Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
505
Views
0
Helpful
3
Replies

Cannot get internet on second cisco

Superhitmandan
Level 1
Level 1

‎03-08-2019 08:02 AM

Hi,

 

I am running 2 Cisco 887's, 1 has a dialer on it and the other i have set up to be an extention, (this is for my own training as i am extremely new i should add)

 

I have a problem where i can get internet on router 1 to work on my computer, however the second router i cannot seem to get internet through, i have tried pinging 8.8.8.8 with no response, i can ping the first router from the second but the ping return from R1 to R2 has the message 'TTL expired in transit'

 

i assume i am missing something within the access list or something that to those who understand is basic, any assistance would be most appreciated.

 

R1 config;

version 15.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service sequence-numbers
!
hostname TR1
!
boot-start-marker
boot-end-marker
!
aqm-register-fnf
!
logging buffered 4096
no logging console
!
no aaa new-model
memory-size iomem 10
clock timezone GMT 0 0
!
!
!
!
!
!
!
!


!
ip dhcp excluded-address 172.16.0.1 172.16.0.99
!
ip dhcp pool TR1
network 172.16.0.0 255.255.255.0
default-router 172.16.0.1

dns-server 8.8.8.8 8.8.4.4
!
!
!
no ip bootp server
no ip domain lookup
ip cef
no ipv6 cef
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
license udi pid C887VA-K9 sn FCZ18409068
!
!
username dan privilege 15 secret 5 $1$Q4V2$9vsQ8i6ygs8bIcwZgtKCz1
!
!
!
!
!
controller VDSL 0
!
ip tcp synwait-time 10
!
!
!
!
!
!
!
!
!
!
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
no atm ilmi-keepalive
hold-queue 224 in
pvc 0/38
oam-pvc 0
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface Ethernet0
no ip address
shutdown
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
switchport access vlan 2
no ip address
!
interface Vlan1
ip address 172.16.0.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
!
interface Vlan2
ip address 174.16.0.2 255.255.255.0
ip nat outside
ip virtual-reassembly in
!
interface Dialer1
ip address *********************************
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap callin
ppp chap hostname ********************
ppp chap password *******************
no cdp enable
hold-queue 224 in
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source list 110 interface Dialer1 overload
ip nat inside source list 120 interface Vlan2 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 173.16.0.0 255.255.255.0 Vlan2 174.16.0.1
!
!
access-list 110 permit ip 172.16.0.0 0.0.0.255 any
access-list 110 permit icmp 172.16.0.0 0.0.0.255 any
access-list 120 permit ip 174.16.0.0 0.0.0.255 any
access-list 120 permit icmp 174.16.0.0 0.0.0.255 any
!
control-plane
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
!
!
!
line con 0
login local
no modem enable
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 20000 1000
!
end

 

R2 Config;

version 15.5
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service sequence-numbers
!
hostname TR2
!
boot-start-marker
boot-end-marker
!
!
no logging console
!
no aaa new-model
ethernet lmi ce
bsd-client server url https://cloudsso.cisco.com/as/token.oauth2
memory-size iomem 10
clock timezone GMT 0 0
!
!
!
!
!
ip dhcp excluded-address 173.16.0.100 173.16.0.254
!
ip dhcp pool TR2
network 173.16.0.0 255.255.255.0
default-router 173.16.0.1
dns-server 8.8.8.8 8.8.4.4
!
!
!
no ip bootp server
no ip domain lookup
ip cef
no ipv6 cef
!
!
cts logging verbose
license udi pid CISCO887-K9 sn FCZ1423908M
!
!
username dan privilege 15 secret 5 $1$Q4V2$9vsQ8i6ygs8bIcwZgtKCz1
!
!
!
!
!
ip tcp synwait-time 10
!
!
!
!
!
!
!
!
!
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
isdn termination multidrop
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
no atm ilmi-keepalive
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
switchport access vlan 2
no ip address
!
interface Vlan1
ip address 173.16.0.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
!
interface Vlan2
ip address 174.16.0.1 255.255.255.0
ip nat outside
ip virtual-reassembly in
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip nat inside source list 110 interface Vlan1 overload
ip nat inside source list 120 interface Vlan2 overload
ip route 0.0.0.0 0.0.0.0 Vlan2 174.16.0.2
ip route 172.16.0.0 255.255.255.0 Vlan2 174.16.0.2
!
!
access-list 110 permit ip any any
access-list 110 permit ip 173.16.0.0 0.0.0.255 any
access-list 110 permit icmp 173.16.0.0 0.0.0.255 any
access-list 120 permit ip any any
access-list 120 permit ip 174.16.0.0 0.0.0.255 any
access-list 120 permit icmp 174.16.0.0 0.0.0.255 any
!
!
line con 0
login local
no modem enable
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 20000 1000
!
end

Labels:
0 Helpful
3 Replies 3

Jaderson Pessoa
VIP Alumni
VIP Alumni

‎03-08-2019 08:24 AM

Hello,

 

Check suggestion in bold on both configurations.

