Internet routing on 851/w & 3550

Answered Question
Jan 24th, 2010
User Badges:

Hello you all,


Iam kinda new in the field although i really like to play around with all sorts of hardware. My setup contains a dell 2900 server with ESX4 and enough resources and offcourse some cisco equipment.


My problem is as follows,


I have set up my 851/w which as you can see in the picture is directly connected with the internet. Is give's ip addresses to any client who connects on the router. So i thought let's put in a switch and connect some virtual server and you know, it works! The servers get an ip address in the same range as the client pc. Nothing funny so far but the problem arises when i put all the server in seperate VLANs i can't seem to get internet form the server side. I know the switch is capable of routing and it does route, because on the 851 i can ping the each server and vice versa. Also when i connect a pc to any other port on the switch is just give's a ip address with internet access.


Needles to say that i configured static route for each network in which a server reside on the 851 router so that is why the pings work.


What am i missing and how do i fix it,


Kind Gegards,


Henk Velthoven


The picture show the actual setup with ip addresses except the wan side because that is dynamic, also the config from both router and switch are included as attachments (some line's are omitted for brevity, hmm i have read that before ).


Problem.jpg

Correct Answer by Jon Marshall about 7 years 2 months ago

velthovenh wrote:


Hey Jon,


Thanks for helping me out, much appreciated.


Ik took my laptop and hooked it up to Fa0/11 on the switch and configured it with the same ip address as server 10.55.80.2


Here is wat works,


Ping to Default gateway 10.55.80.1 ok

Ping to 851 interface ok

Ping to 851 external ok


But then when i ping 74.15.77.104 which is google.nl it also works fine. (before the change of the "Permit list" it didn't so something started working) Still with the explorer i get no internet access.


Tracing route to 74.125.77.104 over a maximum of 30 hops

  1     1 ms    <1 ms    <1 ms  10.55.80.1
  2     1 ms     5 ms     1 ms  192.168.1.254
  3    11 ms     9 ms    11 ms  10.15.30.1
  4    11 ms    12 ms    16 ms  212.142.3.1
  5    17 ms    15 ms    13 ms  84.116.244.17
  6    18 ms    13 ms    13 ms  84.116.131.9
  7    14 ms    15 ms    18 ms  72.14.218.61
  8    18 ms    15 ms    55 ms  209.85.248.93
  9    22 ms    15 ms    18 ms  64.233.175.246
10    17 ms    17 ms    22 ms  72.14.239.197
11    26 ms    33 ms    45 ms  209.85.255.110
12    22 ms    17 ms    25 ms  74.125.77.104

Trace complete.


SH IP ROUTE of 3550


Gateway of last resort is 192.168.1.254 to network 0.0.0.0

     192.168.120.0/30 is subnetted, 1 subnets
C       192.168.120.0 is directly connected, Vlan3
     172.20.0.0/30 is subnetted, 1 subnets
C       172.20.80.0 is directly connected, Vlan2
     10.0.0.0/30 is subnetted, 1 subnets
C       10.55.80.0 is directly connected, Vlan4
C    192.168.1.0/24 is directly connected, Vlan1
S*   0.0.0.0/0 [1/0] via 192.168.1.254


SH IP ROUTE of 851


Gateway of last resort is 77.251.146.1 to network 0.0.0.0

     192.168.120.0/30 is subnetted, 1 subnets
S       192.168.120.0 is directly connected, Vlan1
     172.20.0.0/30 is subnetted, 1 subnets
S       172.20.80.0 is directly connected, Vlan1
     77.0.0.0/24 is subnetted, 1 subnets
C       77.251.146.0 is directly connected, FastEthernet4
     10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
S       10.15.30.1/32 [254/0] via 77.251.146.1, FastEthernet4
S       10.55.80.0/30 is directly connected, Vlan1
C    192.168.1.0/24 is directly connected, Vlan1
S*   0.0.0.0/0 [254/0] via 77.251.146.1

