cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
10755
Views
5
Helpful
35
Replies

Allowing Internet Access from LAN - Cisco 1841

Raul Armas
Level 1
Level 1

Hi everyone,

I'm trying to change my office's router (a D-Link) for a Cisco 1841.

The current router works for internet access but I need to do some new things which are too tricky to achieve on D-Link's user interface.

The network diagram is attached.

I need to assign the local server as our DHCP & DNS server.

So, I have been testing and trying to give LAN access to the internet with the following configuration:

*******

Router#sh run
Building configuration...

Current configuration : 1173 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef
!
!
no ip dhcp use vrf connected
!
ip dhcp pool OFFICE
   next-server 192.168.0.70
   dns-server 192.168.0.70
!
!
!
!
!
!
interface FastEthernet0/0
ip address 192.168.0.3 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 172.10.16.64 255.255.0.0
ip nat outside
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
shutdown
clockrate 2000000
!
interface Serial0/0/1
no ip address
shutdown
clockrate 2000000
!
ip classless
!
ip http server
ip nat pool ISP 172.10.16.64 172.10.16.70 prefix-length 24
ip nat inside source list 1 pool ISP
!
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 101 permit icmp 192.168.0.0 0.0.0.255 any echo-reply
access-list 101 permit ip any any
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
login
!
end

*******

But so far, It hasn't worked.

I can't even receive any ping responses from f0/0.

What really worries me it's the fact that I know this should be a very easy set-up.

What am I doing wrong?

Thanks in advance.

1 Accepted Solution

Accepted Solutions

I belive you need to add "overload" in the end of you source list configuration.

I hope it helps.

Sincerely,

GRinch

View solution in original post

35 Replies 35

Jon Marshall
Hall of Fame
Hall of Fame

Raul

Are you saying you cannot ping 192.168.0.3 from a device on your 192.168.0.x network ?

If so have you verified the subnet masks of the devices on the 192.168.0.x clients ?

What model is the switch and how is it configured ?

Can you also do a "sh ip int brief" on the router to check the interfaces are up.

Jon

Hi Jon,

Answering your questions:

1.- I just tried again to ping the 192.168.0.3 ip and this time it worked (I suppose I have to wait a little longer for the configuration to take effect).

2.- The switch is an AVAYA P134G2 and to tell you the truth, I don't have an idea of how it is configured. (but internet access works perfect with the D-Link router).

3.- I just did "sh ip int brief" and the two interfaces were "up and up".

Still no internet access...

Thanks for answering.

Okay, well that's progress

You do not have default-route on your router so you need to add -

route 0.0.0.0 0.0.0.0

can you add that and see if you can -

1) ping fa0/1 interface on your router from a 192.168.0.x client

2) see if you can ping the ISP next-hop

if you can't do 2) can you make sure you can ping the ISP next-hop from your router.

Note also that if you have setup an internal DNS server for clients this DNS server needs to know how to get to DNS internet servers otherwise when you enter URLs for example in your web browser it won't work. Have you setup the DNS server to forward DNS queries to your ISP DNS servers ?

Jon

One more thing:

I just noticed that when I connect the 1841 to the ISP router, "FDX" and "100" status LEDs don't turn on.

Could it be a speed conection related issue?

Regarding your last response:

My ISP doesn't give any next-hop address, I have asked for it in the past.

They just gave me my range of valid IP addresses and that's it.

Our current router doesn't have any next-hop ip address configured and it works for internet access.

Is it mandatory to configure it that way?

Thanks.

RA.

Your ISP should give you the next hop

try this as a temporary measure -

ip route 0.0.0.0 0.0.0.0 fa0/1

Jon

I have just made the test:

No internet access, I'm just able to ping the f0/1 from any LAN device.

I am going to ask again for the next-hop IP and try to fix this.

Any other ideas?

Thanks.

RA.

The router needs to know where to send the packets to. If a default-route via fa0/1 is not working talk to the ISP re the addressing and the next-hop you should be using.

Jon

Update:

I'm trying to get the next-hop IP from my ISP but in the meantime I realize even though there's no internet access, my Skype account is logging in successfuly (I was chatting with somebody located on another country for testing purposes).

Any idea why is that?

Thanks,

RA.

Well, now I see...

It's a DNS issue.

I manually configure the primary and secondary DNS servers ip addresses and now I have internet access.

Questions now are:

1.- Why my configuration is not accepting my DNS servers automaticaly?

2.- Should I leave the default route "ip route 0.0.0.0 0.0.0.0 fa0/1" the same way?

Thanks,

RA.

Raul

1) Not sure what you mean. If you have a DNS server internally then you should add the ISP DNS servers as DNS forwarders.

Or are you trying you trying to add them to the router. In fact i'm not sure what this config on the router is for ?

ip dhcp pool OFFICE

   next-server 192.168.0.70

   dns-server 192.168.0.70

2) You can but using an interface as the next-hop but it means with ethernet there will be excessive arp queries from that router. If at all possible you should use an IP as the next-hop.

Jon

Here's what I have tested:

If I manually set my ISP DNS servers on my hosts, I have access to the internet but no access to our intranet.

If I manually set my primary DNS server as our local DNS server and my primary ISP DNS server as secondary, I have access to both.

What I wanted to do with the "ip dhcp pool OFFICE..." was to assign or point to our local server in order to use it as our DHCP & DNS server.

Isn't that configuration necessary?

I don't know how to assign a local DHCP server within Cisco IOS.

I haven't found any commands for that.

Thanks,

RA.

You can use the router to hand out DHCP addresses but if you have a DHCP/DNS server then no you don't need to have that config on your router.

So, just to clarify, you do have internet access now ?

Jon

This is getting more interesting every time:

Indeed, I do have access to the internet now but:

1.- Only from my PC and my test Laptop. Every other host on LAN is not able to connect to the internet even though I'm able to ping from each of them to the f0/0 of the router, our local server and between hosts.

2.- I have to manually set primary and secondary DNS servers in my PC and test Laptop in order to get it working.

Is there a reasonable explanation for that?

Now I'm at a loss...

Thanks,

RA.

Raul

Fron what i can see it's all the same issue. You need to make sure the clients have DNS servers.

You either need to add these DNS servers that work to the DHCP config on your server or if you use an internal IP as the DNS server then that server needs to have the ISP DNS servers added.

You need to choose whether you want an internal DNS server which is queried for all requests or whether you want to use the ISP DNS servers on the clients.

Without one of the above 2 options clients will not be able to connect to URLs which you enter in your web browser.

Jon

Review Cisco Networking for a $25 gift card