Re: Unable to access internet

stevechatarpal1 · ‎02-25-2014

OKay.....so I'm confused here....I'm sure it's simple, but I'm baffled. Everything is always simple....only if you know it however....

Please help me! Let me know if I need to provide anymore information which may assist.

Below are my troubleshooting steps and my configuration on a cisco 2611 router connected to a DD-WRT Router attached to my cable modem. The DD-WRT home router has 192.168.1.0/24. All devices can ping each other from the 192.168.1.0/24 and the 192.168.5.0/24 subnets. The 192.168.5.0/24 subnet can't access http when using the browser, RDP also works between the 192.168.1.0/24 and the 192.168.5.0/24 subnets. The configurations are good on the SG200 switch.

Cable Modem --->DD-WRT home router--->Cisco 2600--->SG200---->Laptop

RESULTS FROM LAPTOP

C:\>nslookup www.google.com

DNS request timed out.

timeout was 2 seconds.

Server: UnKnown

Address: 167.206.245.129

DNS request timed out.

timeout was 2 seconds.

DNS request timed out.

timeout was 2 seconds.

C:\>ping www.google.com

Pinging www.google.com [74.125.228.49] with 32 bytes of data:

Request timed out.

Ping statistics for 74.125.228.49:

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

ROUTER TRACEROUTE

supnet-lab-1#traceroute 8.8.8.8

Type escape sequence to abort.

Tracing the route to google-public-dns-a.google.com (8.8.8.8)

1 192.168.1.1 0 msec 0 msec 0 msec

2 10.240.168.37 8 msec 12 msec 16 msec

3 67.59.226.181 12 msec 8 msec 12 msec

4 rtr3-ge1-3.mhe.prnynj.cv.net (67.83.255.5) 12 msec 12 msec

ool-4353ff0d.dyn.optonline.net (67.83.255.13) 16 msec

5 65.19.119.205 [MPLS: Label 18019 Exp 0] 16 msec 16 msec

64.15.7.37 [MPLS: Label 18019 Exp 0] 16 msec

6 451be0c6.cst.lightpath.net (65.19.120.198) 16 msec

451be0d2.cst.lightpath.net (65.19.120.210) 16 msec

451be0c6.cst.lightpath.net (65.19.120.198) 16 msec

7 74.125.51.221 12 msec *

72.14.211.53 12 msec

8 72.14.239.248 20 msec

72.14.239.46 16 msec

72.14.239.248 12 msec

9 72.14.236.208 [MPLS: Label 314510 Exp 4] 16 msec 20 msec

72.14.236.206 [MPLS: Label 735113 Exp 4] 16 msec

10 72.14.239.93 [MPLS: Label 720883 Exp 4] 20 msec 20 msec 20 msec

11 66.249.95.229 [MPLS: Label 609612 Exp 4] 28 msec

72.14.235.10 [MPLS: Label 478780 Exp 4] 28 msec

66.249.95.229 [MPLS: Label 609612 Exp 4] 32 msec

12 72.14.234.55 28 msec

72.14.234.65 28 msec

72.14.234.53 28 msec

13 * * *

14 google-public-dns-a.google.com (8.8.8.8) 24 msec 24 msec 28 msec

ROUTER PING

supnet-lab-1#ping www.google.com

Translating "www.google.com"...domain server (167.206.245.129) [OK]

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 173.194.43.50, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 16/16/16 ms

CISCO 2611 ROUTER CONFIGS

Building configuration...

Current configuration : 3121 bytes

!

version 12.2

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname supnet-lab-1

!

no logging console

enable secret 5 $1$bpC

!

username user privilege 15 password 0 password

no ip subnet-zero

!

ip name-server 167.206.245.129

ip name-server 167.206.245.130

!

call rsvp-sync

!

interface Ethernet0/0

description Outside_Conn_to_DD_WRT_Gateway

ip address 192.168.1.149 255.255.255.0

no ip route-cache

no ip mroute-cache

full-duplex

no cdp enable

!

interface Serial0/0

no ip address

shutdown

!

interface Ethernet0/1

description Inside_Conn_to_SG200_Switch

ip address 192.168.2.2 255.255.255.0

ip nat inside

no ip route-cache

no ip mroute-cache

full-duplex

no cdp enable

!

interface Ethernet0/1.2

description Inside_Conn_Vlan

encapsulation dot1Q 2

no ip route-cache

no ip mroute-cache

!

interface Ethernet0/1.5

encapsulation dot1Q 5

ip address 192.168.5.1 255.255.255.0

no ip route-cache

no ip mroute-cache

!

interface Ethernet0/1.100

description Management_Vlan

encapsulation dot1Q 100

ip address 192.168.100.1 255.255.255.0

no ip route-cache

no ip mroute-cache

!