SH IP NAT TRA


Pro Inside global      Inside local       Outside local      Outside global
udp 77.251.146.29:137  10.55.80.2:137     10.15.30.1:137     10.15.30.1:137
udp 77.251.146.29:137  10.55.80.2:137     64.233.175.246:137 64.233.175.246:137
udp 77.251.146.29:137  10.55.80.2:137     72.14.218.61:137   72.14.218.61:137
udp 77.251.146.29:137  10.55.80.2:137     72.14.239.197:137  72.14.239.197:137
udp 77.251.146.29:137  10.55.80.2:137     74.125.77.104:137  74.125.77.104:137
udp 77.251.146.29:137  10.55.80.2:137     84.116.131.9:137   84.116.131.9:137
udp 77.251.146.29:137  10.55.80.2:137     84.116.244.17:137  84.116.244.17:137
udp 77.251.146.29:137  10.55.80.2:137     209.85.248.93:137  209.85.248.93:137
udp 77.251.146.29:137  10.55.80.2:137     209.85.255.110:137 209.85.255.110:137
udp 77.251.146.29:137  10.55.80.2:137     212.142.3.1:137    212.142.3.1:137
udp 77.251.146.29:51984 10.55.80.2:51984  192.168.2.99:161   192.168.2.99:161
tcp 77.251.146.29:49838 192.168.1.1:49838 66.102.13.102:80   66.102.13.102:80



Hope it is any good to you


Just a quick question. You can ping google.nl so NAT and routing are working.


What happens if you try to access google.nl in your web browser but use the IP rather than the name ie.


http://74.125.77.104


Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Jon Marshall Sun, 01/24/2010 - 12:10
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

velthovenh wrote:


Hello you all,


Iam kinda new in the field although i really like to play around with all sorts of hardware. My setup contains a dell 2900 server with ESX4 and enough resources and offcourse some cisco equipment.


My problem is as follows,


I have set up my 851/w which as you can see in the picture is directly connected with the internet. Is give's ip addresses to any client who connects on the router. So i thought let's put in a switch and connect some virtual server and you know, it works! The servers get an ip address in the same range as the client pc. Nothing funny so far but the problem arises when i put all the server in seperate VLANs i can't seem to get internet form the server side. I know the switch is capable of routing and it does route, because on the 851 i can ping the each server and vice versa. Also when i connect a pc to any other port on the switch is just give's a ip address with internet access.


Needles to say that i configured static route for each network in which a server reside on the 851 router so that is why the pings work.


What am i missing and how do i fix it,


Kind Gegards,


Henk Velthoven


The picture show the actual setup with ip addresses except the wan side because that is dynamic, also the config from both router and switch are included as attachments (some line's are omitted for brevity, hmm i have read that before ).



Please change the acls on your router -


access-list 2 permit 192.168.120.0 0.0.0.252
access-list 3 remark INTENET TOEGANG
access-list 3 permit 172.20.80.0 0.0.0.252
access-list 4 remark INTENET TOEGANG
access-list 4 permit 10.55.80.0 0.0.0.252


to


access-list 2 permit 192.168.120.0 0.0.0.3
access-list 3 remark INTENET TOEGANG
access-list 3 permit 172.20.80.0 0.0.0.3
access-list 4 remark INTENET TOEGANG
access-list 4 permit 10.55.80.0 0.0.0.3


Jon

velthovenh Sun, 01/24/2010 - 12:31
User Badges:

Hoi Jon,


I have changed the rules just like you told me to but it still doesn't work. Thought a reload might do the trick but it won't, really gets me thinking why it won't work. Any more ideas?


Gr Henk

Jon Marshall Sun, 01/24/2010 - 12:40
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

velthovenh wrote:


Hoi Jon,


I have changed the rules just like you told me to but it still doesn't work. Thought a reload might do the trick but it won't, really gets me thinking why it won't work. Any more ideas?


Gr Henk


Okay, a few ping tests are in order. Apologies if you've covered this but with a config change, best to test it all


1) from the server 172.20.80.2 can you ping -


    i) it's default-gateway - 172.20.80.1

   ii) the 851 internal interface - 192.168.1.254

  iii) the 851 external interface - whatever that is


After doing this can you try pinging and also tracerouting to a web server on the internet via it's IP address - 88.221.32.170 and post results.


Finally can you post result of a "sh ip nat translations" from the 851.


Edit - oops sorry forgot. Can i have a "show ip route" from the 3550 and the 851.


Jon

velthovenh Sun, 01/24/2010 - 13:17
User Badges:

Hey Jon,


Thanks for helping me out, much appreciated.


Ik took my laptop and hooked it up to Fa0/11 on the switch and configured it with the same ip address as server 10.55.80.2


Here is wat works,


Ping to Default gateway 10.55.80.1 ok

Ping to 851 interface ok

Ping to 851 external ok


But then when i ping 74.15.77.104 which is google.nl it also works fine. (before the change of the "Permit list" it didn't so something started working) Still with the explorer i get no internet access.


