cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1876
Views
0
Helpful
10
Replies

Suggestions to sort out IOS 12.2 outside NAT?

Chris Simon
Level 1
Level 1

 

Any suggestions of what to try to fix the outside for this 831? Here's the setup. It's connecting to another internal router which runs through the building's infrastructure to a faceplate in a computer lab. Testing the inside setup with Ubuntu desktop, I was able to get assigned to the 10.0.0.0 network. However, ping has no route to the internet. 

What's stopping this from getting outside?

Here's the current running-config:

version 12.2                                                                    
no service pad                                                                  
service timestamps debug datetime msec                                          
service timestamps log datetime msec                                            
no service password-encryption                                                  
!                                                                               
hostname drizzledrazzle                                                         
!                                                                               
logging queue-limit 100                                                         
!
enable secret 5 [password]                                  
enable password [password]                                                        
!                                                                               
ip subnet-zero                                                                  
no ip routing                                                                   
!                                                                               
ip dhcp pool DHCP                                                               
   import all                                                                   
   network 10.0.0.0 255.255.255.0                                               
   default-router 10.0.0.1                                                      
   lease infinite   
!                                                                               
!                                                                               
ip audit notify log                                                             
ip audit po max-events 100                                                      
no ftp-server write-enable                                                      
!                                                                               
!                                                                               
!                                                                               
!                                                                               
!                                                                               
!                                                                               
!                                                                               
interface Ethernet0                                                             
 description Internal LAN                                                       
 ip address 10.0.0.1 255.255.255.0                                              
 ip nat inside                                                                  
 no ip route-cache                                                              
 no ip mroute-cache                                                             
 no cdp enable                                                                  
 hold-queue 100 out                                                             
!                                                                               
interface Ethernet1
 description Internet                                                           
 ip address dhcp                                                                
 ip nat outside                                                                 
 no ip route-cache                                                              
 no ip mroute-cache                                                             
 no shutdown                                                                       
 duplex auto                                                                    
 no cdp enable                                                                  
!                                                                               
ip nat inside source list 100 interface Ethernet1 overload                      
ip classless                                                                    
ip http server                                                                  
no ip http secure-server                                                        
!                                                                               
access-list 100 permit ip any any                                               
!                                                                               
line con 0                                                                      
 exec-timeout 0 0                                                               
 no modem enable                                                                
 stopbits 1          
 description Internet                                                           
 ip address dhcp                                                                
 ip nat outside                                                                 
 no ip route-cache                                                              
 no ip mroute-cache                                                             
 shutdown                                                                       
 duplex auto                                                                    
 no cdp enable                                                                  
!                                                                               
ip nat inside source list 100 interface Ethernet1 overload                      
ip classless                                                                    
ip http server                                                                  
no ip http secure-server                                                        
!                                                                               
access-list 100 permit ip any any                                               
!                                                                               
line con 0                                                                      
 exec-timeout 0 0                                                               
 no modem enable                                                                
 stopbits 1          
line vty 0 4                                                                    
 password [password]                                                            
 login                                                                          
!                                                                               
scheduler max-task-time 5000                                                    
!                                                                               
end  


2 Accepted Solutions

Accepted Solutions

Jon Marshall
Hall of Fame
Hall of Fame

Chris

Couple of things to check/change -

1) do you have a default route ie. are you getting it via DHCP.

If you do a "sh ip ro" do you see a default route ?

2) can you change your NAT acl to -

access-list 100 permit ip 10.0.0.0 0.0.0.255 any

Jon

View solution in original post

Chris

Your router has ip routing disabled.

You need to enable it ie. -

"ip routing"

and then you need to check whether you have a default route in the IP routing table.

Edit - sorry, I should have spotted that before :-)

Jon

View solution in original post

10 Replies 10

Jon Marshall
Hall of Fame
Hall of Fame

Chris

Couple of things to check/change -

1) do you have a default route ie. are you getting it via DHCP.

If you do a "sh ip ro" do you see a default route ?

2) can you change your NAT acl to -

access-list 100 permit ip 10.0.0.0 0.0.0.255 any

Jon

I changed #2 to no effect. Here's the output for #1,

#sh ip ro                                                         
Default gateway is not set                                                      
                                                                                
Host               Gateway           Last Use    Total Uses  Interface          
ICMP redirect cache is empty 

Looking how to solve this...

Chris

Your router has ip routing disabled.

You need to enable it ie. -

"ip routing"

and then you need to check whether you have a default route in the IP routing table.

Edit - sorry, I should have spotted that before :-)

Jon

Here's another example config from a tutorial site for an 806 behind another router. [1] This is similar to my configuration.

Does it matter that my internal ip is 10.0.0.0 and the external ip from the current network is 10.0.0.0 as well? Should I change this to 192.168.0.0 or 10.10.10.0? Is this a possible conflict?

Fact is the router is getting DHCP from the external network and my internal NAT is assigning IPs, but they're just not connecting. 

From the 806 example, there is this line:

ip route 0.0.0.0 0.0.0.0 66.108.112.1

!--- IP address 66.108.112.1 is the next hop IP address, also called 
!--- the default gateway. Your Internet service provider (ISP) can tell you what IP address to 
!--- configure as the next hop address.

I've replaced with this, simply because the external, which I receive at Ethernet1 is dhcp, and I don't know what it's going to be.

ip route 0.0.0.0 0.0.0.0 Ethernet1

What am I missing here?

 

1: http://www.cisco.com/c/en/us/support/docs/broadband-cable/cable-modems/19268-router-behind-cm-19268.html

Chris

Apologies for this, I missed your post a while back.

Can you post your full configuration at the moment together with a "sh ip route".

What exactly do you mean by packet loss ie. what symptoms are you seeing ?

Jon

No worries. It's a free country. haha.

Here's my current running config

version 12.2
no parser cache
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname drizzledrazzle
!
logging queue-limit 100
no logging console
enable secret 5 $1$/7YO$wqJvklE9jh9fuaa.r2HEN1
enable password [password]
!
ip subnet-zero
!
ip dhcp pool CLIENT
   import all
   network 10.10.10.0 255.255.255.0
   default-router 10.10.10.1 
!         
!
ip audit notify log
ip audit po max-events 100
no ftp-server write-enable
!
interface Ethernet0
 description Internal LAN
 ip address 10.10.10.1 255.255.255.0
 ip nat inside
 no ip route-cache
 no ip mroute-cache
 no cdp enable
 hold-queue 100 out
!
interface Ethernet1
 description Internet
 ip address dhcp
 ip nat outside
 no ip route-cache
 no ip mroute-cache
 duplex auto
 no cdp enable
!
ip nat inside source list 102 interface Ethernet1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Ethernet1
ip http server
no ip http secure-server
!
access-list 102 permit ip 10.10.10.0 0.0.0.255 any
no cdp run
!
line con 0
 exec-timeout 0 0
 no modem enable
 stopbits 1
line aux 0
 stopbits 1
line vty 0 4
 password [password]
 login local
 length 0
!
scheduler max-task-time 5000
!
end

Route

drizzledrazzle#show ip ro
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default, U - per-user static route, o - ODR
       P - periodic downloaded static route
                                                                                
Gateway of last resort is not set                                               
                                                                                
     10.0.0.0/24 is subnetted, 1 subnets                                        
C       10.10.10.0 is directly connected, Ethernet0   

And here's one more thing showing the ip assigned to the router, which shows up at restart:

Translating "eneiiiiee"...domain server (10.0.20.10) (10.0.1.16)
% Unknown command or computer name, or unable to find computer address

 

I don't think I can describe it any better without more information. It appears to me the router gets an ip from the external network (LAN) and my computer connected to the router gets an ip from the internal network. But I still get no route to Host with a ping.

 

---

EDIT

Here's a post from supportforums.cisco.com [1] describing a default route through dhcp with dhcp as the last argument of `ip route`

drizzledrazzle#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
drizzledrazzle(config)#ip route 0.0.0.0 0.0.0.0 dhcp
                                                 ^
% Invalid input detected at '^' marker.

 

---

[1]: https://supportforums.cisco.com/discussion/10301531/default-route-through-dhcp-interface

[2]: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_esyvpn/configuration/12-4t/sec-easy-vpn-12-4t-book/sec-easy-vpn-rem.html

[3]: http://www.cisco.com/c/en/us/support/docs/broadband-cable/cable-modems/19268-router-behind-cm-19268.html

Chris

Is your outside interface up/up because if it was your routing table should show the static route you have in the configuration but it isn't.

What does a "sh ip int brief" show ?

Jon

This is frustrating. I can find detailed instructions for something like the 806 router [1], but this doesn't workout on the 831 router. Previously, when I've asked for assistance on this unit (before I bought an 871W and gave up for my personal use) one thing was people were giving me commands which didn't apply to this unit--no wonder I got it for $15 on ebay ! But this darn thing worked once. 

drizzledrazzle#show ip int brief
Interface         IP-Address      OK? Method Status       Protocol
Ethernet0         10.10.10.1      YES NVRAM  up           up      
Ethernet1         10.0.20.105     YES DHCP   up           up    

[1]: http://www.cisco.com/c/en/us/support/docs/broadband-cable/cable-modems/19268-router-behind-cm-19268.html

 

---MOVED REPLY UP--

Helo,

I'm still really interested in solving this problem. Anyone able to help?

 

PS> Sorry about the "correct answer" thing, I accidentally clicked this and then tried to click it off. This ended up giving me three incorrect "correct answers"! 

Review Cisco Networking for a $25 gift card