R1 config;

version 15.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service sequence-numbers
!
hostname TR1
!
boot-start-marker
boot-end-marker
!
aqm-register-fnf
!
logging buffered 4096
no logging console
!
no aaa new-model
memory-size iomem 10
clock timezone GMT 0 0
!
!
!
!
!
!
!
!


!
ip dhcp excluded-address 172.16.0.1 172.16.0.99
!
ip dhcp pool TR1
network 172.16.0.0 255.255.255.0
default-router 172.16.0.1

dns-server 8.8.8.8 8.8.4.4
!
!
!
no ip bootp server
no ip domain lookup
ip cef
no ipv6 cef
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
license udi pid C887VA-K9 sn FCZ18409068
!
!
username dan privilege 15 secret 5 $1$Q4V2$9vsQ8i6ygs8bIcwZgtKCz1
!
!
!
!
!
controller VDSL 0
!
ip tcp synwait-time 10
!
!
!
!
!
!
!
!
!
!
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
no atm ilmi-keepalive
hold-queue 224 in
pvc 0/38
oam-pvc 0
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface Ethernet0
no ip address
shutdown
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
switchport access vlan 2
no ip address
!
interface Vlan1
ip address 172.16.0.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
!
interface Vlan2
ip address 174.16.0.2 255.255.255.0
ip nat outside
ip virtual-reassembly in
!
interface Dialer1
ip address *********************************
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap callin
ppp chap hostname ********************
ppp chap password *******************
no cdp enable
hold-queue 224 in
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source list 110 interface Dialer1 overload
ip nat inside source list 120 interface Vlan2 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 173.16.0.0 255.255.255.0 Vlan2 174.16.0.1
!
!
access-list 110 permit ip 172.16.0.0 0.0.0.255 any
access-list 110 permit icmp 172.16.0.0 0.0.0.255 any
access-list 120 permit ip 174.16.0.0 0.0.0.255 any
access-list 120 permit icmp 174.16.0.0 0.0.0.255 any
!
control-plane
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
!
!
!
line con 0
login local
no modem enable
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 20000 1000
!
end

 

R2 Config;

version 15.5
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service sequence-numbers
!
hostname TR2
!
boot-start-marker
boot-end-marker
!
!
no logging console
!
no aaa new-model
ethernet lmi ce
bsd-client server url https://cloudsso.cisco.com/as/token.oauth2
memory-size iomem 10
clock timezone GMT 0 0
!
!
!
!
!
ip dhcp excluded-address 173.16.0.100 173.16.0.254
!
ip dhcp pool TR2
network 173.16.0.0 255.255.255.0
default-router 173.16.0.1
dns-server 8.8.8.8 8.8.4.4
!
!
!
no ip bootp server
no ip domain lookup
ip cef
no ipv6 cef
!
!
cts logging verbose
license udi pid CISCO887-K9 sn FCZ1423908M
!
!
username dan privilege 15 secret 5 $1$Q4V2$9vsQ8i6ygs8bIcwZgtKCz1
!
!
!
!
!
ip tcp synwait-time 10
!
!
!
!
!
!
!
!
!
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
isdn termination multidrop
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
no atm ilmi-keepalive
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
switchport access vlan 2
no ip address
!
interface Vlan1
ip address 173.16.0.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
!
interface Vlan2
ip address 174.16.0.1 255.255.255.0
ip nat outside
ip virtual-reassembly in
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip nat inside source list 110 interface Vlan1 overload    < you dont need it 
ip nat inside source list 120 interface Vlan2 overload
ip route 0.0.0.0 0.0.0.0 Vlan2 174.16.0.2   <   This router is sent to R1, but on R1, you dont have a ACL allowing these network (173.16.0.0 0.0.0) add this network in acl on R1.
ip route 172.16.0.0 255.255.255.0 Vlan2 174.16.0.2
!
!
access-list 110 permit ip any any
access-list 110 permit ip 173.16.0.0 0.0.0.255 any
access-list 110 permit icmp 173.16.0.0 0.0.0.255 any
access-list 120 permit ip any any
access-list 120 permit ip 174.16.0.0 0.0.0.255 any
access-list 120 permit icmp 174.16.0.0 0.0.0.255 any
!
!
line con 0
login local
no modem enable
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 20000 1000
!
end

Jaderson Pessoa
*** Rate All Helpful Responses ***
0 Helpful

Georg Pauwen
VIP
VIP

‎03-08-2019 02:21 PM

Hello,

 

unless Jaderson's suggestions solved your problem, post a schematic drawing of what your topology looks like. Are these just back to back routers ?

0 Helpful

Deepak Kumar
VIP Alumni
VIP Alumni

‎03-09-2019 03:16 AM

Hi,

Kindly share a network diagram and confirm the few things:

1. Why are using NATing between both routers? You have applied "IP NAT Outside" on both routes VLAN2. 

 

And Make changes as suggested @Georg Pauwen 

 

Regards,
Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card