dns-server 192.200.16.228
domain-name SEAM.local
lease 1 1 10
!
ip dhcp pool OFFICE-LAN-3
network 192.200.16.128 255.255.255.192
default-router 192.200.16.190
dns-server 192.200.16.228
domain-name SEAM.local
lease 1 1 10
!
ip dhcp pool W_AP1
host 192.200.16.3 255.255.255.128
client-identifier 01e0.63da.33c8.69
dns-server 192.200.16.228
domain-name SEAM.local
default-router 192.200.16.126
!
ip dhcp pool W_AP2
host 192.200.16.4 255.255.255.128
client-identifier 01e0.63da.33b8.f4
dns-server 192.200.16.22
domain-name SEAM.local
default-router 192.200.16.126
!
ip dhcp pool T/G_AP1
host 192.200.14.3 255.255.254.0
client-identifier 01e0.63da.33da.40
dns-server 192.200.16.228
domain-name SEAM.local
default-router 192.200.15.254
!
!
subscriber templating
!
multilink bundle-name authenticated
!
license udi pid ISR4321/K9 sn FDO21080T13
license boot suite FoundationSuiteK9
license boot suite AdvUCSuiteK9
!
spanning-tree extend system-id
!
!
redundancy
mode none
!
!
vlan internal allocation policy ascending
!
!
interface GigabitEthernet0/0/0
description ****ROUTER ON A STICK INTERFACE*****
no ip address
negotiation auto
!
interface GigabitEthernet0/0/0.5
description ****G/T WIFI and WIRED****
encapsulation dot1Q 5
ip address 192.200.14.1 255.255.254.0
ip nat inside
standby 5 ip 192.200.15.254
standby 5 priority 200
standby 5 preempt
!
interface GigabitEthernet0/0/0.10
description ****WAREHOUSE****
encapsulation dot1Q 10
ip address 192.200.16.1 255.255.255.128
ip nat inside
standby 10 ip 192.200.16.126
standby 10 priority 200
standby 10 preempt
!
interface GigabitEthernet0/0/0.15
description ****OFFICE****
encapsulation dot1Q 15
ip address 192.200.16.129 255.255.255.192
ip nat inside
standby 15 ip 192.200.16.190
standby 15 priority 200
standby 15 preempt
!
interface GigabitEthernet0/0/0.20
description ****RESALE/EVAL****
encapsulation dot1Q 20
ip address 192.200.16.193 255.255.255.224
ip nat inside
standby 20 ip 192.200.16.222
standby 20 priority 200
standby 20 preempt
!
interface GigabitEthernet0/0/0.25
description ****SERVER CLOSET****
encapsulation dot1Q 25
ip address 192.200.16.225 255.255.255.240
ip nat inside
standby 25 ip 192.200.16.238
standby 25 priority 200
standby 25 preempt
!
interface GigabitEthernet0/0/0.30
encapsulation dot1Q 30
ip address 192.200.16.241 255.255.255.240
ip nat inside
standby 30 ip 192.200.16.254
standby 30 priority 200
standby 30 preempt
!
interface GigabitEthernet0/0/1
description ****WAN INTERFACE****
ip address dhcp
ip nat outside
ip access-group TEST_WAN in
standby 2 priority 200
standby 2 preempt
negotiation auto
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
no ip address
shutdown
negotiation auto
!
interface Vlan1
no ip address
shutdown
!
router rip
version 2
network 192.200.0.0
default-information originate
no auto-summary
!
ip forward-protocol nd
no ip http server
no ip http secure-server
ip tftp source-interface GigabitEthernet0
!
!
control-plane
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
banner login ^CAuthorized Personnel Only! Please enter your username and password.^C
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
!
end

luis_cordova · ‎05-18-2020

Spoiler

Hi @nicholasshields

It seems that you are missing a default route so that packages with an unknown destination can go to the internet.

ip route 0.0.0.0 0.0.0.0 dhcp

I also see that NAT is applied to interfaces, but you do not have configured the traffic that will be nated

Regards

nicholasshields · ‎05-18-2020

Hi should the configuration look something along the lines like this?

ip nat inside source list 1 interface GigabitEthernet0/0/0 overload
ip forward-protocol nd
no ip http server
no ip http secure-server
ip tftp source-interface GigabitEthernet0
ip route 0.0.0.0 0.0.0.0 dhcp
!
!
access-list 1 permit 192.200.0.0 0.0.1.255

luis_cordova · ‎05-18-2020

Hi @nicholasshields

Correct, you could try that setting.

You only have to change the exit interface, because that must be the one that points to the internet.

ip nat inside source list 1 interface Gi 0/0/1 overload

interface GigabitEthernet0/0/1
description ****WAN INTERFACE****
ip address dhcp
ip nat outside
ip access-group TEST_WAN in <---You have applied an ACL, but I don't see the arguments for that ACL. If you are not using it, it would be best to remove this line
standby 2 priority 200
standby 2 preempt
negotiation auto

Regards

nicholasshields · ‎05-18-2020

Okay I put the new commands in and got rid of the that on error and I was able to ping google from the router but I wasn't able to ping from my laptop.

C:\Users\Nicholas>ping 192.175.20.82<---Can ping WAN interface on the router

Pinging 192.175.20.82 with 32 bytes of data:
Reply from 192.175.20.82: bytes=32 time<1ms TTL=255
Reply from 192.175.20.82: bytes=32 time<1ms TTL=255
Reply from 192.175.20.82: bytes=32 time<1ms TTL=255
Reply from 192.175.20.82: bytes=32 time<1ms TTL=255

Ping statistics for 192.175.20.82:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\Users\Nicholas>ping 8.8.8.8

Pinging 8.8.8.8 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 8.8.8.8:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/34/38 ms

SEAM_R1#sh run
Building configuration...

