Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IP address being bloacked??

Hi,

I have a 1720, IOS 12.1

e0 - 10.0.0.254 255.0.0.0

Server IP - 10.10.1.1

It seems to be blocking IP address 10.10.1.1 only from getting outside the network. I can't see any access lists in place. Any ideas??

Thanks,

Eric

5 REPLIES
VIP Purple

Re: IP address being bloacked??

Hello,

does your server have IP address 10.10.1.1 with a subnet mask of 255.0.0.0, and is the default gateway of the server 10.0.0.254 ? Can you post your router config ?

Regards,

Georg

New Member

Re: IP address being bloacked??

Yes, server is 10.10.1.1 255.0.0.0

gateway is 10.0.0.254

I am runnning W2k server with AD and DNS

DHCP

scope 10.0.0.150 - 10.0.0.200 255.0.0.0

all clients can reach internet

I am trying to use forwarders to point the client machines to external DNS for internet

When client machine configured to use DNS 10.10.1.1

they can't reach the internet. If iI config the external DNS addresses they reach no problem. W2K with forwarder set should point to the external DNS.

I have this set up on a test network at home and it works fine. Someone told me in a forum that 10.10.1.1 is blocked by RFC1918. Is this true or is there something in my config that is blocking the IP?

Here is my config,

Current configuration : 1880 bytes

!

version 12.1

no service single-slot-reload-enable

service timestamps debug uptime

service timestamps log uptime

service password-encryption

no service dhcp

!

hostname Duct&Vent

!

logging rate-limit console 10 except errors

enable secret xxxx

enable password xxxx

!

memory-size iomem 25

ip subnet-zero

no ip finger

ip name-server 64.69.98.35

ip name-server 64.69.100.68

ip dhcp excluded-address 10.10.1.1

!

ip dhcp pool clients

network 10.0.0.0 255.0.0.0

default-router 10.0.0.254

dns-server 64.69.98.35

!

ip inspect audit-trail

ip inspect max-incomplete high 1100

ip inspect one-minute high 1100

ip inspect name internet udp

ip inspect name internet tcp

ip inspect name internet ftp

ip inspect name internet smtp

ip inspect name internet realaudio

ip inspect name internet cuseeme

ip inspect name internet http java-list 99

ip inspect name internet h323

ip inspect name internet rcmd

ip inspect name internet streamworks

ip inspect name internet vdolive

ip inspect name internet tftp

ip inspect name internet sqlnet

ip inspect name internet fragment maximum 256 timeout 1

ip audit notify log

ip audit po max-events 100

!

!

!

interface FastEthernet0

ip address 10.0.0.254 255.0.0.0

ip nat inside

ip inspect internet in

speed auto

!

interface Serial0

no ip address

encapsulation frame-relay

frame-relay lmi-type ansi

!

interface Serial0.1 point-to-point

ip address x.x.x.x 255.255.255.248 *(I x'd this out)

ip nat outside

frame-relay interface-dlci 40 IETF

!

ip nat pool internet 66.152.211.134 66.152.211.134 netmask 255.255.255.248

ip nat inside source list 1 pool internet overload

ip classless

ip route 0.0.0.0 0.0.0.0 Serial0.1

no ip http server

!

access-list 1 permit 10.0.0.0 0.255.255.255

!

line con 0

transport input none

line aux 0

line vty 0 4

password xxxx

login

!

no scheduler allocate

end

Bronze

Re: IP address being bloacked??

Two important questions:

1. Can the clients ping the Win2k server IP?

2. Can the Win2k server get out on the Internet?

Double check the Win2K server mask and default gateway. The mask should be 255.0.0.0

"Someone told me in a forum that 10.10.1.1 is blocked by RFC1918. Is this true or is there something in my config that is blocking the IP?"

ISPs do not route private IP blocks (RFC1918 IPs). This isn't your problem because your router is NATing your block of IPs to "legal" a legal IP.

New Member

Re: IP address being bloacked??

Hi,

Yes the clients can ping the server

No the server cannot reach the internet

I will have to check the DNS server setting on the server. I will double check the mask and gateway.

Thanks,

Eric

Bronze

Re: IP address being bloacked??

Be sure to see if the server can get to the Internet via pure IP (e.g. no DNS type stuff). This will simplify troubeshooting because the DNS config on the server could be wrong. Try and ping something out on the Internet by IP like your ISP or something.

-HTH

82
Views
0
Helpful
5
Replies
CreatePlease login to create content