cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Join Customer Connection to register!
565
Views
0
Helpful
9
Replies
jbenedict2006
Beginner

Internet Access problems

I have 2 site running off the same internet connection.  One is the local network(Host) which it can access the internet with no problems.  The second is coming from a T1 connection from the second office (Remote).  This connection can make it to the internal network of the host site but can not get out to the internet.  I am using Cisco 881s on both ends to make the connection.  The tunnel is working fine it is just the routing to the internet for the remote location that isn't working.  Below is part of my configuration.  The host IP is vlan 1.  Remote IP is 192.168.65.0 network.  From the remote network I can ping Fa4 but I can get to the gateway.  If anyone could help me with this it would be great.  Thank you in advance.  Jonathon

interface Tunnel1

ip address 2.2.2.1 255.255.255.252

ip pim dense-mode

keepalive 10 3

tunnel source Vlan2

tunnel destination 192.168.15.5

!

!

interface FastEthernet0

switchport access vlan 2

!

!

interface FastEthernet1

switchport mode trunk

!

!

interface FastEthernet2

!

!

interface FastEthernet3

!

!

interface FastEthernet4

description Connection to Internet Firewall

ip address x.x.x.x 255.255.255.0

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

!

interface Vlan1

description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$

ip address 192.168.55.1 255.255.255.0

ip pim dense-mode

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1452

ip igmp static-group 224.0.1.55

!

!

interface Vlan2

ip address 192.168.15.1 255.255.255.0

ip pim dr-priority 10

ip pim dense-mode

ip tcp adjust-mss 1452

ip igmp static-group 224.0.1.55

!

!

interface Vlan3

description Guest Vlan

ip address 10.10.2.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

!

!

router eigrp 1

network 10.10.10.0 0.0.0.255

network 192.168.15.0

network 192.168.55.0

!

ip default-gateway 64.233.204.20

ip forward-protocol nd

ip http server

ip http access-class 23

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

!

ip nat inside source list 101 interface FastEthernet4 overload

ip route 0.0.0.0 0.0.0.0 x.x.x.x

ip route 192.168.65.0 255.255.255.0 Tunnel1

!

access-list 101 permit ip 192.168.65.0 0.0.0.255 any

access-list 101 permit ip 10.10.6.0 0.0.0.255 any

access-list 150 deny   ip 10.10.2.0 0.0.0.255 192.168.0.0 0.0.255.255

access-list 150 permit ip 10.10.2.0 0.0.0.255 any

no cdp run

!

!

!

!

!

control-plane

!

!

!

line con 0

login local

no modem enable

transport output telnet

line aux 0

login local

transport output telnet

line vty 0 4

privilege level 15

login local

transport input telnet ssh

!

scheduler max-task-time 5000

end

1 ACCEPTED SOLUTION

Accepted Solutions

Jonathan,

I look forward to seeing what you find out. I successfully labbed it with no issue. I have the following:

(LAN: 172.16.1.0) R1 (192.168.12.1) --> (192.168.12.2)R2 (10.23.0.2) --> (10.23.0.3) R3 (10.34.0.3) ---> (10.34.0.4) R4 (Lo4: 4.4.4.4)

GRE Tunnel between R2 and R3 using 2.2.2.2 and 2.2.2.3

R1:

ip route 0.0.0.0 0.0.0.0 192.168.12.2

R2:

interface Tunnel1

ip address 2.2.2.2 255.255.255.0

tunnel source FastEthernet0/1

tunnel destination 10.23.0.3

ip route 0.0.0.0 0.0.0.0 tunnel1

ip route 172.16.1.0 255.255.255.0 192.168.12.1

R3:

interface Tunnel1

ip address 2.2.2.3 255.255.255.0

ip nat inside

ip virtual-reassembly

tunnel source FastEthernet0/0

tunnel destination 10.23.0.2

interface FastEthernet0/1

ip address 10.34.0.3 255.255.255.0

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

ip nat inside source list 1 interface FastEthernet0/1 overload

!

access-list 1 permit 172.16.1.0 0.0.0.255

R4:

interface FastEthernet0/0

ip address 10.34.0.4 255.255.255.0

duplex auto

speed auto

end

interface Loopback4

ip address 4.4.4.4 255.255.255.255

end

** Routing table on R4 doesn't know about 172.16.1.0/24 **

     4.0.0.0/32 is subnetted, 1 subnets

C       4.4.4.4 is directly connected, Loopback4

     10.0.0.0/24 is subnetted, 2 subnets

D       10.23.0.0 [90/307200] via 10.34.0.3, 00:11:30, FastEthernet0/0

C       10.34.0.0 is directly connected, FastEthernet0/0

From R1 I can ping:

R1#ping 4.4.4.4 source 172.16.1.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 4.4.4.4, timeout is 2 seconds:

Packet sent with a source address of 172.16.1.1

!!!!!

Trace shows that the traffic does go over the tunnel:

R1#trace 4.4.4.4 sour 172.16.1.1

Type escape sequence to abort.

Tracing the route to 4.4.4.4

  1 192.168.12.2 36 msec 44 msec 32 msec

  2 2.2.2.3 72 msec 84 msec 72 msec

  3 10.34.0.4 148 msec *  120 msec

Let me know what you find out and we can continue to work with this if you're still having an issue.

HTH,

John

HTH, John *** Please rate all useful posts ***

View solution in original post

9 REPLIES 9
John Blakley
Advisor

Jonathon,

Can you post the other end? Do you have a default route configured on your other router to point to the tunnel?

HTH,

John

HTH, John *** Please rate all useful posts ***

Here is the remote config.  And yes the default route is configred to go thru the tunnel.

interface Tunnel1

ip address 2.2.2.2 255.255.255.252

ip pim dense-mode

keepalive 10 3

tunnel source Vlan2

tunnel destination 192.168.15.1

!

!

interface FastEthernet0

switchport access vlan 2

!

!

interface FastEthernet1

switchport access vlan 3

switchport mode trunk

!

!

interface FastEthernet2

!

!

interface FastEthernet3

!

!

interface FastEthernet4

no ip address

shutdown

duplex auto

speed auto

!

!

interface Vlan1

ip address 192.168.65.1 255.255.255.0

ip pim dense-mode

ip virtual-reassembly

ip tcp adjust-mss 1452

ip igmp join-group 224.0.1.55

!

!

interface Vlan2

ip address 192.168.15.5 255.255.255.0

ip access-group 111 in

ip pim dense-mode

ip igmp join-group 224.0.1.55

!

!

interface Vlan3

description Guest Vlan

ip address 10.10.6.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

!

!

router eigrp 1

network 10.10.6.0 0.0.0.255

network 192.168.15.0

network 192.168.65.0

!

ip forward-protocol nd

ip http server

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

!

ip nat inside source list 101 interface Tunnel1 overload

ip route 0.0.0.0 0.0.0.0 Tunnel1

ip route 192.168.25.0 255.255.255.0 2.2.2.1

ip route 192.168.35.0 255.255.255.0 2.2.2.1

ip route 192.168.45.0 255.255.255.0 2.2.2.1

ip route 192.168.55.0 255.255.255.0 Tunnel1

!

access-list 101 permit ip 10.10.6.0 0.0.0.255 any

access-list 101 permit ip 192.168.65.0 0.0.0.255 any

access-list 111 permit ip any host 224.0.1.59 log

access-list 111 permit ip any any

access-list 150 deny   ip 10.10.6.0 0.0.0.255 192.168.0.0 0.0.255.255

access-list 150 permit ip 10.10.6.0 0.0.0.255 any

no cdp run

!

!

!

!

!

control-plane

!

!

!

line con 0

login local

no modem enable

transport output telnet

line aux 0

login local

transport output telnet

line vty 0 4

privilege level 15

login local

transport input telnet ssh

!

scheduler max-task-time 5000

end

Jonathon,

I believe the only thing that you need to do is to enable inside nat on the tunnel interface of the router that connects to the default gateway and you should be good.