interface Ethernet0/1.110

description Servers

encapsulation dot1Q 110

ip address 192.168.110.1 255.255.255.0

no ip route-cache

no ip mroute-cache

!

interface Ethernet0/1.120

description NAS

encapsulation dot1Q 120

ip address 192.168.120.1 255.255.255.0

no ip route-cache

no ip mroute-cache

!

interface Ethernet0/1.130

description ESX_VMotion

encapsulation dot1Q 130

ip address 192.168.130.1 255.255.255.0

no ip route-cache

no ip mroute-cache

!

interface Ethernet0/1.140

description ESX_FT

encapsulation dot1Q 140

ip address 192.168.140.1 255.255.255.0

no ip route-cache

no ip mroute-cache

!

interface Ethernet0/1.150

description Guest_Internet_Only

encapsulation dot1Q 150

ip address 192.168.150.1 255.255.255.0

no ip route-cache

no ip mroute-cache

!

interface Ethernet0/1.160

description View_Desktops

encapsulation dot1Q 160

ip address 192.168.160.1 255.255.255.0

no ip route-cache

no ip mroute-cache

!

interface Ethernet0/1.170

description Load_Balanced_Network

encapsulation dot1Q 170

ip address 192.168.170.1 255.255.255.0

no ip route-cache

no ip mroute-cache

!

interface Ethernet0/1.180

description vCloud_Internal_Routable_Network

encapsulation dot1Q 180

ip address 192.168.180.1 255.255.255.0

no ip route-cache

no ip mroute-cache

!

interface Ethernet0/1.200

description DMZ

encapsulation dot1Q 200

ip address 192.168.200.1 255.255.255.0

no ip route-cache

no ip mroute-cache

!

interface Serial0/1

no ip address

shutdown

!

ip nat inside source list 102 interface Ethernet0/0 overload

ip classless

ip route 0.0.0.0 0.0.0.0 192.168.1.1

ip http server

!

access-list 102 permit ip 192.168.2.0 0.0.0.255 any

access-list 105 permit ip 192.168.5.0 0.0.0.255 any

!

voice-port 1/0/0

!

voice-port 1/0/1

!

voice-port 1/1/0

!

voice-port 1/1/1

!

dial-peer cor custom

!

line con 0

password password

login

line aux 0

line vty 0 3

password password

login

line vty 4

password password

login

!

Thanks,

Steve

John Blakley · ‎02-25-2014

Steve,

The Linksys isn't supporting your other vlans or natting for them. I can't help you with that, but I can tell you that you can configure nat on the 2600 and nat out all of your subnets on the 2611 to the wan interface of the 2611 that the Linksys knows about.

For testing, try this: (Using vlan 5 for testing)

int e0/0

ip nat out

int e0/1.5

ip nat inside

access-list 100 permit ip 192.168.5.0 0.0.0.255 any

ip nat inside source list 100 interface e0/0 overload

If this works, you'll want to configure "ip nat inside" on all of your subinterfaces that you want internet access for.

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

sharonccie · ‎02-25-2014

Disable NAT from the DDWAT router, make your router as a Bridge. in 2611 configure ur public ip to e0/0 and do PAT via folloing commands.

!

--------------------------------------------------------------------------------

DDWAT router

--------------------------------------------------------------------------------

Disable NAT from the DDWAT router, make your router as a Bridge

!

-------------------------------------------------------------------

2611

-------------------------------------------------------------------

nt e0/0

ip nat out

!

int e0/1.5

ip nat inside

!

access-list 100 permit ip 192.168.0.0 0.0.0.255 any

ip nat inside source list 100 interface e0/0 overload

!

ip route 0.0.0.0 0.0.0.0 e0/0

or

ip route 0.0.0.0 0.0.0.0 not ur public ip

!

it willl work.

thanks!

stevechatarpal1 · ‎02-26-2014

Hello John,

Thanks for all your assistance and knowledge sharing! I implemented what you noted and the laptop behind the SG200 was able to resolve dns and get to the internet with one exception currently...the NAT-ing....

I was not able to connect to the laptop via RDP (or ping it) after issuing "ip nat out" on interface e0/0 (connection to DD_WRT Router), however the command got me out to the internet. There seems to be a conflict due to the NAT-ing. The "ip nat out" command also made it not possible to ping from the 192.168.1.0/24 to the 192.168.5.0/24 subnets, but I was able to ping from the laptop on 192.168.5.0/24 to 192.168.1.0/24.

So far vlan 5 can access the internet, the second part is to get vlan 5 (192.168.5.0/24) to be accessible from 192.168.1.0/24. Vlan 5 can be accessible if I remove the "ip nat out" but the the laptop on Vlan5 would not be able to access the internet....

Thanks,

Steve