Cisco 1921 default route not working

Miguel Angel Alvarez Rodriguez · ‎08-31-2013

Hi:

I'm new to Cisco routing, and I'm having trouble with an aparently very easy configuration. I have a working LAN1 (192.168.1.0/24) with an standard DSL router (192.168.1.254). I have another LAN2 (10.10.10.0/24), and I want to use a Cisco 1921 to route between the two LANs, giving internet access to hosts in LAN2 through standard router in LAN1.

The problem is that I'm not able to ping from LAN2 to hosts in LAN1, and obviously hosts in LAN2 can't access internet.

Please, can someone tell me what is wrong is this simple configuration?

I'm attaching the configuration.

Thanks in advance.

acampbell · ‎08-31-2013

Miguel,

A real basic config would be :-

!
int g0/0
desc ***LAN 1***
ip address 192.168.1.253 255.255.255.0
no shut
!
int g0/1
desc ***LAN 2***
ip address 10.10.10.254 255.255.255.0
no shut

!
ip route 0.0.0.0 0.0.0.0 192.168.1.254
!

Your devices on LAN2 should be using 10.10.10.254 as their default gateway.

You WILL ALSO NEED TO ADD A STATIC ROUTE ON YOUR OTHER ROUTER
10.10.10.0 255.255.255.0 NEXT HOP 192.168.1.253

Regards,
Alex.
Please rate useful posts.

Regards, Alex. Please rate useful posts.

Miguel Angel Alvarez Rodriguez · ‎09-01-2013

Hi Alex:

The configuration I included in my post I think is according to what you're saying, and of course host in LAN2 are using the correct gateway.

I don't have a static route in LAN1 router for reaching LAN2, because I'm using NAT in LAN2 router (overloading), so there is no packets with 10.10.10.0/24 destination addresses in LAN1. If I understand well NAT working with overloading all traffic in LAN1 with destination LAN2 would have 192.168.1.111 as destination address.

This is resume of the posted configuration:

interface GigabitEthernet0/0

ip address 10.10.10.252 255.255.255.0

ip access-group 103 in

ip nat inside

ip virtual-reassembly in

duplex auto

speed auto

!

interface GigabitEthernet0/1

ip address 192.168.1.111 255.255.255.0

ip access-group 100 in

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

!

ip forward-protocol nd

!

ip nat inside source list 1 interface GigabitEthernet0/1 overload

ip route 0.0.0.0 0.0.0.0 192.168.1.254 permanent

!

access-list 1 permit 10.10.10.0 0.0.0.255

access-list 100 permit icmp any any echo

access-list 100 permit icmp any any traceroute

access-list 100 permit icmp any any unreachable

access-list 100 permit tcp 192.168.1.0 0.0.0.255 host 192.168.1.111 eq telnet

access-list 100 permit tcp 192.168.1.0 0.0.0.255 host 192.168.1.111 eq 22

access-list 100 permit tcp 192.168.1.0 0.0.0.255 host 192.168.1.111 eq www

access-list 100 permit tcp 192.168.1.0 0.0.0.255 host 192.168.1.111 eq 443

access-list 100 permit tcp 192.168.1.0 0.0.0.255 host 192.168.1.111 eq cmd

access-list 100 deny tcp any host 192.168.1.111 eq telnet

access-list 100 deny tcp any host 192.168.1.111 eq 22

access-list 100 deny tcp any host 192.168.1.111 eq www

access-list 100 deny tcp any host 192.168.1.111 eq 443

access-list 100 deny tcp any host 192.168.1.111 eq cmd

access-list 100 deny udp any host 192.168.1.111 eq snmp

access-list 100 deny ip any any

access-list 103 permit tcp 10.10.10.0 0.0.0.255 host 10.10.10.252 eq telnet

access-list 103 permit tcp 10.10.10.0 0.0.0.255 host 10.10.10.252 eq 22

access-list 103 permit tcp 10.10.10.0 0.0.0.255 host 10.10.10.252 eq www

access-list 103 permit tcp 10.10.10.0 0.0.0.255 host 10.10.10.252 eq 443

access-list 103 permit tcp 10.10.10.0 0.0.0.255 host 10.10.10.252 eq cmd

access-list 103 deny tcp any host 10.10.10.252 eq telnet

access-list 103 deny tcp any host 10.10.10.252 eq 22

access-list 103 deny tcp any host 10.10.10.252 eq www

access-list 103 deny tcp any host 10.10.10.252 eq 443

access-list 103 deny tcp any host 10.10.10.252 eq cmd

access-list 103 deny udp any host 10.10.10.252 eq snmp

access-list 103 permit ip any any

Miguel Angel Alvarez Rodriguez · ‎09-01-2013

Finally I found the problem. It was a mistake in last line of ACL 100. Begginer's mistake. Thanks.