Cisco 2801 - LAN traffic not passing thru

Unanswered Question
Apr 30th, 2010

Hi,

I'm setting up a Cisco 2800 series router for use with two T1s (bonded).  With the config below (all IPs altered a bit), if I plug a laptop into the FE0/0 port to test (with a public IP address from our 12.187.222.x block) , I can browse the web fine. 

Once I connect a firewall to the FE0/0 port (a SonicWall 2040), and then connect a test laptop to the firewall's LAN port, I can no longer browse the web.  The firewall has some built-in diagnostics tools, and using those, I can see the firewall itself can ping the far and near sides of the router and can ping google... a tracert to google.com completes as well.  However, the laptop connected to the firewall can only ping the near side 12.187.222.1 of the router. 

(The FE0/1 interface and the Serial0/3 interface will eventually be used in a private line that I've yet to implement, but are not connected to anything at present).

Firewall interfaces:
X0 LAN = 192.168.0.1
X1 WAN = 12.187.222.2  (gateway = 12.187.222.1, subnet = 255.255.255.224, DNS = 4.2.2.2)

I'm not sure if I'm missing something in the router config (IP route or an ACL?) or if I need to look closer at the firewall.

RTR1#show config
Using 2794 out of 196600 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime
no service password-encryption
!
hostname RTR1
!
boot-start-marker
boot-end-marker
!
card type t1 0 2
no logging on
enable secret 5 $1$1M8L$brtRM/O7Ww1ZCAqWM1C6P1
!
no aaa new-model
network-clock-participate wic 2
no network-clock-participate wic 3
ip cef
!
!
!
!
ip domain name yourdomain.com
!
username cisco privilege 15 secret 5 $1$64xh$LafBTh0zQ55dz2IArg.qq/
username admin privilege 15 secret 5 $1$kp53$jo8pVGWX8wcAlyd1.sipc/
!
!
controller T1 0/2/0
 framing esf
 linecode b8zs
 channel-group 0 timeslots 1-24
!
controller T1 0/2/1
 framing esf
 linecode b8zs
 channel-group 0 timeslots 1-24
!
controller T1 0/3/0
 shutdown
 framing esf
 linecode b8zs
 channel-group 0 timeslots 1-24
!
!
!
interface Multilink1
 ip address 12.111.9.130 255.255.255.252
 ppp multilink
 ppp multilink fragment disable
 ppp multilink group 1
!
interface FastEthernet0/0
 description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$
 ip address 12.187.222.1 255.255.255.224
 duplex auto
 speed auto
 no mop enabled
!
interface FastEthernet0/1
 description future private line setup not in use currently
 ip address 192.168.76.1 255.255.255.252
 duplex auto
 speed auto
 no mop enabled
!
interface Serial0/2/0:0
 description multilink 1 interface
 no ip address
 encapsulation ppp
 ppp multilink
 ppp multilink group 1
!
interface Serial0/2/1:0
 description multilink 1 interface
 no ip address
 encapsulation ppp
 ppp multilink
 ppp multilink group 1
!
interface Serial0/3/0:0
 description future private line setup not in use currently
 ip unnumbered FastEthernet0/1
 encapsulation ppp
!
ip route 0.0.0.0 0.0.0.0 Multilink1
!
no ip http server
!
access-list 23 permit 10.10.10.0 0.0.0.7
dialer-list 1 protocol ip permit
disable-eadi
!
control-plane
!
banner login ^C
-----------------------------------------------------------------------
Cisco Router and Security Device Manager (SDM) is installed on this device.
This feature requires the one-time use of the username "cisco"
with the password "cisco". The default username and password have a privilege le
vel of 15.

Please change these publicly known initial credentials using SDM or the IOS CLI.

Here are the Cisco IOS commands.

username <myuser>  privilege 15 secret 0 <mypassword>
no username cisco

Replace <myuser> and <mypassword> with the username and password you want to use
.

For more information about SDM please follow the instructions in the QUICK START

GUIDE for your router or go to http://www.cisco.com/go/sdm
-----------------------------------------------------------------------
^C
!
line con 0
 login local
line aux 0
line vty 0 4
 access-class 23 in
 privilege level 15
 no login
 transport input telnet
!
scheduler allocate 20000 1000
end

RTR1#
I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Sat, 05/01/2010 - 02:57

Where is your NAT happening for the PC connected to the Sonicwall.

When you connected the PC directly to the router it had a public IP that was routable on the internet. When you connect it to the sonicwall what is it's IP ie. is it a private RFC1918 address ? If so you need to NAT that address to one of your public IPs. You can do this either on your sonicwall or the router although it is usually done on the firewall.

Jon

Actions

This Discussion