1. No NAT configuration; all internal systems receive DHCP from a separate internal device that is functioning as expected.

2. I'm honestly not sure; I didn't realize there were different protocols to be used? Honestly, I'm just copying the configuration from another of our routers.

3. Below is the pasted running configuration; anything within double-asterisks is a note relevant to this question:

Using 1837 out of 491512 bytes
!
version 12.4
service timestamps debug uptime
service timestamps log datetime localtime show-timezone
service password-encryption
no service dhcp
!
hostname xxxx
!
boot-start-marker
boot-end-marker
!
enable secret 5 xxxx
enable password 7 xxxx
!
no aaa new-model
clock timezone MST -7
clock summer-time MDT recurring
no ip source-route
ip cef
!
!
!
!
no ip domain lookup
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
voice-card 0
 no dspfarm
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0 **OUTSIDE**
 ip address 192.168.10.xxx 255.255.255.0
 duplex auto
 speed auto
 media-type rj45
 no cdp enable
 no mop enabled
!
interface GigabitEthernet0/1 **INSIDE**
 ip address 192.168.100.xxx 255.255.255.0
 ip access-group 101 in
 ip access-group 101 out
 no ip unreachables
 no ip proxy-arp
 no ip mroute-cache
 duplex auto
 speed auto
 media-type rj45
 no cdp enable
!
ip default-gateway xxx.xxx.xxx.xxx **External gateway to the internet**
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0
!
!
ip http server
no ip http secure-server
!
access-list 101 permit ip 192.168.100.0 0.0.0.255 0.0.0.0 255.255.255.0
access-list 101 permit ip 192.168.150.0 0.0.0.255 0.0.0.0 255.255.255.0 **150 is the internal DHCP network**
access-list 101 permit ip any any
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 password 7 xxxx
 login
line aux 0
line vty 0 4
 password 7 xxxx
 login
!
scheduler allocate 20000 1000
ntp clock-period 17180809
ntp server xxx.xxx.xxx.xxx
!
end

Thanks for the update.

The configuration seems perfect on this router as far as static route is used to forward the traffic towards Gi0/0 (outside interface)

To analyse further, could you please provide the below output from the router which is connected to Gi0/0 interface of 3845.

1. show run

2. sh ip route

3. sh run | i router

4. sh ip protocols 

Regards,

Mohit 

>show run
Building configuration...

Current configuration : 3251 bytes
!
! No configuration change since last restart
!
version 12.4
service timestamps debug uptime
service timestamps log datetime localtime
service password-encryption
no service dhcp
!
hostname xxxx
!
boot-start-marker
boot system flash:c2691-adventerprisek9_sna-mz.124-13b.bin
boot-end-marker
!
card type t1 0 1
card type t1 0 2
enable secret 5 xxxx
!
no aaa new-model
clock timezone MST -7
clock summer-time MDT recurring
no network-clock-participate slot 1
no network-clock-participate wic 0
no network-clock-participate wic 1
no network-clock-participate wic 2
no ip source-route
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
username xxxx
!
!
controller T1 0/0
 framing esf
 linecode b8zs
 channel-group 0 timeslots 1-24 speed 64
!
controller T1 0/1
 framing esf
 linecode b8zs
 channel-group 0 timeslots 1-24 speed 64
!
controller T1 0/2
 framing esf
 linecode b8zs
 channel-group 0 timeslots 1-24 speed 64
!
controller T1 0/3
 framing esf
 linecode b8zs
 channel-group 0 timeslots 1-24 speed 64
!
controller T1 0/4
 framing esf
 linecode b8zs
 channel-group 0 timeslots 1-24 speed 64
!
controller T1 0/5
 framing esf
 linecode b8zs
 channel-group 0 timeslots 1-24 speed 64
!
!
!
!
!
!
interface Multilink1 **COMPILED OUTSIDE LINE**
 ip address xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
 no cdp enable
 ppp multilink
 ppp multilink group 1
!
interface FastEthernet0/0 **INSIDE**
 ip address xxx.xxx.xxx.xxx 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 no ip mroute-cache
 duplex auto
 speed auto
 no cdp enable
!
interface Serial0/0:0
 no ip address
 encapsulation ppp
 no fair-queue
 no cdp enable
 ppp multilink
 ppp multilink group 1
!
interface FastEthernet0/1
 no ip address
 duplex auto
 speed auto
!
interface Serial0/1:0
 no ip address
 encapsulation ppp
 no fair-queue
 no cdp enable
 ppp multilink
 ppp multilink group 1
!
interface Serial0/2:0
 no ip address
 encapsulation ppp
 no fair-queue
 no cdp enable
 ppp multilink
 ppp multilink group 1
!
interface Serial0/3:0
 no ip address
 encapsulation ppp
 no fair-queue
 no cdp enable
 ppp multilink
 ppp multilink group 1
!
interface Serial0/4:0
 no ip address
 encapsulation ppp
 no fair-queue
 no cdp enable
 ppp multilink
 ppp multilink group 1
!
interface Serial0/5:0
 no ip address
 encapsulation ppp
 no fair-queue
 no cdp enable
 ppp multilink
 ppp multilink group 1
!
interface Serial1/0
 no ip address
 encapsulation ppp
 no fair-queue
 no cdp enable
 ppp multilink
 ppp multilink group 1
!
interface Serial1/1
 no ip address
 encapsulation ppp
 no fair-queue
 no cdp enable
 ppp multilink
 ppp multilink group 1
!
!
ip route 0.0.0.0 0.0.0.0 Multilink1
!
!
ip http server
no ip http secure-server
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 password 7 xxxx
 login
 length 28
line aux 0
line vty 0 4
 login
!
ntp clock-period 17180358
ntp server xxx.xxx.xxx.xxx
!
end

>sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

     12.0.0.0/8 is variably subnetted, 3 subnets, 3 masks
C       xxx.xxx.xxx.xx3/32 is directly connected, Multilink1
C       xxx.xxx.xxx.xx2/30 is directly connected, Multilink1
C       xxx.xxx.xxx.0/24 is directly connected, FastEthernet0/0
S*   0.0.0.0/0 is directly connected, Multilink1

>sh run | i router

returns nothing

>sh ip protocols

returns nothing

Hi Baphijmm1 ,

Thanks for the update.

It seems that you are not at all running any routing protocol.

Configure the below on our c2691 router.

Conf t

ip route 192.168.100.0 255.255.255.0 Fastethernet 0/0

Aside, can you please provide the topology diagram for how this router i expected to reach the "Outside" world.

If not possible, please let me know the configuration of the router connected to Multilink 1 on 2961 router.

Regards,

Mohit 

As a matter of fact, the 3845 in question can see through the external router and has no trouble reaching, for example, 4.2.2.1; just, anything on its inside cannot see anything on its outside. I don't suspect the external router (which is the unit with the multilink; I don't have access to anything beyond that, as it belongs to the local NOC); I suspect I've missed something in the configuration of the 3845.

The basic topography is thus, a rather basic system:

Internet --(Multilink)-- External router -- Firewall --(Ethernet)-- 3845

Thanks for the updates.

Please go ahead and configure below on the 2961 router.

Conf t

ip route 192.168.100.0 255.255.255.0 Fastethernet 0/0

Also, please check with your NOC if the external router has the route for the network 192.168.100.0/24.

Thanks,

Mohit 

** Please do not forget to rate helpful posts

Still no change.

Allow me to reiterate: Devices *inside* the 3845 router cannot see devices *outside* the 3845 router, but *inside* the 2691. In other words, devices on the immediate other side of the 3845 are not being seen through it. The NOC is 100% uninvolved at this point, as traffic *does not get through the 3845*.

Hello

"As a matter of fact, the 3845 in question can see through the external router and has no trouble reaching, for example, 4.2.2.1; just, anything on its inside cannot see anything on its outside"

try this please:

no ip route 0.0.0.0 0.0.0.0 Multilink1

ip route 0.0.0.0 0.0.0.0 Multilink1 x.x.x.x ( wan next hop ip)

interface Multilink1 **COMPILED OUTSIDE LINE**
ip nat enable

interface FastEthernet0/0 **INSIDE*
ip nat enable

access-list 100 permit x.x.x.x 0.0.0.255 ( internal network ip range)
ip nat source list 100 interface multilink 1 overload

res

Paul

Still not sure you're understanding the issue; if devices on the inside of the 3845 cannot see to the outside of the 3845 (which is *not* the unit with the multilink), how are they supposed to see the router that has the multilink in order to benefit from this config change?

Hello

So the 3845 is on the inside of the 2900 and the hosts are on the inside of this router which cannot access the outside -  correct?

if so I can see a default-gateway AND default-route enabled on that router

If I understand correctly then this 3800 should be acting as a host device not a router - so in this case disable ip routing.
 

Note: the following command will delete the static route

conf t
no ip routing
 

res

Paul

I had high hopes for this, as your explanation made sense; however, no change with that in effect.

Hello

I can see see your set up a bit clearer now from one of your last post

Is the firewall allowing the inside subnet of the 3800 through and does also have a route pointing back towards your inside network?

However maybe sharing the Config of all 3 devcies would help the forum to TS a bit better.

Res

paul

I'm not entirely sure what you're asking here; unfortunately, the firewall is not a Cisco product, so I doubt its configuration would be terribly helpful / understandable.