Solved: 2801 Router can access internet but not the LAN users

johnramz · ‎02-10-2012

Hello CISCO community,

I need help with this simple configuration.(DETAILS BELOW)

The goal is to add a 2801 router between a DSL modem and a switch

and obviously still access the internet

I connected and configured as explained below and the results are:

- I am able to ping internet addresses from the 2801 router

- I am not able to ping internet addresses from userlaptop but I am able to

ping LAN gateway (192.168.254.254)

I cannot understand why the internet requests from the user laptopuser are not

routed to the internet but the router itself can access the internet.

Thanks for you help. PLEASE SEE CONFIGURATION BELOW

John

INTERNET====DSLmodem=====CISCO2801=====unmanagedSwitch=====userlaptop

DSLmodem:

non-bridged mode and does the PPPOe authentication.

WAN interface: Dynamic IP address assigned by ISP

LAN interface: 192.168.253.254

DHCP: disabled

CISCO 2801:

configuration

Router#sh run

Building configuration...

Current configuration : 987 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Router

!

boot-start-marker

boot-end-marker

!

no aaa new-model

ip cef

!

no ip dhcp use vrf connected

ip dhcp excluded-address 192.168.254.230 192.168.254.254

!

ip dhcp pool mypool

network 192.168.254.0 255.255.255.0

domain-name domain.com

dns-server 208.67.222.222 208.67.220.220

default-router 192.168.254.254

lease 8

!

multilink bundle-name authenticated

!

archive

log config

hidekeys

!

interface FastEthernet0/0

ip address 192.168.253.253 255.255.255.0

duplex auto

speed auto

!

interface FastEthernet0/1

ip address 192.168.254.254 255.255.255.0

duplex auto

speed auto

!

interface Serial0/2/0

no ip address

shutdown

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 192.168.253.254

!

no ip http server

!

control-plane

!

line con 0

line aux 0

line vty 0 4

login

!

scheduler allocate 20000 1000

end

Neeraj Arora · ‎02-10-2012

Cadet,

I think you wanted to use the following config (inside & outside interfaces are reversed):

int f0/0

ip nat outside

int f0/1

ip nat inside

access-list 1 permit 192.168.254.0 0.0.0.255

ip nat inside source list 1 interface f0/0 overload

HTH

Neeraj

View solution in original post

cadet alain · ‎02-10-2012

Hi John,

you should NAT the LAN traffic like this:

int f0/0

ip nat inside

int f0/1

ip nat outside

access-list 1 permit 192.168.253.0 0.0.0.255

ip nat inside source list 1 interface f0/1

Regards.

Alain.

Don't forget to rate helpful posts.

Neeraj Arora · ‎02-10-2012

Cadet,

I think you wanted to use the following config (inside & outside interfaces are reversed):

int f0/0

ip nat outside

int f0/1

ip nat inside

access-list 1 permit 192.168.254.0 0.0.0.255

ip nat inside source list 1 interface f0/0 overload

HTH

Neeraj

johnramz · ‎02-11-2012

neeraj,

thanks for making the correction to Alain's answer.

It is working now as far as ip connectivity. DNS resolution is not working.

Would I need to explicitly indicate DNS traffic in the router to be allow to go outside?

I tried changing the DNS servers(208.67.222.222 208.67.220.220) from those in the config to the DSL modem itself(192.168.253.254) and still would not work.

Any ideas?,

before adding the router in the middle, DNS resolution was all handled by the DSL modem itself with its default config

Thanks in advance for your help

John

Neeraj Arora · ‎02-11-2012

John,

DNS should work if internet connectivity from the laptop is there now. there is no additional configuration required on the router for this.

Try and see if you are able to ping the DNS servers which you have configured, otherwise try and assign the DNS server on the laptop manually as 4.2.2.2

If the above step worked then the issue would be most probably with your DNS server, not the router or your setup.

HTH

Neeraj

johnramz · ‎02-11-2012

neeraj,

It is very odd. I am able to ping those DNS servers from laptops(tried from several) and when I disconnect the router and set it all back the way it was with just DSL modem , then DNS resolution works

Well I will keep looking but it seems very straightforward. I even issued "ipconfig /flushdns" on the laptops

Thanks anyway for your reply

John

Neeraj Arora · ‎02-11-2012

this really is a bummer

although I am not sure if it will make any difference but try issuing the following commands on the router while you are testing other stuff:

------------------------------------------------------------------------

ip dhcp pool mypool

no domain-name domain.com

exit

no ip domain-lookup

ip domain-lookup

------------------------------------------------------------------------

And also add the name-server commands on the router and check if you are getting name resolution from the router itself:

name-server 208.67.222.222 208.67.220.220

ping google.com

johnramz · ‎02-10-2012

Alain,

thanks for your quick reply . I will give a try tonight when I get home. However, why the "ip nat outside" goes on the "LAN" interface-int fa0/1- instead of the "WAN" interface-int fa0/0?

Thanks

John

cadet alain · ‎02-10-2012

Hi,

yes I had reversed the interfaces:) the right config was corrected by Neeraj

Regards.

Alain

Don't forget to rate helpful posts.

ebarticel · ‎02-10-2012

I see a typo in your ip route statement

ip route 0.0.0.0 0.0.0.0 192.168.253.254

it should be

ip route 0.0.0.0 0.0.0.0 192.168.253.253

to match the ip on Fa0/0 interface

Hope this helps

Eugen

johnramz · ‎02-11-2012

eugen,

192.168.253.254 is the next hop(DSL modem), therefore it is correct. Thanks for your reply anyway

John

cadet alain · ‎02-11-2012

Hi,

can you do a nslookup for an url while launching wireshark and post the capture file.

Regards.

Alain

Don't forget to rate helpful posts.

ebarticel · ‎02-11-2012

Sorry my mistake...

Eugen

johnramz · ‎02-11-2012

Thanks everyone for your support on this question.

When I get a chance tonight I will try Alain and Neeraj's suggestions.

John

johnramz · ‎02-11-2012

OK. Got it figured out to a degree, but it is no the router config.

I connected a XP laptop to internet with no issues. Found out that it was happening only to windows 7 machines. So I did go into connections in the browser proxy settings and unchecked "automatically detect settings" for IE and checked the same setting for Chrome and it worked.....huh???? yes, exactly. Why I would not change it when connected straight to DSL modem, I do not know. But it is working and that's what mattters. Thanks for your help and I think I should assign correct answer to Neeraj.

John