Solved: Re: Problem with Cisco 2911 configuration

SteveHoyle · ‎06-20-2012

I have a Cisco 2911 plugged into an HP Switch which also runs fiber to another HP Switch. Both of these switches run to multiple computers. There are two networks but only one router. I can ping anywhere outside from the router and also to any computer. I can ping the router from one network but not the other. I can ping one network from the computer but not the other way around. I can't ping to the ISP's DNS or any website from any computer. Can someone please help me with this?

Warren.Arthur · ‎06-20-2012

#interface GigabitEthernet0/0

if)#ip nat outside

#interface GigabitEthernet0/1

if)#ip nat inside

#interface GigabitEthernet0/2

if)#ip nat inside

(config)#ip nat pool POOLNAME 68.15.57.204 68.15.57.204 netmask 255.255.255.192

#ip access-list extended xyz

nac1)#permit ip 172.18.113.0 0.0.0.255

nac1)#permit ip 172.18.112.0 0.0.0.255

config)#ip nat inside source list xyz pool POOLNAME overload

#show ip nat translations (when you are finished)

View solution in original post

John Blakley · ‎06-20-2012

It sounds like it's a natting issue. Can you post your configuration? Being that you have 2 networks, are you using vlans?

HTH, John *** Please rate all useful posts ***

SteveHoyle · ‎06-20-2012

I'm currently not using VLANS.

Here is the configurations.

Building configuration...

Current configuration : 1379 bytes

!

! No configuration change since last restart

!

version 15.0

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname ovrbrkrouter

!

boot-start-marker

boot config flash0:router-config

boot-end-marker

!

security authentication failure rate 5 log

enable secret 5 $1$Tl4e$JEiYtibckmluxVI.Ivsvo.

enable password 7 15010E0D557A7A7429253021

!

no aaa new-model

!

no ipv6 cef

ip source-route

no ip routing

no ip cef

!

ip name-server 208.67.222.222

ip name-server 208.67.220.220

login block-for 120 attempts 5 within 30

!

multilink bundle-name authenticated

!

license udi pid CISCO2911/K9 sn FCZ150471ZA

!

redundancy

!

interface GigabitEthernet0/0

ip address 68.15.57.204 255.255.255.192

no ip route-cache

duplex auto

speed auto

no mop enabled

!

interface GigabitEthernet0/1

ip address 172.18.112.1 255.255.255.0

no ip route-cache

duplex auto

speed auto

no mop enabled

!

interface GigabitEthernet0/2

ip address 172.18.113.1 255.255.255.0

no ip route-cache

duplex auto

speed auto

!

ip forward-protocol nd

!

no ip http server

no ip http secure-server

!

control-plane

!

line con 0

exec-timeout 20 0

password 7 00171607550B5A560E37494D

login

line aux 0

line vty 0 4

password 7 1404170A5D547B7B253E3636

login

!

scheduler allocate 20000 1000

end

willymaldonado1 · ‎06-20-2012

let your traffic know where to route out aswell..

ip route 0.0.0.0 0.0.0.0 x.x.x.x

and also apply your acl's and natting inside/outside

I hope it helps..

Best regards,

Willy

Warren.Arthur · ‎06-20-2012

I'm guessing your computers have static IP addresses on both networks? because you dont have dhcp enabled on the router.

Sent from Cisco Technical Support iPhone App

SteveHoyle · ‎06-20-2012

I'm actually using Server 08R2 to run a DHCP Server. Do I need to tell the router that I have an external DHCP Server?

SteveHoyle · ‎06-20-2012

I'm going to add NAT and see if I'm able to connect. I'm not sure if I'll get to that tonight or tomorrow. Thanks for the advice. I'll let you know how it goes.

Warren.Arthur · ‎06-20-2012

ok hope it works out for you!

Warren.Arthur · ‎06-20-2012

No not necessary, you need to enable NAT because you are not able to get outside your network to the internet.

Sent from Cisco Technical Support iPhone App

Warren.Arthur · ‎06-20-2012

#interface GigabitEthernet0/0

if)#ip nat outside

#interface GigabitEthernet0/1

if)#ip nat inside

#interface GigabitEthernet0/2

if)#ip nat inside

(config)#ip nat pool POOLNAME 68.15.57.204 68.15.57.204 netmask 255.255.255.192

#ip access-list extended xyz

nac1)#permit ip 172.18.113.0 0.0.0.255

nac1)#permit ip 172.18.112.0 0.0.0.255

config)#ip nat inside source list xyz pool POOLNAME overload

#show ip nat translations (when you are finished)

SteveHoyle · ‎06-21-2012

Before I save this to the startup Config I wanted to make sure the configuration looks correct. Can you take a look?

interface GigabitEthernet0/0

ip address 68.15.57.204 255.255.255.192

ip nat outside

ip virtual-reassembly

no ip route-cache

duplex auto

speed auto

no mop enabled

!

interface GigabitEthernet0/1

ip address 172.18.112.1 255.255.255.0

ip nat inside

ip virtual-reassembly

no ip route-cache

duplex auto

speed auto

no mop enabled

!

interface GigabitEthernet0/2

ip address 172.18.113.1 255.255.255.0

ip nat inside

ip virtual-reassembly

no ip route-cache

duplex auto

speed auto

!

ip forward-protocol nd

!

no ip http server

no ip http secure-server

!

ip nat pool POOLNAME 68.15.57.204 68.15.57.204 netmask 255.255.255.192

ip nat inside source list xyz pool POOLNAME overload

!

ip access-list extended xyz

permit ip 172.18.112.0 0.0.0.255 172.18.113.0 0.0.0.255

!

control-plane

!

line con 0

exec-timeout 20 0

password 7 00171607550B5A560E37494D

login

line aux 0

line vty 0 4

password 7 1404170A5D547B7B253E3636

login

!

scheduler allocate 20000 1000

end

Warren.Arthur · ‎06-21-2012

add the

#ip route 0.0.0.0 0.0.0.0 68.15.57.204

Test to make sure before you save your config files

Sent from Cisco Technical Support iPhone App

SteveHoyle · ‎06-22-2012

When I try to add #ip route 0.0.0.0 0.0.0.0 68.15.57.204 I get this error.

%Invalid next hop address (it's this router)

willymaldonado1 · ‎06-22-2012

try to route to your isp dns or gateway......

ip route 0.0.0.0 0.0.0.0 (DNS ip ADD) or (ISP GATEWAY)

WILLY

SteveHoyle · ‎06-22-2012

Thanks, I'm going to try that.