Tracing route to 74.125.77.104 over a maximum of 30 hops

  1     1 ms    <1 ms    <1 ms  10.55.80.1
  2     1 ms     5 ms     1 ms  192.168.1.254
  3    11 ms     9 ms    11 ms  10.15.30.1
  4    11 ms    12 ms    16 ms  212.142.3.1
  5    17 ms    15 ms    13 ms  84.116.244.17
  6    18 ms    13 ms    13 ms  84.116.131.9
  7    14 ms    15 ms    18 ms  72.14.218.61
  8    18 ms    15 ms    55 ms  209.85.248.93
  9    22 ms    15 ms    18 ms  64.233.175.246
10    17 ms    17 ms    22 ms  72.14.239.197
11    26 ms    33 ms    45 ms  209.85.255.110
12    22 ms    17 ms    25 ms  74.125.77.104

Trace complete.


SH IP ROUTE of 3550


Gateway of last resort is 192.168.1.254 to network 0.0.0.0

     192.168.120.0/30 is subnetted, 1 subnets
C       192.168.120.0 is directly connected, Vlan3
     172.20.0.0/30 is subnetted, 1 subnets
C       172.20.80.0 is directly connected, Vlan2
     10.0.0.0/30 is subnetted, 1 subnets
C       10.55.80.0 is directly connected, Vlan4
C    192.168.1.0/24 is directly connected, Vlan1
S*   0.0.0.0/0 [1/0] via 192.168.1.254


SH IP ROUTE of 851


Gateway of last resort is 77.251.146.1 to network 0.0.0.0

     192.168.120.0/30 is subnetted, 1 subnets
S       192.168.120.0 is directly connected, Vlan1
     172.20.0.0/30 is subnetted, 1 subnets
S       172.20.80.0 is directly connected, Vlan1
     77.0.0.0/24 is subnetted, 1 subnets
C       77.251.146.0 is directly connected, FastEthernet4
     10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
S       10.15.30.1/32 [254/0] via 77.251.146.1, FastEthernet4
S       10.55.80.0/30 is directly connected, Vlan1
C    192.168.1.0/24 is directly connected, Vlan1
S*   0.0.0.0/0 [254/0] via 77.251.146.1

SH IP NAT TRA


Pro Inside global      Inside local       Outside local      Outside global
udp 77.251.146.29:137  10.55.80.2:137     10.15.30.1:137     10.15.30.1:137
udp 77.251.146.29:137  10.55.80.2:137     64.233.175.246:137 64.233.175.246:137
udp 77.251.146.29:137  10.55.80.2:137     72.14.218.61:137   72.14.218.61:137
udp 77.251.146.29:137  10.55.80.2:137     72.14.239.197:137  72.14.239.197:137
udp 77.251.146.29:137  10.55.80.2:137     74.125.77.104:137  74.125.77.104:137
udp 77.251.146.29:137  10.55.80.2:137     84.116.131.9:137   84.116.131.9:137
udp 77.251.146.29:137  10.55.80.2:137     84.116.244.17:137  84.116.244.17:137
udp 77.251.146.29:137  10.55.80.2:137     209.85.248.93:137  209.85.248.93:137
udp 77.251.146.29:137  10.55.80.2:137     209.85.255.110:137 209.85.255.110:137
udp 77.251.146.29:137  10.55.80.2:137     212.142.3.1:137    212.142.3.1:137
udp 77.251.146.29:51984 10.55.80.2:51984  192.168.2.99:161   192.168.2.99:161
tcp 77.251.146.29:49838 192.168.1.1:49838 66.102.13.102:80   66.102.13.102:80



Hope it is any good to you

Correct Answer
Jon Marshall Sun, 01/24/2010 - 13:22
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

velthovenh wrote:


Hey Jon,


Thanks for helping me out, much appreciated.


Ik took my laptop and hooked it up to Fa0/11 on the switch and configured it with the same ip address as server 10.55.80.2


Here is wat works,


Ping to Default gateway 10.55.80.1 ok

Ping to 851 interface ok

Ping to 851 external ok


But then when i ping 74.15.77.104 which is google.nl it also works fine. (before the change of the "Permit list" it didn't so something started working) Still with the explorer i get no internet access.


