Unable to route out WAN

Answered Question
Sep 26th, 2010
User Badges:

I understand the question I am about to ask must be a very simple problem. My situation, I have a 2811 router that has two FE ports. 0/0 is WAN and 0/1 is LAN. 0/0 is set for DHCP and 0/1 is xxx.xx.35.225 255.255.255.240. I can ping everything when I am telnet in the router but if I try pinging from the host machine I can ping my routers lan and wan interface but nothing else. When I do a tracert from the host machine it times out after the lan interface. Any suggestions?



Rt1(config)#do show run
Building configuration...

Current configuration : 1056 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Rt1
!
boot-start-marker
boot-end-marker
!
no logging buffered
enable password cisco
!
no aaa new-model
!
resource policy
!
ip subnet-zero
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address xxx.xx.35.225 xxx.xx.35.228
!
ip dhcp pool KIT_7_DHCP
   network xxx.xx.35.224 255.255.255.240
   default-router xxx.xx.35.225
   dns-server 8.8.8.8
   lease 3
!
!
!
!
!
!
username xxxxxx privilege 15 password 0 xxxxxxxxxxxx
!
!
!
!
interface FastEthernet0/0
ip address dhcp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
ip address xxx.xx.35.225 255.255.255.240
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
ip classless
ip route 0.0.0.0 0.0.0.0 dhcp
!
ip http server
ip http authentication local
no ip http secure-server
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line vty 0 4
password cisco
login
!
scheduler allocate 20000 1000
!
end

Correct Answer by gatlin007 about 6 years 8 months ago

NAT is provisioned on the interfaces but there are no NAT rules defined.  Could it be the LAN traffic is not being translated and the service provider network has no idea what to do with it?

There are may ways to configure NAT but the following may be helpful in this case:

access-list 101 permit ip xxx.xx.35.225 0.0.0.15 any

ip nat inside source list 101 interface fa0/0 overload


Because the outside interface receives it's IP address via DHCP there's nothing wrong with the default gateway next hop being learned via DHCP.  With this config remember you'll encounter some of the same problems any DHCP host will encounter in regard to requesting, receiving and renewing DHCP information.  It would be worth your while to have a static IP address and default gateway in regard to network infrastructure that all users depend on.



Chris

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3.3 (3 ratings)
Loading.
Mario Garcia Sun, 09/26/2010 - 01:45
User Badges:

HI Brandon,


Change your ip route statement to


ip route 0.0.0.0 0.0.0.0 FastEthernet0/0


Mario

paolo bevilacqua Sun, 09/26/2010 - 04:32
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member

Correct Answer
gatlin007 Sun, 09/26/2010 - 07:36
User Badges:
  • Silver, 250 points or more

NAT is provisioned on the interfaces but there are no NAT rules defined.  Could it be the LAN traffic is not being translated and the service provider network has no idea what to do with it?

There are may ways to configure NAT but the following may be helpful in this case:

access-list 101 permit ip xxx.xx.35.225 0.0.0.15 any

ip nat inside source list 101 interface fa0/0 overload


Because the outside interface receives it's IP address via DHCP there's nothing wrong with the default gateway next hop being learned via DHCP.  With this config remember you'll encounter some of the same problems any DHCP host will encounter in regard to requesting, receiving and renewing DHCP information.  It would be worth your while to have a static IP address and default gateway in regard to network infrastructure that all users depend on.



Chris

Brandon James Sun, 09/26/2010 - 15:18
User Badges:

I believe you got it right, I put a Linksys router between the 2811 and the WAN connection I have then put a static route on the Linksys pointing back to the IP address it was giving the 2811 and all traffic started flowing ( i kept the -ip route 0.0.0.0 0.0.0.0 dhcp- and also tried changing dhcp to fasteithernet 0/0 and an IP address, all worked fine).


I little bit more about what my setup is designed for, it is a mobile kit that is to VPN back into my companies network, so the xxx.xx.35.0 network is public IP space. The fix for now was to have access to the device that is giving my WAN connection and put a static route in it, but I will not always have that ability. Maybe it is that once the VPN tunnel was configured it would route properly because it is now back into the xxx.xx.0.0 network?


Regarding the VPN, the "kits" that I am refering to are currently in working condition but the router is a Sonicwall router and the VPN is setup through the sonicwall's gui. We are trying to replace all the equipment in our mobile kits with Cisco products. It is a site-to-site and uses ike and ipsec. Any suggestion on where some good reading matterial for this type of setup can befound so I can figure out how to put those settingins into cli format and into the cisco routers?


Thanks for your help and the quick feedback from everyone, this is a great resource.


Brandon

Actions

This Discussion

Related Content