Server has no Internet but Clients do

stuartpeo · ‎10-04-2011

Hi all

I was so fed up of using the out of a box routers from PC World or the provided router from the host that I decided to splash out and buy a decent router.

The Cisco 887 came highly recommended and seems to be a great purchase so far. Our down time and internet hangs vanished overnight.

Having had this installed for several weeks now I thought it was time to look at my problems with it,

I have 2 broadcom network cards, 1 for the LAN and 1 for the WAN, All machines connected to the LAN get full internet access but my server will not.

The router plugs directly into the Server (2008) with an IP address of 10.10.10.1 - this is listed under the LAN settings in Cisco CP Express.

I have a fixed IP address which appears to be set up correctly and all my terminals / client pc's that are plugged through the switch. These all show IP's that look like 192.168.1.x

I am not an IT wizz kid but I know my way around a computer pretty well. I am guessing I need to move the router IP to within range. At present the Server sorts out the DHCP and we also have a VOIP phone system.

Any ideas???

cadet alain · ‎10-04-2011

Hi,

this is surely a NAT problem. I suppose you want the server to be accessible from internet? so you must do a static NAT for the server if it is in a different pool as the other machines.

Post output of following:

- # sh run | s nat

- # sh access-list

- # sh run interface

If you want your server to get out to internet then you have to change the NAT ACL but I would recommend to only port forward some ports from the server to internet with static PAT.

eg forwarding http: config# ip nat inside source static tcp x.x.x.x 80 interface x/x 80

where x.x.x.x is private address of server and interface is outside interface towards internet.

You can do this for multiple services.

Regards.

Alain.

Don't forget to rate helpful posts.

Richard Burts · ‎10-04-2011

Stuart

I find your description of the topology of the network confusing. You say that the router has a LAN and a WAN. And you say that clients connected to the LAN do have Internet connectivity. So that seems to indicate that the WAN connection is working ok. But then you talk about a server and I am confused where and how the server connects. Does the server connect to the WAN interface? Perhaps you can clarify the relationship of the server and the clients and the router?

Also it might be helpful to have the config of the router posted so that we can see how it is set up. (with sensitive information hidden)

HTH

Rick

HTH

Rick

stuartpeo · ‎10-05-2011

Thanks for quick replies but I was playing yesterday and lost internet connection on all machines.

I wish I could help you to help me but it looks as though it may be more complicated than I first thought. All I was trying to do was keep the server up to date via the internet.

To try and explain what I am trying to get over I will start from beginning and hope it makes sense, if not don't worry and I thank you for the help.

Firstly I am used to using normal out of the box routers (Belkin / Netgear) with IP's something like 192.168.0.1 or 192.168.2.1.

My server has 2 Network cards. We labelled them 'INTERNET' and 'LAN'.

The 'LAN' plugs straight into a Cisco SF102-24 Switch to provide networking around our business.

The 'INTERNET' plugs straight into the Cisco 887 Router which provides our Internet access.

This all seems straight forward to me, I wouldn't know if this is the best set up but this is what I was presented with and trying to do the best to make it work.

In reply to Cadet Alain – it sounds too complicated then for me, I am not that clued up with NAT and wouldn’t know where to start in getting you them responses.

Thanks Again

Stuart

stuartpeo · ‎10-05-2011

Adding what ever I can - Sorry if it doesn't help or if I am miles away I just presumed I could change a simple setting

Marius Gunnerud · ‎10-05-2011

Do your clients have internet connectivity again after you played around?

I think the issue can be solved by changing your setup. Is the server an ISA server, or is there any other reason that would require it to be placed between the switch and router? Do you have spare ports on the switch? I think the issue might be that the Server is sourcing all traffic out it's LAN NIC.

For a quick solution I would remove the connection between the router and server and connect the router directly to the switch. Then change the IP of the router so it is on the same network as the rest of the LAN and make sure that all client default gateways are updated to match the new IP address of the router.

--
Please remember to select a correct answer and rate helpful posts

Richard Burts · ‎10-05-2011

Stuart

Thanks for the additional information. Is it possible to tell us more about the server? If it is using two network cards then I wonder how the server is set up. Is it doing something like bridging between the NICs? Or is it routing on both NICs? Or is it doing NIC teaming?

I like the suggestion of changing the topology. I believe that it would be much more staightforward if the switch connected directly to the router and if the server were connected to one of the switch ports.

HTH

Rick

HTH

Rick

stuartpeo · ‎10-11-2011

Sorry, Have been very busy with work.

You asked if it is ISA?? - How would I know??

I don't care how its set up, this one done by previous installation guy and never looked right to me.

It makes sense to me to log into the router, change its ip from 10.10.10.1 tp something into the 192.168.1?? range, then plug diectly into the router. Problem being once I do that if I lose internet, it becomes a real pain trying to sort it out.

Could you confirm that sounds like the best setup for a simple install. Oh yeah also my router is running DHCP as well as the server, Is that correct??

Again - for us simpleton's - Plug the Server and the Router straight into the switch, ignoring one of the NIC's. - Which one do I use?

In reply to Rick - I don't believe anything is bridged or any teaming setup so I am going to have to presume it is routing on both NIC's. (again presuming a NIC is a Network Interface Card)

Guess I am just going to have to jump in feet first and I hope come out on smelling of Roses. I just don't understand how come the router must have net access, its connected to the Server but will not let me browse the net.

