Solved: Trouble with Cisco 881 connecting to internet

CSCO12052693 · ‎07-27-2012

I have a Newly addedCisco 881 connected to a firewall, which is connected to DSL. We added it for wireless and when wireless clients connect to the network (using standalone APs) they are able to ping everything on the 192.168.88.0 network. They can also ping the firewall 10.0.88.1, but only because it's on the same network as port fa4. It sounds to me like there is a problem with my default routes, but they seem right, and I've tried different methods for this. Here is the running-config on my 881, please help!

Wireless_881#show run
Building configuration...

Current configuration : 3679 bytes
!
! Last configuration change at 15:45:48 UTC Fri Jul 27 2012
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Wireless_881
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
enable secret 4 Ng0lbQgI3BKsMMXv78pz6UP80gaDVrhUBQB3XKZMl3M
!
no aaa new-model
memory-size iomem 10
!
crypto pki trustpoint TP-self-signed-1620898290
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1620898290
revocation-check none
rsakeypair TP-self-signed-1620898290
!
!
crypto pki certificate chain TP-self-signed-1620898290
certificate self-signed 01
3082025A 308201C3 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31363230 38393832 3930301E 170D3132 30373132 31353431
30365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 36323038
39383239 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100ED42 50BD2E07 D6A61E1C 7A8C236F 5499F47D 0FF2F1AC 23657162 66769F02
92921298 C4E68A84 B90B572D 300C6653 ADAB41F2 005F1544 122C99DF 16AA1F01
D3DC117D B92750F5 F6C2D4CE D6D173C5 A197E9C2 7B5EEF9B 4B2404BD D8243ABB
14EFF08B 21DE9D0A B11610EB 624E3B22 60212253 17BA1C73 DE86D7B8 EFD5771E
18B90203 010001A3 8181307F 300F0603 551D1301 01FF0405 30030101 FF302C06
03551D11 04253023 82215769 72656C65 73735F38 38312E70 616C6D65 74746F63
6974697A 656E732E 6F726730 1F060355 1D230418 30168014 BDFA0DBF FE8B72A7
9B2D214C 466C1EDF 33D2FA3F 301D0603 551D0E04 160414BD FA0DBFFE 8B72A79B
2D214C46 6C1EDF33 D2FA3F30 0D06092A 864886F7 0D010104 05000381 8100E0EF
6D122A92 75ABE448 620EEDAD 131569D2 05BEB6D9 FA77DF2F 87FD464F 8111454F
CAE20CC2 580C8DC8 421065CD 00722044 31CF2F79 4B99E26A 5C48FD2D 2DCE835B
D0ADBD53 B768064B 9E4AB048 F0E9F751 11C9DA51 8EA9C1D3 DCEB136A EE3944D7
FD7EF038 DE965699 DAC4186F 3AAEBD85 B95F05D1 B3AF0BD5 566498C3 6424
quit
!
!
!
ip dhcp excluded-address 192.168.88.1 192.168.88.10
!
ip dhcp pool PCFCU
network 192.168.88.0 255.255.255.0
default-router 192.168.88.1
dns-server 208.67.222.222
!
!
!
no ip domain lookup
ip domain name ****************
ip cef
no ipv6 cef
!
!
license udi pid CISCO881-K9 sn FTX161080BP
!
!
username mgaskin privilege 15 secret 5 $1$y8..$cCDIZqgRtHqBbsh36XW9d.
username jlivingston privilege 15 secret 5 $1$Qs6L$mhAtoKguqLmzmlfGbMYqW/
!
!
!
!
!
ip ssh authentication-retries 5
!
!
!
!
!
!
!
!
!
interface FastEthernet0
switchport access vlan 880
no ip address
!
interface FastEthernet1
switchport access vlan 880
no ip address
!
interface FastEthernet2
switchport access vlan 880
no ip address
!
interface FastEthernet3
switchport access vlan 880
no ip address
!
interface FastEthernet4
ip address 10.0.88.2 255.255.255.248
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface Vlan1
no ip address
!
interface Vlan880
ip address 192.168.88.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
ip default-gateway 10.0.88.2
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 10 interface FastEthernet4 overload
ip default-network 0.0.0.0
ip route 0.0.0.0 0.0.0.0 10.0.88.1
!
access-list 10 permit 192.168.88.0 0.0.0.255
no cdp run
!
!
!
line con 0
line aux 0
line vty 0 4
password 7 144F425C5D14292D273D6B657A46
login
transport input telnet
!
scheduler max-task-time 5000
!
end

Vincenzo Errante · ‎07-27-2012

and if you disconnect the router ad use pc directly to firewall with ip 10.0.88.2 work?

View solution in original post

Vincenzo Errante · ‎07-27-2012

delete ip default-network 0.0.0.0

and

ip default-gateway 10.0.88.2

regards

CSCO12052693 · ‎07-27-2012

I added "ip default-network 0.0.0.0" and "ip default-gateway 10.0.88.2" in hopes that was the problem, still no connection with just "ip route 0.0.0.0 0.0.0.0 10.0.88.1"

Vincenzo Errante · ‎07-27-2012

show vlan

if you don't see vlan 880

add

vlan 880

CSCO12052693 · ‎07-27-2012

It's there,

Wireless_881#show vlan-switch brief

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active
880 wireless                         active    Fa0, Fa1, Fa2, Fa3
1002 fddi-default                     act/unsup
1003 token-ring-default               act/unsup
1004 fddinet-default                  act/unsup
1005 trnet-default                    act/unsup
Wireless_881#

Vincenzo Errante · ‎07-27-2012

but what is the ip address of your firewall?

you need to point the ip address of firewall

ip route 0.0.0.0 0.0.0.0

and then delete

ip default-network 0.0.0.0

and

ip default-gateway 10.0.88.2

CSCO12052693 · ‎07-27-2012

deleted those two lines, and kept "ip route 0.0.0.0 0.0.0.0 10.0.88.1" which is the ip of firewall. still no luck

Vincenzo Errante · ‎07-27-2012

yes because 10.0.88.1 is an interface of your router instead you need insert the next hop (the ip address interface of your firewall)

but because

ip route 0.0.0.0 0.0.0.0 10.0.88.1 have precedence compared to of ip default-gateway and ip default-network the router use for 0.0.0.0/0 10.0.88.1 and this is incorrect

CSCO12052693 · ‎07-27-2012

Correct, 10.0.88.2 is the interface of the router, the firewall's IP is 10.0.88.1

Vincenzo Errante · ‎07-27-2012

sorry

I traded the final two interfaces....

Vincenzo Errante · ‎07-27-2012

well the routing it's ok

if you ping from 10.0.88.2 to the internet works?

CSCO12052693 · ‎07-27-2012

On the router, it does ping it's own interface 10.0.88.2 and it also pings the firewall 10.0.88.1, only because it is directly connected, but it doesn't ping any internet address like Open DNS's address 208.67.222.222 or google's address 74.125.137.100.

Vincenzo Errante · ‎07-27-2012

and if you disconnect the router ad use pc directly to firewall with ip 10.0.88.2 work?

CSCO12052693 · ‎07-27-2012

Not a full Ping,

Reply from 192.168.88.13: Destination host unreachable.

Vincenzo Errante · ‎07-27-2012

?

the laptop don't have 10.0.88.2 ?