Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
339
Views
0
Helpful
1
Replies

Devices beyond router can't do anything but ping remote hosts,

Michael Shimmins
Level 1
Level 1

‎04-08-2015 10:25 PM - edited ‎03-07-2019 11:27 PM

Hi,

I'm trying to get a replacement router (1941) with a HWIC-3G-HSPA card setup on our network to fill in for our primary connection until the outage is resolved.

I've configured the router and the 3G connects. From the router, I can ping remote hosts, do DNS lookups, traceroutes etc.

From any other device (neighbouring switch, end users connected to the switch etc) I can only ping remote hosts.  All other traffic gets no where. It appears I can traceroute, albeit incredibly slowly.

The setup is pretty straight forward (config below), but essentially the 1941 -> 4507R switchport on VLAN 200 <- WLC & Hard wired clients on varying VLANS (214 for Wifi, 212 for wired etc). The 4507 does layer 3 routing etc. There are no other routers/switches. We have a WLC connected to the switch and an ASA that usually does the PPPoE termination for our primary internet connection (this router is replacing the ASA temporarily).  The default route on the 4507 has been changed to point to the new router (10.2.0.251) rather than the ASA (10.2.0.250).

I can see NAT translations happening, ie:

Pro Inside global      Inside local       Outside local      Outside global
udp 10.98.67.96:51737  10.2.14.11:51737   8.8.8.8:53         8.8.8.8:53
udp 10.98.67.96:52021  10.2.14.11:52021   8.8.4.4:53         8.8.4.4:53

Route table:

Gateway of last resort is 0.0.0.0 to network 0.0.0.0
 
S*    0.0.0.0/0 is directly connected, Dialer1
      10.0.0.0/8 is variably subnetted, 4 subnets, 3 masks
S        10.2.0.0/16 [1/0] via 10.2.0.1
C        10.2.0.0/24 is directly connected, GigabitEthernet0/0
L        10.2.0.251/32 is directly connected, GigabitEthernet0/0
C        10.98.67.96/32 is directly connected, Dialer1

The 1941 config:

mel2-l1-router-01#show run
Building configuration...
 
Current configuration : 4539 bytes
!
! Last configuration change at 05:04:43 GMT Thu Apr 9 2015 by shimms
! NVRAM config last updated at 02:45:58 GMT Thu Apr 9 2015
! NVRAM config last updated at 02:45:58 GMT Thu Apr 9 2015
version 15.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname mel2-l1-router-01
!
boot-start-marker
boot system flash0:c1900-universalk9-mz.SPA.153-2.T.bin
boot-end-marker
!
!
enable secret 4 [removed]
enable password 7 [removed]
!
aaa new-model
!
!         
!
!
!
!
!
aaa session-id common
clock timezone GMT 0 11
!
ip cef
!
!
!
!
!
!
ip domain name teamsquare.internal
ip name-server 8.8.8.8
ip name-server 8.8.4.4
no ipv6 cef
!
multilink bundle-name authenticated
!
chat-script gsm "" "ATDT*99*1#" TIMEOUT 30
!
crypto pki trustpoint TP-self-signed-869303978
 [removed]
!
!
crypto pki certificate chain TP-self-signed-869303978
 [removed]
    quit
license udi pid CISCO1941/K9 sn [removed]
!
redundancy
!
!
!
!
!
controller Cellular 0/0
!
ip ssh rsa keypair-name sshkeys
ip ssh version 2
! 
!
!
!
!
interface Embedded-Service-Engine0/0
 no ip address
 shutdown
!
interface GigabitEthernet0/0
 ip address 10.2.0.251 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 no ip address
 duplex auto
 speed auto
!         
interface Cellular0/0/0
 description Telstra 3G Wireless
 ip address negotiated
 ip virtual-reassembly in
 encapsulation ppp
 dialer in-band
 dialer pool-member 1
 dialer-group 1
 async mode interactive
 ppp chap refuse
!
interface Cellular0/0/1
 no ip address
 encapsulation ppp
!
interface Dialer0
 no ip address
!
interface Dialer1
 description Dialer interface for int cell0/0/0
 ip address negotiated
 ip virtual-reassembly in
 encapsulation ppp
 dialer pool 1
 dialer idle-timeout 0
 dialer string gsm
 dialer persistent
 dialer-group 1
 no cdp enable
!
no ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
no ip nat service sip udp port 5060
ip nat inside source list 1 interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 10.2.14.0 255.255.254.0 10.2.0.1
!
!
!
access-list 1 permit 10.2.0.0 0.0.255.255
!
!         
!
control-plane
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 0
line aux 0
line 2
 no activation-character
 no exec
 transport preferred none
 transport input all
 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line 0/0/0
 exec-timeout 0 0
 script dialer gsm
 modem InOut
 no exec
 transport input all
 transport output all
 rxspeed 7200000
 txspeed 5760000
line 0/0/1
 no exec
 rxspeed 7200000
 txspeed 5760000
line vty 0 4
 exec-timeout 2 30
 privilege level 0
 length 0
 transport preferred none
 transport input ssh
line vty 5 15
 password 7 [removed]
 transport preferred none
 transport input ssh
!
scheduler allocate 20000 1000
ntp server 130.194.1.96
!
end
Labels:
0 Helpful
1 Reply 1

Michael Shimmins
Level 1
Level 1

‎04-08-2015 11:29 PM

Re-reading the config I pasted above (rather than looking at it in the CLI) seems to have done the truck - obvious mistake, was missing `ip nat outside` on the dialer interface.

Works now.

0 Helpful
Customers Also Viewed These Support Documents