No internet behind a Cisco 2821 router

Romain Wagner · ‎12-20-2017

Hello everyone!

I'm just starting to play with a Cisco 2821 router for a home lab, but I can't make give access to clients located on it's LAN port.

The router is attached to a DSL modem on my home LAN, and is set as DMZ unit on the modem settings.

From the router CLI, I can ping internet servers like google's 8.8.8.8, but nothing happens on the computers connected behind the router.

I reset the router to factory default, so there is pretty nothing in the config. Clients are using static IPs as DHCP is not yet set, and they can ping the router at it's LAN interface without problems.

Here is my running config:

gateway1#show run
Building configuration...

Current configuration : 1339 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname gateway1
!
boot-start-marker
boot-end-marker
!
no logging console
enable secret 5 XXXXXXXXXXX
!
no aaa new-model
dot11 syslog
!
!
ip cef
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
username admin privilege 15 secret 5 XXXXXXXXXXX
archive
 log config
  hidekeys
!
!
!
!
!
!
!
interface GigabitEthernet0/0
 ip address dhcp
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 ip address 10.217.0.254 255.0.0.0
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface Serial0/0/0
 no ip address
 shutdown
 clock rate 2000000
!
interface Serial0/0/1
 no ip address
 shutdown
 clock rate 2000000
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0
!
!
ip http server
ip http authentication local
no ip http secure-server
ip nat inside source list ACL_NAT interface GigabitEthernet0/0 overload
!
ip access-list standard ACL_NAT
 permit 10.0.0.0 0.255.255.255
!
!
!
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
 login local
 transport input all
 transport output all
line vty 5 15
 login local
 transport input all
 transport output all
!
scheduler allocate 20000 1000
!
end

gateway1#

Anyone having an idea why the router still blocks access to WAN?

Thanks in advance for your replies!

~Romain Wagner.

Seb Rupik · ‎12-20-2017

Hi there,

What is the interface configuration for a device on your inside network (ifconfig/ ipconfig)? I assume it is directly connected to gi0/1 ?

cheers,

Seb.

Romain Wagner · ‎12-20-2017

Hi, thanks for your reply!

The laptop is connected to Gi0/1 by a switch, its config is :

IP: 10.217.0.10

Mask: 255.0.0.0

Gateway: 10.217.0.254

DNS1: 80.10.246.2

DNS2: 80.10.246.129

I can ping 10.217.0.254 from the laptop, as well as telnet/ssh

Seb Rupik · ‎12-20-2017

Can you ping the inside gateway address of your modem from a client connected to the inside subnet on the router?

Does this router give any output for sh ip nat trans when you try this?

Romain Wagner · ‎12-20-2017

No, the modem's inside IP is not reachable from the clients connected to the router.

And the sh ip nat trans returns nothing..

gateway1#sh ip nat trans

gateway1#

chrihussey · ‎12-21-2017

Try making a slight change to your default route:

!

ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 dhcp

!

This tells the router to use the dhcp default gateway given to G0/0. By just telling the router to use the G0/0 interface a next hop is not really specified.

Hope this helps