Richard Burts · ‎10-11-2011

Stuart

Yes the term NIC refers to a network interface card.

I am somewhat confused about what is working and what is not working. In your original post you told us that the server did not have Internet access (I think). Now the most recent post seems to say that the router itself does not have network access. Perhaps you can clarify what does work and what does not work.

In some sense I believe that it would be more simple to move the server so that it connected to the switch and to let the server and all the PCs go through the switch to the router to get Internet access. And if you do that I believe that the server interface labeled as Internet would be the interface to use since it is already set up to get an IP address from DHCP.

But if you have a network of PCs that are working and you have VOIP phone that is working, then I am a bit reluctant to make changes that might break some of that.

HTH

Rick

HTH

Rick

stuartpeo · ‎10-11-2011

Thanks again Richard

Hopefully this will clarify things:

My Server has 2 NIC's - One is cabled into a switch, the other is cabled into the router.( Please see earlier pics for there ip's / set up)

The server has no internet access.

The switch then routes off to about 10 machines. It also routes to another POE switch which provides us with VOIP through a Trixbox and an ISDN line.

The 10 machines around the work place have internet access.

Many thanks for your help

Stuart

Richard Burts · ‎10-11-2011

Stuart

The additional information helps - at least some. It does make it clear that there are multiple parts of your network that are working now. It makes me reluctant to suggest moving the server because of the possibility that moving the server will significantly change the network and may break things that are currently working.

I am puzzled that the server does not have Internet access. Some of the pics that you posted are very clear that the server does have 2 IP addresses and are also clear that the server has a default gateway that is pointed to the router (as it should be). So problems with Internet access are not because of an incorrect gateway (as was my first guess about the problem). So we must look for some other kind of problem.

When you say that the server does not have Internet access are you saying that it is not able to browse to web servers in the Internet? If you can not browse to a web server can you ping it?

HTH

Rick

HTH

Rick

IcebergTitanic · ‎10-11-2011

Hi Stuart -

Here's what is confusing me a bit... Is there a particular reason why you would want the server to be hooked up to the LAN, (which is then itself hooked up to the internet) to have a separate connection directly to the router, with a different subnet?

If you don't have any particular reason to do so, such as needing a static, isolated external IP address mapped to the server, then why not just disconnect that second network connection, and set that 192.168.1.2 adapter to have the correct gateway (probably 192.168.1.1?) and see if it can get to the internet. (That question about whether your server is ISA means, is your server set up to be running Microsoft's Internet Security and Acceleration server, which would make it a firewall. I'm guessing the answer is no.)

It is a little weird to have a gateway address on both network adapters. Usually, you would remove the default GW off the 192.168.1.2 interface, because you have a separate gateway to the other nic. The gateway address is used for your server to send traffic outside the network.

i.e., "If the destination IP address is not in the same subnet as my IP address, I should send it to this gateway address, which is where there's a router that can get my data to the right network."

But anyhow, try just removing the second network cable, and setting the right gateway on the remaining one (the 192.168 interface) and see if that works.

stuartpeo · ‎10-14-2011

Again thanks Richard and Dan

This is one of the issues I have, I am way to busy building the phone system at the minute and didn't think about all the recordings i would need for out of office replies and auto answering stuff. It's mind boggling

Anyways, Richard I will try to ping out when I get back to work Sat morning BST as yes i am talking web browsing but i think i remember trying to ping ages ago. thanks again

Dan, I think I am confusing people because of not knowing stuff and I think I got the WAN and the LAN the wrong way round in first post. I have no reason to do any or have a preffernce to either set up, all I know is it was installed like this I think it could be better.

Firstly I would like to set up an autoprint on emails received and was going to use the server for it(I am now thinking use a spare terminal set up to do this all day). I was also going to check for windows and general program updates and couldn't

Secondly, I believe there to be a lag. When we click pages theres a delay. I reckon its the routing through the server thats slowing it down.

I am going to attempt to pull out the router, change it's IP from 10.10.10.1 to 192.168.1.200. using my laptop

and plug in the router to the switch, i am going to try with the NIC that is labelled internet and see where i go from there, a little tinkering with the settings / ip configs should hopefully work. A big concern is my router wants to have a DHCP control and had 10.10.10.1 range before, would be nice to know if this is safe to turn off or does it need it on??

Richard Burts · ‎10-16-2011

Stuart

While I expressed an opinion early in this thread that it might be helpful to move the server so that it connected through the switch to the router, I will repeat my following opinion (based on additional information that you provided) that there are multiple parts of your network (including the PCs connected through the switch and the VOIP phones) that are working correctly when connected through the server. If you move the server then these other parts may not work. If it were me I would try first to solve the problem with Internet access from the server before I moved the server and possibly risked impacting connectivity for the rest of the network.

HTH

Rick

HTH

Rick

stuartpeo · ‎10-29-2011

Sorry had a holiday and been extremely busy.

I delved in feet first and moved the router ip so its in the same subnet ( i think thats what we call it) - It now has an IP of 192.168.1.123. I have it plugged straight into the switch and I am back up and running with internet on all client machines.

Although my server still has no net access. I have tried pinging out and still no luck. I have checked my Windows Firewall is disabled and turned off Symantec Endpoint protection.

Any ideas where to go next????