cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1157
Views
5
Helpful
4
Replies

Unable to route out WAN

Brandon James
Level 1
Level 1

I understand the question I am about to ask must be a very simple problem. My situation, I have a 2811 router that has two FE ports. 0/0 is WAN and 0/1 is LAN. 0/0 is set for DHCP and 0/1 is xxx.xx.35.225 255.255.255.240. I can ping everything when I am telnet in the router but if I try pinging from the host machine I can ping my routers lan and wan interface but nothing else. When I do a tracert from the host machine it times out after the lan interface. Any suggestions?

Rt1(config)#do show run
Building configuration...

Current configuration : 1056 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Rt1
!
boot-start-marker
boot-end-marker
!
no logging buffered
enable password cisco
!
no aaa new-model
!
resource policy
!
ip subnet-zero
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address xxx.xx.35.225 xxx.xx.35.228
!
ip dhcp pool KIT_7_DHCP
   network xxx.xx.35.224 255.255.255.240
   default-router xxx.xx.35.225
   dns-server 8.8.8.8
   lease 3
!
!
!
!
!
!
username xxxxxx privilege 15 password 0 xxxxxxxxxxxx
!
!
!
!
interface FastEthernet0/0
ip address dhcp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
ip address xxx.xx.35.225 255.255.255.240
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
ip classless
ip route 0.0.0.0 0.0.0.0 dhcp
!
ip http server
ip http authentication local
no ip http secure-server
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line vty 0 4
password cisco
login
!
scheduler allocate 20000 1000
!
end

1 Accepted Solution

Accepted Solutions

NAT is provisioned on the interfaces but there are no NAT rules defined.  Could it be the LAN traffic is not being translated and the service provider network has no idea what to do with it?

There are may ways to configure NAT but the following may be helpful in this case:

access-list 101 permit ip xxx.xx.35.225 0.0.0.15 any

ip nat inside source list 101 interface fa0/0 overload


Because the outside interface receives it's IP address via DHCP there's nothing wrong with the default gateway next hop being learned via DHCP.  With this config remember you'll encounter some of the same problems any DHCP host will encounter in regard to requesting, receiving and renewing DHCP information.  It would be worth your while to have a static IP address and default gateway in regard to network infrastructure that all users depend on.


Chris

View solution in original post

4 Replies 4

Mario Garcia
Level 3
Level 3

HI Brandon,

Change your ip route statement to

ip route 0.0.0.0 0.0.0.0 FastEthernet0/0

Mario

marioagarcia@gmail.com

HI Brandon,

Change your ip route statement to

ip route 0.0.0.0 0.0.0.0 FastEthernet0/0

Mario

No, that is VERY wrong, NEVER point routes directly to LAN interface, always use next hop address.

However, regarding the problem for the OP, it is due that other device have no routing configuration to go bacjk to router.

NAT is provisioned on the interfaces but there are no NAT rules defined.  Could it be the LAN traffic is not being translated and the service provider network has no idea what to do with it?

There are may ways to configure NAT but the following may be helpful in this case:

access-list 101 permit ip xxx.xx.35.225 0.0.0.15 any

ip nat inside source list 101 interface fa0/0 overload


Because the outside interface receives it's IP address via DHCP there's nothing wrong with the default gateway next hop being learned via DHCP.  With this config remember you'll encounter some of the same problems any DHCP host will encounter in regard to requesting, receiving and renewing DHCP information.  It would be worth your while to have a static IP address and default gateway in regard to network infrastructure that all users depend on.


Chris

I believe you got it right, I put a Linksys router between the 2811 and the WAN connection I have then put a static route on the Linksys pointing back to the IP address it was giving the 2811 and all traffic started flowing ( i kept the -ip route 0.0.0.0 0.0.0.0 dhcp- and also tried changing dhcp to fasteithernet 0/0 and an IP address, all worked fine).

I little bit more about what my setup is designed for, it is a mobile kit that is to VPN back into my companies network, so the xxx.xx.35.0 network is public IP space. The fix for now was to have access to the device that is giving my WAN connection and put a static route in it, but I will not always have that ability. Maybe it is that once the VPN tunnel was configured it would route properly because it is now back into the xxx.xx.0.0 network?

Regarding the VPN, the "kits" that I am refering to are currently in working condition but the router is a Sonicwall router and the VPN is setup through the sonicwall's gui. We are trying to replace all the equipment in our mobile kits with Cisco products. It is a site-to-site and uses ike and ipsec. Any suggestion on where some good reading matterial for this type of setup can befound so I can figure out how to put those settingins into cli format and into the cisco routers?

Thanks for your help and the quick feedback from everyone, this is a great resource.

Brandon

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: