Solved: Hi,

David H Lee · ‎05-03-2017

Hello Network gurus! I posted similar thing earlier, and I believe I'm almost there to finalize my own project. Issue that I have at the moment is, Router 1 has direct connection with a cable modem, and have no issue accessing internet at the moment from any devices which connected to Router1( include switch, AP, tablets, laptops, and etc), yet, from Router2, I am able to ping any devices which connected to Router 1, (i.e 192.168.0.1 is Router1's address, and anything within that address, I can ping), but I'm not able to go out side of network. More specifically, I'm not able to ping google.com, or any other website from Router2. Eigrp network has been configured, so Router2 can see ISP address. Please let me know what other things are needed to be done at this point.

here is the config of Router1

!
ip dhcp pool DATA
import all
network 192.168.0.0 255.255.255.0
default-router 192.168.0.1
dns-server 4.2.2.2

!
interface Loopback0
ip address 1.1.1.1 255.255.255.0
!
interface FastEthernet0/0
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface Serial0/0/0
description Link to Router2
ip address 10.0.0.1 255.255.255.252
!
!
router eigrp 10
network 0.0.0.0
!
ip forward-protocol nd
ip http server
ip http port 2000
ip http secure-server
ip http path flash:
!
!
ip nat inside source list 101 interface FastEthernet0/0 overload
ip nat inside source static tcp 192.168.0.6 85 interface FastEthernet0/0 85
ip nat inside source static tcp 192.168.0.6 2000 interface FastEthernet0/0 2000
ip nat inside source static tcp 192.168.0.6 8000 interface FastEthernet0/0 8000
ip nat inside source static tcp 192.168.0.6 8001 interface FastEthernet0/0 8001
ip nat inside source static tcp 192.168.0.6 34599 interface FastEthernet0/0 34599
ip nat inside source static tcp 192.168.0.6 34567 interface FastEthernet0/0 34567
ip nat inside source static tcp 192.168.0.6 554 interface FastEthernet0/0 554
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
!
access-list 101 permit ip 192.168.0.0 0.0.0.255 any
!
!
!
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line vty 0 4
login
transport input all
!
scheduler allocate 20000 1000
end

and ip route so far

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

S*    0.0.0.0/0 is directly connected, FastEthernet0/0
      1.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        1.1.1.0/24 is directly connected, Loopback0
L        1.1.1.1/32 is directly connected, Loopback0
      2.0.0.0/32 is subnetted, 1 subnets
D        2.2.2.2 [90/2306560] via 10.0.0.2, 1d10h, Serial0/0/0
      10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        10.0.0.0/30 is directly connected, Serial0/0/0
L        10.0.0.1/32 is directly connected, Serial0/0/0
     ISP address is variably subnetted, 2 subnets, 2 masks
C        ISP address is directly connected, FastEthernet0/0
L        ISP address is directly connected, FastEthernet0/0
      167.206.0.0/32 is subnetted, 1 subnets
S        167.206.195.52 [254/0] via 68.193.128.1, FastEthernet0/0
D     192.168.0.0/16 [90/2181120] via 10.0.0.2, 1d10h, Serial0/0/0
      192.168.0.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.0.0/24 is directly connected, FastEthernet0/1
L        192.168.0.1/32 is directly connected, FastEthernet0/1
D     192.168.10.0/24 [90/2690560] via 10.0.0.2, 1d10h, Serial0/0/0

then, finally, Router2 config:

ip dhcp excluded-address 192.168.10.1 192.168.10.3
!
ip dhcp pool LOCAL1
import all
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
dns-server 4.2.2.2

!
interface Loopback2
ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet0/0
ip address 192.168.10.1 255.255.0.0
ip access-group 101 out
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0/0
description to Router1
ip address 10.0.0.2 255.255.255.252
ip access-group 101 out
ip nat outside
ip virtual-reassembly in
!
!
router eigrp 10
network 0.0.0.0
!
ip forward-protocol nd
ip http server
ip http port 2000
ip http secure-server
!
!
ip nat inside source list 101 interface Serial0/0/0 overload
ip route 0.0.0.0 0.0.0.0 Serial0/0/0
ip route 192.168.10.0 255.255.255.0 Serial0/0/0
!
access-list 101 permit ip 192.168.10.0 0.0.0.255 any
!
!

Any help will be
!
interface Loopback2
ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet0/0
ip address 192.168.10.1 255.255.0.0
ip access-group 101 out
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0/0
description to Router1
ip address 10.0.0.2 255.255.255.252
ip access-group 101 out
ip nat outside
ip virtual-reassembly in
!
!
router eigrp 10
network 0.0.0.0
!
ip forward-protocol nd
ip http server
ip http port 2000
ip http secure-server
!
!
ip nat inside source list 101 interface Serial0/0/0 overload
ip route 0.0.0.0 0.0.0.0 Serial0/0/0
ip route 192.168.10.0 255.255.255.0 Serial0/0/0
!
access-list 101 permit ip 192.168.10.0 0.0.0.255 any
!
!
!

Finally, this is what the router2 says when I try to ping google.com:

CiscoRouter2#ping google.com
Translating "google.com"...domain server (255.255.255.255)
% Unrecognized host or address, or protocol not running.

Any help or advice will would be greatly appreciated! thank you!

Support07 · ‎05-05-2017

Hi,

Try to ping 8.8.8.8 source s0/0/0 , from router 2 it should works.

did you try from a device connected to router 2 to reach internet ?