Current configuration : 4914 bytes
!
! Last configuration change at 21:44:31 UTC Mon May 18 2020
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
no platform punt-keepalive disable-kernel-core
!
hostname SEAM_R1
!
boot-start-marker
boot-end-marker
!
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
!
no aaa new-model
!
!
!
!
!
!
!
!
!
!
!

ip host BKDC_SEAM 192.200.16.228
ip name-server 192.200.16.228

ip dhcp excluded-address 192.200.14.1 192.200.14.3
ip dhcp excluded-address 192.200.15.254
ip dhcp excluded-address 192.200.16.1 192.200.16.5
ip dhcp excluded-address 192.200.16.126
ip dhcp excluded-address 192.200.16.129 192.200.16.138
ip dhcp excluded-address 192.200.16.190
ip dhcp excluded-address 192.200.16.193 192.200.16.194
ip dhcp excluded-address 192.200.16.222
ip dhcp excluded-address 192.200.16.225 192.200.16.228
ip dhcp excluded-address 192.200.16.238
ip dhcp excluded-address 192.200.16.241 192.200.16.244
ip dhcp excluded-address 192.200.16.254
!
ip dhcp pool GUEST-TEST-1
network 192.200.14.0 255.255.254.0
default-router 192.200.15.254
dns-server 192.200.16.228
domain-name SEAM.local
lease 1 1 10
!
ip dhcp pool WAREHOUSE-LAN-2
network 192.200.16.0 255.255.255.128
default-router 192.200.16.126
dns-server 192.200.16.228
domain-name SEAM.local
lease 1 1 10
!
ip dhcp pool OFFICE-LAN-3
network 192.200.16.128 255.255.255.192
default-router 192.200.16.190
dns-server 192.200.16.228
domain-name SEAM.local
lease 1 1 10
!
ip dhcp pool W_AP1
host 192.200.16.3 255.255.255.128
client-identifier 01e0.63da.33c8.69
dns-server 192.200.16.228
domain-name SEAM.local
default-router 192.200.16.126
!
ip dhcp pool W_AP2
host 192.200.16.4 255.255.255.128
client-identifier 01e0.63da.33b8.f4
dns-server 192.200.16.22
domain-name SEAM.local
default-router 192.200.16.126
!
ip dhcp pool T/G_AP1
host 192.200.14.3 255.255.254.0
client-identifier 01e0.63da.33da.40
dns-server 192.200.16.228
domain-name SEAM.local
default-router 192.200.15.254
!
!
!
!
!
!
!
!
!
!
subscriber templating
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
license udi pid ISR4321/K9 sn FDO21080T13
license boot suite FoundationSuiteK9
license boot suite AdvUCSuiteK9
!
spanning-tree extend system-id
!
!
redundancy
mode none
!
!
!
!
!
vlan internal allocation policy ascending
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0/0
description ****ROUTER ON A STICK INTERFACE*****
no ip address
negotiation auto
!
interface GigabitEthernet0/0/0.5
description ****G/T WIFI and WIRED****
encapsulation dot1Q 5
ip address 192.200.14.1 255.255.254.0
ip nat inside
standby 5 ip 192.200.15.254
standby 5 priority 200
standby 5 preempt
!
interface GigabitEthernet0/0/0.10
description ****WAREHOUSE****
encapsulation dot1Q 10
ip address 192.200.16.1 255.255.255.128
ip nat inside
standby 10 ip 192.200.16.126
standby 10 priority 200
standby 10 preempt
!
interface GigabitEthernet0/0/0.15
description ****OFFICE****
encapsulation dot1Q 15
ip address 192.200.16.129 255.255.255.192
ip nat inside
standby 15 ip 192.200.16.190
standby 15 priority 200
standby 15 preempt
!
interface GigabitEthernet0/0/0.20
description ****RESALE/EVAL****
encapsulation dot1Q 20
ip address 192.200.16.193 255.255.255.224
ip nat inside
standby 20 ip 192.200.16.222
standby 20 priority 200
standby 20 preempt
!
interface GigabitEthernet0/0/0.25
description ****SERVER CLOSET****
encapsulation dot1Q 25
ip address 192.200.16.225 255.255.255.240
ip nat inside
standby 25 ip 192.200.16.238
standby 25 priority 200
standby 25 preempt
!
interface GigabitEthernet0/0/0.30
encapsulation dot1Q 30
ip address 192.200.16.241 255.255.255.240
ip nat inside
standby 30 ip 192.200.16.254
standby 30 priority 200
standby 30 preempt
!
interface GigabitEthernet0/0/1
description ****WAN INTERFACE****
ip address dhcp
ip nat outside
standby 2 priority 200
standby 2 preempt
negotiation auto
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
no ip address
shutdown
negotiation auto
!
interface Vlan1
no ip address
shutdown
!
router rip
version 2
network 192.200.0.0
default-information originate
no auto-summary
!
ip nat inside source list 1 interface GigabitEthernet0/0/1 overload
ip forward-protocol nd
no ip http server
no ip http secure-server
ip tftp source-interface GigabitEthernet0
ip route 0.0.0.0 0.0.0.0 dhcp
!
!
access-list 1 permit 192.200.0.0 0.0.1.255
!
!
!
control-plane
!
!
!
!
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
!
banner login ^CAuthorized Personell Only! Please enter your username and password.^C
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
!
end