Tracing route to 74.125.77.104 over a maximum of 30 hops

  1     1 ms    <1 ms    <1 ms  10.55.80.1
  2     1 ms     5 ms     1 ms  192.168.1.254
  3    11 ms     9 ms    11 ms  10.15.30.1
  4    11 ms    12 ms    16 ms  212.142.3.1
  5    17 ms    15 ms    13 ms  84.116.244.17
  6    18 ms    13 ms    13 ms  84.116.131.9
  7    14 ms    15 ms    18 ms  72.14.218.61
  8    18 ms    15 ms    55 ms  209.85.248.93
  9    22 ms    15 ms    18 ms  64.233.175.246
10    17 ms    17 ms    22 ms  72.14.239.197
11    26 ms    33 ms    45 ms  209.85.255.110
12    22 ms    17 ms    25 ms  74.125.77.104

Trace complete.


SH IP ROUTE of 3550


Gateway of last resort is 192.168.1.254 to network 0.0.0.0

     192.168.120.0/30 is subnetted, 1 subnets
C       192.168.120.0 is directly connected, Vlan3
     172.20.0.0/30 is subnetted, 1 subnets
C       172.20.80.0 is directly connected, Vlan2
     10.0.0.0/30 is subnetted, 1 subnets
C       10.55.80.0 is directly connected, Vlan4
C    192.168.1.0/24 is directly connected, Vlan1
S*   0.0.0.0/0 [1/0] via 192.168.1.254


SH IP ROUTE of 851


Gateway of last resort is 77.251.146.1 to network 0.0.0.0

     192.168.120.0/30 is subnetted, 1 subnets
S       192.168.120.0 is directly connected, Vlan1
     172.20.0.0/30 is subnetted, 1 subnets
S       172.20.80.0 is directly connected, Vlan1
     77.0.0.0/24 is subnetted, 1 subnets
C       77.251.146.0 is directly connected, FastEthernet4
     10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
S       10.15.30.1/32 [254/0] via 77.251.146.1, FastEthernet4
S       10.55.80.0/30 is directly connected, Vlan1
C    192.168.1.0/24 is directly connected, Vlan1
S*   0.0.0.0/0 [254/0] via 77.251.146.1

SH IP NAT TRA


Pro Inside global      Inside local       Outside local      Outside global
udp 77.251.146.29:137  10.55.80.2:137     10.15.30.1:137     10.15.30.1:137
udp 77.251.146.29:137  10.55.80.2:137     64.233.175.246:137 64.233.175.246:137
udp 77.251.146.29:137  10.55.80.2:137     72.14.218.61:137   72.14.218.61:137
udp 77.251.146.29:137  10.55.80.2:137     72.14.239.197:137  72.14.239.197:137
udp 77.251.146.29:137  10.55.80.2:137     74.125.77.104:137  74.125.77.104:137
udp 77.251.146.29:137  10.55.80.2:137     84.116.131.9:137   84.116.131.9:137
udp 77.251.146.29:137  10.55.80.2:137     84.116.244.17:137  84.116.244.17:137
udp 77.251.146.29:137  10.55.80.2:137     209.85.248.93:137  209.85.248.93:137
udp 77.251.146.29:137  10.55.80.2:137     209.85.255.110:137 209.85.255.110:137
udp 77.251.146.29:137  10.55.80.2:137     212.142.3.1:137    212.142.3.1:137
udp 77.251.146.29:51984 10.55.80.2:51984  192.168.2.99:161   192.168.2.99:161
tcp 77.251.146.29:49838 192.168.1.1:49838 66.102.13.102:80   66.102.13.102:80



Hope it is any good to you


Just a quick question. You can ping google.nl so NAT and routing are working.


What happens if you try to access google.nl in your web browser but use the IP rather than the name ie.


http://74.125.77.104


Jon

velthovenh Sun, 01/24/2010 - 13:34
User Badges:

Hey Jon,


Ik kinda feel like scratch @ the moment because it started working once i filled in the DNS information on the windows client. How could i forget such easy thing.


So you helped after al, especially with the ACL list. 0.0.0.3 because that did the trick.


Again thank you very much and i hope one day to help some else to when i get more experience, time will tell.


Greetings

Henk Velthoven

Jon Marshall Sun, 01/24/2010 - 13:43
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

velthovenh wrote:


Hey Jon,


Ik kinda feel like scratch @ the moment because it started working once i filled in the DNS information on the windows client. How could i forget such easy thing.


So you helped after al, especially with the ACL list. 0.0.0.3 because that did the trick.


Again thank you very much and i hope one day to help some else to when i get more experience, time will tell.


Greetings

Henk Velthoven


Henk


No problem, glad to have helped. And also would like to say that you provided exactly the right information in your initial post which helped us to sort it out very quickly.


Jon

Actions

This Discussion

Related Content