Unable to ping DNS

Unanswered Question
Nov 29th, 2007


I am facing problem with 2821 router where if i login to the console able to ping DNS and gateway but unable to ping the dns as well access internet from host located on network i have attached the config for ref

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jon Marshall Fri, 11/30/2007 - 00:33


You need to NAT your internal addresses to a public IP address as they are not routable across the Internet.

Easiest solution is to use the public IP address attached to your gi0/0 interface eg.

int g0/0

ip nat outside

int gi0/1

ip nat inside

access-list 101 permit ip any any

ip nat inside source list 101 interface gi0/0 overload

This will Nat all your 10.43.x.x addresses to



prakashkamte Fri, 11/30/2007 - 02:59

Hi jon,

it works but what if i don't want to nat at the router and will have to do at the firewall

say for i assign a public ip for outside interface of router and at firewall how will the router be configured

Jon Marshall Fri, 11/30/2007 - 03:12

It's a little unclear what your topology is. If your firewall is closer to the Internet than the router then yes you can get the firewall to do the Natting but your firewall would need a public IP on it's outside interface ie.

10.43.x.x (Router) -> firewall (public IP needed)

if this is your topology you could just readdress the link between the outside interface of your router and the inside interface of your firewall and then use the subnet for the outside of the firewall.

Could you confirm exactly what you want to do ?


prakashkamte Fri, 11/30/2007 - 03:57

Hi jon,

i am using cisco 2821 as perimeter router just for getting terminate the lease link from the router to firwall which means routers inside interface to untrust int of the fire wall the trust int of firewall is connected to private network can i configure the firewall to do natting and configure the firewall untrust and router inside with public add if that is the case i will not be using

ip nat inside

ip nat outside

on the router so how will router be configured when i remove nat overload ,ip nat inside ,ip nat outside and try to ping from the host connected to private network it fails

Jon Marshall Fri, 11/30/2007 - 07:21

Okay so you will readdress gi0/1 of 2821 router to have address of and get rid of the "ip nat inside" and "ip nat outside" statements.

Add NAT statements to the firewall and it should all work. Am i missing the point of your question.


prakashkamte Tue, 12/04/2007 - 06:33

hi jon,

Back after a long weekend as discussed i removed ip nat inside,outside command and did natting at the firwall but from my core switch i am able to ping the router outside interface but not the gateway i,e, but i am able to do it at the console of the router i have attcahed the config please go through



Jon Marshall Tue, 12/04/2007 - 07:27

Hi Prakash

So what is the IP address of the outside interface of the firewall ? Presumably it is a public IP address ?

If you are not getting a response from the gateway it sounds like there is no route on that router for the subnet used for the outside interface of your pix.

So you can either

1) revert back to NAT on the router


2) Talk to your ISP, assuming it is your ISP who owns this router and get them to add the route


3) Connect the ISP router directly into your firewall and take the 2800 router out of the equation which is more of a standard setup.



prakashkamte Wed, 12/05/2007 - 04:33

Hi Jon,

I think you are not getting my point i have attached a network diagram as well as config of my 2nd router i have 2 different isp which is connected to 2 different routers currently i am concerned about my 2 nd router i have configured the core switch and firewall i do nating at the firewall i am able to ping from host A to router

but not to public DNS OR according to isp he says i have problem with router config but every thing seems to be okay

if i do natting at router it works if i nat it at firewall and remove natting at router it does not work

At both router and firewall i am using public ip please go through the config and diagram and revert.



Jon Marshall Wed, 12/05/2007 - 04:47


"I think you are not getting my point" - wouldn't be the first time, i can be a bit slow sometimes :)

Can you send diagram as it doesn't seem to be attached



This Discussion