HTH,

John

HTH, John *** Please rate all useful posts ***

John,

I have added the inside nat to the tunnel interface on the router that connects to the gateway but still no luck.  Do you have any other ideas?

Thank you,

Jonathon,

Jonathon,

Let me lab this up, but I do have a question. On the remote side, you have nat configured, but you only have nat inside configured on vlan3. Are you wanting to run nat, or is that an old config? If it isn't needed, you should remove it. I'm going to lab this up...

John

HTH, John *** Please rate all useful posts ***

John,

Well this might be a different problem now.  I just got a call from the Host location and they just told me they can not get to the internet since about 30 minutes after I left, which I left their location at 9:00 AM cst this morning.  haha. So let me look at that and I will get back to you.

To answer your question.  The vlan3 is actually a copy from my client's other locations and it just got thrown in there with it.  vlan 3 is currently not operational.  I am more worried about vlan 1.

Thanks,

Jonathon

Jonathan,

I look forward to seeing what you find out. I successfully labbed it with no issue. I have the following:

(LAN: 172.16.1.0) R1 (192.168.12.1) --> (192.168.12.2)R2 (10.23.0.2) --> (10.23.0.3) R3 (10.34.0.3) ---> (10.34.0.4) R4 (Lo4: 4.4.4.4)

GRE Tunnel between R2 and R3 using 2.2.2.2 and 2.2.2.3

R1:

ip route 0.0.0.0 0.0.0.0 192.168.12.2

R2:

interface Tunnel1

ip address 2.2.2.2 255.255.255.0

tunnel source FastEthernet0/1

tunnel destination 10.23.0.3

ip route 0.0.0.0 0.0.0.0 tunnel1

ip route 172.16.1.0 255.255.255.0 192.168.12.1

R3:

interface Tunnel1

ip address 2.2.2.3 255.255.255.0

ip nat inside

ip virtual-reassembly

tunnel source FastEthernet0/0

tunnel destination 10.23.0.2

interface FastEthernet0/1

ip address 10.34.0.3 255.255.255.0

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

ip nat inside source list 1 interface FastEthernet0/1 overload

!

access-list 1 permit 172.16.1.0 0.0.0.255

R4:

interface FastEthernet0/0

ip address 10.34.0.4 255.255.255.0

duplex auto

speed auto

end

interface Loopback4

ip address 4.4.4.4 255.255.255.255

end

** Routing table on R4 doesn't know about 172.16.1.0/24 **

     4.0.0.0/32 is subnetted, 1 subnets

C       4.4.4.4 is directly connected, Loopback4

     10.0.0.0/24 is subnetted, 2 subnets

D       10.23.0.0 [90/307200] via 10.34.0.3, 00:11:30, FastEthernet0/0

C       10.34.0.0 is directly connected, FastEthernet0/0

From R1 I can ping:

R1#ping 4.4.4.4 source 172.16.1.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 4.4.4.4, timeout is 2 seconds:

Packet sent with a source address of 172.16.1.1

!!!!!

Trace shows that the traffic does go over the tunnel:

R1#trace 4.4.4.4 sour 172.16.1.1

Type escape sequence to abort.

Tracing the route to 4.4.4.4

  1 192.168.12.2 36 msec 44 msec 32 msec

  2 2.2.2.3 72 msec 84 msec 72 msec

  3 10.34.0.4 148 msec *  120 msec

Let me know what you find out and we can continue to work with this if you're still having an issue.

HTH,

John

HTH, John *** Please rate all useful posts ***

View solution in original post

John,

Thank you for your assistance with this.  You were right about the nat and after re adding the Access-list 101 permit IP 192.168.65.0 back to the Host router it started routing to the internet again.

Thank you once again,

Jonathon

Awesome to hear   I'm glad to hear it's working, and thank you for the rating!

HTH, John *** Please rate all useful posts ***