View solution in original post

Georg Pauwen · ‎05-05-2017

Hello,

can you ping 4.2.2.2 from your clients ? If that works, the problem is DNS resolution. Your clients get DNS server 4.2.2.2 assigned from the local DHCP pool, make sure that is in their IP configuration.

View solution in original post

cofee · ‎05-03-2017

How is router 2 supposed to resolve Google.com? It doesn't have Dns server configured.

David H Lee · ‎05-03-2017

on Router2, DHCP pool is LOCAL1 and DNS server is 4.2.2.2

do you mean I should set DNS server differently? I.e 8.8.8.8 ?

thank you for you help.

Georg Pauwen · ‎05-03-2017

Hello,

I think you posted this before. Either way, you don't need any NAT configuration on router 2. Since you are using EIGRP, you also do not need any static routes, other than the default route on Router 1 pointing to the Internet. Also, on Router 2, interface FastEthernet0/0, you have a /16 subnet mask configured, while you need to cnfigure a /24 mask.

Here is what the configuration would look like:

Router1

ip dhcp pool DATA
import all
network 192.168.0.0 255.255.255.0
default-router 192.168.0.1
dns-server 4.2.2.2
!
interface Loopback0
ip address 1.1.1.1 255.255.255.0
!
interface FastEthernet0/0
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface Serial0/0/0
description Link to Router2
ip nat inside
ip address 10.0.0.1 255.255.255.252
!
router eigrp 10
network 0.0.0.0
!
ip forward-protocol nd
ip http server
ip http port 2000
ip http secure-server
ip http path flash:
!
ip nat inside source list 101 interface FastEthernet0/0 overload
ip nat inside source static tcp 192.168.0.6 85 interface FastEthernet0/0 85
ip nat inside source static tcp 192.168.0.6 2000 interface FastEthernet0/0 2000
ip nat inside source static tcp 192.168.0.6 8000 interface FastEthernet0/0 8000
ip nat inside source static tcp 192.168.0.6 8001 interface FastEthernet0/0 8001
ip nat inside source static tcp 192.168.0.6 34599 interface FastEthernet0/0 34599
ip nat inside source static tcp 192.168.0.6 34567 interface FastEthernet0/0 34567
ip nat inside source static tcp 192.168.0.6 554 interface FastEthernet0/0 554
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
!
access-list 101 permit ip 192.168.0.0 0.0.255.255 any
access-list 101 permit ip 10.0.0.0 0.0.0.3 any
!
control-plane
!
line con 0
line aux 0
line vty 0 4
login
transport input all
!
scheduler allocate 20000 1000
end

Router2

ip dhcp excluded-address 192.168.10.1 192.168.10.3
!
ip dhcp pool LOCAL1
import all
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
dns-server 4.2.2.2
!
interface Loopback2
ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet0/0
ip address 192.168.10.1 255.255.255.0
ip access-group 101 out
ip virtual-reassembly in
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0/0
description to Router1
ip address 10.0.0.2 255.255.255.252
ip access-group 101 out
ip virtual-reassembly in
!
router eigrp 10
network 0.0.0.0
!
ip forward-protocol nd
ip http server
ip http port 2000
ip http secure-server

David H Lee · ‎05-04-2017

yes, I did, but I didn't get any respond from any one after few times. Btw, I did try your configuration, but I just can't get to the internet. I'm starting to wonder if I have to get separate feed from cable modem now. thank you for your help though.

Georg Pauwen · ‎05-04-2017

Hello,

from the second router, what is the result of a traceroute to 8.8.8.4 ?

David H Lee · ‎05-05-2017

it seems protocol doesn't go out after certain point when I traceroute 8.8.8.4 whereas, traceroute 8.8.8.8 doesn't have any issue at all. any clue you can think of?

Georg Pauwen · ‎05-05-2017

Hello,

try 8.8.4.4, I think Google changed the address. Either way, if you can ping 8.8.8.8, that means you have Internet connectivity from Router 2.

Try and configure this address as your name server on both routers:

Router(config)#ip name-server 8.8.8.8

David H Lee · ‎05-05-2017

I added that on my configuration, and now I can ping outside network. The only issue left is, I can't use web browser.

Georg Pauwen · ‎05-05-2017

Hello,

can you ping 4.2.2.2 from your clients ? If that works, the problem is DNS resolution. Your clients get DNS server 4.2.2.2 assigned from the local DHCP pool, make sure that is in their IP configuration.

David H Lee · ‎05-06-2017

yes, I can ping as well as traceroute 4.2.2.2 what might be the better solution from here? I really appreciate your help. seems like I'm almost there.

Georg Pauwen · ‎05-06-2017

Hello,

to summarize: the only problem left is that your clients cannot access the Internet with a browser using domain names such as www.google.com ?

Are those Windows clients ? What is the output of 'ipconfig all'' ?

David H Lee · ‎05-07-2017

you are absolutely spot on that. I'll have to get back to you about the result of "ipconfig /all" tomorrow. thank you once again.

David H Lee · ‎05-10-2017

ok, I solved the issue. it was because of access-list. Thank you so much for you help!!!

Support07 · ‎05-05-2017

Hi,

Try to ping 8.8.8.8 source s0/0/0 , from router 2 it should works.

did you try from a device connected to router 2 to reach internet ?

Can't access internet from the second router. Help!