07-04-2007 01:05 PM - edited 03-03-2019 05:43 PM
Hi all,
i have an 2600 which a want to use for internet access. I'm so far that i can ping everything from the router it's self but behind my lan i'm not able. The only thing i can ping from my lan is the other network in my lan, my lan default gateway and the ip address my wan interface gets from dhcp.
When i want to ping my wan gateway, mine lan gateway shows up with the notification that the host is unreachable
below is my config:
======================
NL-RDAM-NRD#sh run
Building configuration...
Current configuration : 979 bytes
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname NL-RDAM-NRD
!
logging queue-limit 100
enable secret xxx
!
ip subnet-zero
!
!
ip name-server 62.xxx.xxx.xxx
!
!
!
!
!
interface FastEthernet0/0
description ***** INTERFACE TO INTERNET *****
ip address dhcp
ip nat outside
duplex auto
speed auto
!
interface Serial0/0
no ip address
shutdown
no fair-queue
!
interface FastEthernet0/1
description ***** INTERFACE TO LAN NETWORK *****
ip address 192.168.2.1 255.255.255.0
ip access-group 1 out
ip nat inside
duplex auto
speed auto
!
ip nat inside source list 1 interface FastEthernet0/0 overload
no ip http server
ip classless
ip route 0.0.0.0 0.0.x.x.83.77.1
!
!
!
access-list 1 permit 192.168.2.0 0.0.0.255
access-list 101 permit icmp any any
!
line con 0
exec-timeout 0 0
password xxx
logging synchronous
login
line aux 0
line vty 0 4
password xxx
login
!
!
end
this is a debug ip packet output
================================
NL-RDAM-NRD#debug ip pack
IP packet debugging is on
NL-RDAM-NRD#
*Mar 1 01:16:16.243: IP: s=10.8.128.1 (FastEthernet0/0), d=255.255.255.255, len
372, rcvd 2
*Mar 1 01:16:16.379: IP: s=10.8.128.1 (FastEthernet0/0), d=255.255.255.255, len
348, rcvd 2
*Mar 1 01:16:16.383: IP: s=10.8.128.1 (FastEthernet0/0), d=255.255.255.255, len
348, rcvd 2
*Mar 1 01:16:16.515: IP: s=10.8.128.1 (FastEthernet0/0), d=255.255.255.255, len
348, rcvd 2
NL-RDAM-NRD#
*Mar 1 01:16:18.327: IP: s=10.8.128.1 (FastEthernet0/0), d=255.255.255.255, len
372, rcvd 2
*Mar 1 01:16:18.879: IP: tableid=0, s=192.168.2.5 (FastEthernet0/1), d=212.83.7
7.1 (FastEthernet0/0), routed via RIB
*Mar 1 01:16:18.879: IP: s=212.83.77.198 (FastEthernet0/1), d=212.83.77.1 (Fast
Ethernet0/0), g=212.83.77.1, len 60, forward
*Mar 1 01:16:18.887: IP: tableid=0, s=212.83.77.1 (FastEthernet0/0), d=192.168.
2.5 (FastEthernet0/1), routed via RIB
*Mar 1 01:16:18.887: IP: s=212.83.77.1 (FastEthernet0/0), d=192.168.2.5 (FastEt
hernet0/1), len 60, access denied
*Mar 1 01:16:18.887: IP: tableid=0, s=212.83.77.198 (local), d=212.83.77.1 (Fas
tEthernet0/0), routed via RIB
NL-RDAM-NRD#
*Mar 1 01:16:18.887: IP: s=212.83.77.198 (local), d=212.83.77.1 (FastEthernet0/
0), len 56, sending
i've been troubleshooting for three days and i'm stuck..any help would be appreciated
bye Flash....
07-04-2007 01:21 PM
Hi,
Please remove "ip access-group" from fa0/1.
Hope this helps, please rate post if it does!
07-04-2007 01:51 PM
If i remove the ip access group command then the access-list is not valid. How would i specify an allowed network then...Impleting nat requires an access-list which need to bound to an interface in/out.
thx for the advice but i don't think this will help
bye flash...
07-04-2007 02:11 PM
flash,
The ACL 1, on this case, is being used for the NAT source list. You don't need the access-group 1 out under the interface. Please, do as instructed since you are currently blocking any network but the 192.168.2.0/24 network from returning traffic via that interface.
07-04-2007 02:30 PM
oke guy's thx for the advice i will give it a try tomorrow cause it's 00:28 am over here and i'm going to bed cause the clock will zooming quickly..lol... ill let u guy's if it solves it.
bye flash...
07-04-2007 04:05 PM
Hi flashsplash,
In a friendly manner, I must tell you that you are assuming too many things for a novice. Please listen to those that have experience, it's always a good thing in life. Then, in your own place, try on your own the things they told you, but listen first :)
Edison summarized perfectly your configuration problem. Good night and have fun with your working nat tomorrow :)
07-05-2007 01:25 AM
Hi P.bevilacqua,
i must say u hit the needle at its top.
I'm a bit stubborn and i know its my weakness. Your totally in ur right cause i had to test it before i made my comment, and not to forget that i came here because i can't solve it myself. So bevilacuqa i own u an excuse...
bye flash
07-05-2007 01:37 AM
No need to apologize. Happy to have helped and good luck!
Please remember to rate useful posts using the scrollbox below!
07-05-2007 08:09 AM
Just a curious question on the configuration for the default route, for discussion.
ip route 0.0.0.0 0.0.0.0 212.83.77.1
Since the WAN interface is DHCP. Will this still work if the IP is dynamically changed?
If NO, what would be a good suggestion?
Feel free to discuss.
Cheers!
07-05-2007 08:20 AM
Hi,
well the thing is that when the router gets an IP address via DHCP, no static default route is necessary to configure, as one will be installed automatically.
07-05-2007 10:11 AM
hi bevilacqua
ur adviced indeed solved my problem. So thank u very much. I wanna rate this discuss bute where's the rate option cause u notice the scrollbox below but i don't c it...
bye flash
07-06-2007 09:19 AM
a better solution would be:
"ip route 0.0.0.0 0.0.0.0 dhcp"
This will install a default route based on the gateway recieved from the DHCP server.
07-06-2007 12:00 PM
Actually this command is necessary only if you want change the default metric for a DHCP route.
Without command, DHCP route is installed by default with metric 0.
07-06-2007 12:19 PM
Thanks! I didn't realize IOS automatically installed dhcp routes.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide