01-30-2014 09:43 PM - edited 03-04-2019 10:13 PM
Hi,
I have recently changed ISP and had to configure my router to accomodate the new ISP. But for some reason I cannot seem to connect to the Internet.
My setup consists of the ISP's modem, my router and then a bunch of switches for the LAN.
With the old ISP, the config was as follows:
Interface FastEthernet 0/0
Description LAN Interface
ip address 192.168.5.1 255.255.255.0
ip nat inside
Interface Serial 0/0/0
Description ISP INTERNET LINK
ip address 10.88.96.212 255.255.255.252
ip nat outside
ip name-server 123.108.252.50
ip name-server 123.108.252.51
ip route 0.0.0.0 0.0.0.0 10.88.96.212
ip nat inside source list 1 interface serial 0/0/0 overload
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 1 permit 192.168.5.0 0.0.0.255
Everything worked fine. With the new ISP, the cable modem they provided has one ethernet port which I connect to one of my FastEthernet ports.
I setup the router for the new ISP like so:
Interface FastEthernet 0/0
Description CRS LAN Interface
ip address 192.168.5.1 255.255.255.0
ip nat inside
Interface FastEthernet 0/1
Description ISP INTERNET LINK
ip address 192.167.18.222 255.255.255.252
ip nat outside
ip name-server 51.202.229.132
ip name-server 51.202.229.130
ip route 0.0.0.0 0.0.0.0 192.167.18.221
ip nat inside source list 1 interface FastEthernet 0/1 overload
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 1 permit 192.168.5.0 0.0.0.255
From my router, I can ping the gateway 192.167.18.221. I can ping all devices in my LAN but I cannot connect to the Internet.
If I connect the ISP modem via ethernet cable directly to my laptop, the Internet works so there seems to be a problem with my config.
Would like some assistance. Thanks in advance
Solved! Go to Solution.
02-01-2014 04:15 AM
Hi David,
If traceroute output is from LAN PC, I would expect that first hop will be 192.168.5.1, not 192.167.18.221 which is ISP gateway.
Can you please upload these output from LAN PC:
ipconfig /all
route print
ping www.google.com
Also as pdriver suggested to try crosscable, I dont think it will be necessary cause it seems that connectivity is up.
Best Regards
Please rate all helpful posts and close solved questions
02-01-2014 07:01 AM
Hi,
Its a DNS issue....try to config 4.4.4.4 as ur DNS in your laptop and even in router. it should work.
Regards,
Satya.M
02-01-2014 07:15 AM
David,
Can you ping 8.8.8.8 from a workstation? If so, it's dns related. You can test this by taking out the two name servers in your router and adding 8.8.8.8. After that, try to ping www.google.com sourcing from fa0/0. If you get a response, your natting/internet is working. Then put the same config (dns entries) on a workstation. Try to ping google from there. If that works, you're good.
HTH,
John
*** Please rate all useful posts ***
01-30-2014 11:57 PM
have you checked the NAT translation if its working?
01-31-2014 02:52 AM
Will do when I get a chance. I have a feeling I messed up the NAT config
01-31-2014 02:28 AM
What is subnet mask you gave to the laptop's ip address?
01-31-2014 02:56 AM
Computers in the LAN are all on 255.255.255.0. I am using dhcp via windows server
If you mean for a direct connection from modem to laptop then:
255.255.255.252 (the isp's mask)
01-31-2014 02:37 AM
Turn on NAT debugging "debug ip nat" and ping as follows:
ping 8.8.8.8 source fa0/0
and post the results. Don't forget to turn on "term mon" is you are not connected via console.
01-31-2014 03:25 AM
When you connect your laptop to the provider modem is the laptop using DHCP or did you manually set the address?
You tell us that the router is able to ping the next hop gateway. I wonder if the router is able to ping anything beyond that? And are you pinging using names for the destination or using IP addresses of the destination?
HTH
Rick
01-31-2014 03:44 AM
I set the address manually when connected from laptop to modem.
I am pinging using IP addresses
01-31-2014 03:48 AM
David,
Rick asked a good question that I didn't see an answer for. Can you ping anything outside of their modem? You have said that you can ping the default gateway from your router, which would be the ISP's router, but can you, from your Cisco, ping 8.8.8.8 or 8.8.4.4? If you can, try removing "ip nat outside" and "ip nat inside" from the router and then put them back on. I'm wondering if the nat translation table wasn't automatically rebuilt after changing the address on the router.
HTH,
John
*** Please rate all useful posts ***
01-31-2014 05:16 AM
Yes I can ping 8.8.8.8 and 8.8.4.4 from my router.
I have removed ip nat outside and ip nat inside from the rotuer and put them back in but nothing changed. Still unable to connect to the internet.
Unless I did it wrong. To remove, I entered the specific interface and typed 'no ip nat inside'
i.e
int fa0/0
no ip nat inside
exit
int fa0/1
no ip nat outside
exit
01-31-2014 06:36 AM
Okay, let's do this. Can you run "debug ip nat" and then "ping 8.8.8.8 source fa0/0" and then post the results? Also post "sh ip nat trans".
HTH,
John
*** Please rate all useful posts ***
01-31-2014 11:35 PM
debug ip nat
-------
*Feb 1 07:12:46.959: NAT: expiring 10.88.96.212 (192.168.5.8) udp 6100 (6100)
*Feb 1 07:12:51.055: NAT: expiring 10.88.96.212 (192.168.5.8) udp 6101 (6101)
*Feb 1 07:12:46.959: NAT: expiring 10.88.96.212 (192.168.5.8) udp 6102 (6102)
*Feb 1 07:12:58.735: NAT: expiring 10.88.96.212 (192.168.5.8) udp 6103 (6103)
*Feb 1 07:13:02.831: NAT: expiring 10.88.96.212 (192.168.5.8) udp 6104 (6104)
*Feb 1 07:13:06.927: NAT: expiring 10.88.96.212 (192.168.5.8) udp 6105 (6105
*Feb 1 07:13:24.847: NAT: expiring 10.88.96.212 (192.168.5.8) udp 6106 (6106)
*Feb 1 07:15:59.831: NAT*: s=192.168.5.10->10.88.96.212, d=132.245.1.25 [23311]
*Feb 1 07:16:00.307: NAT*: s=132.245.1.25, d=10.88.96.212->192.168.5.10 [590]
*Feb 1 07:16:39.915: NAT*: s=192.168.5.10->10.88.96.212, d=132.245.1.25 [23516]
*Feb 1 07:16:39.915: NAT*: s=192.168.5.10->10.88.96.212, d=132.245.1.25 [23517]
*Feb 1 07:16:39.919: NAT*: s=192.168.5.10->10.88.96.212, d=132.245.1.25 [23518]
*Feb 1 07:16:39.919: NAT*: s=192.168.5.10->10.88.96.212, d=132.245.1.25 [23519]
*Feb 1 07:16:40.183: NAT*: s=132.245.1.25, d=10.88.96.212->192.168.5.10 [15730]
*Feb 1 07:16:40.191: NAT*: s=132.245.1.25, d=10.88.96.212->192.168.5.10 [15735]
*Feb 1 07:16:40.911: NAT*: s=132.245.1.25, d=10.88.96.212->192.168.5.10 [16027]
*Feb 1 07:16:40.911: NAT*: s=132.245.1.25, d=10.88.96.212->192.168.5.10 [16028]
*Feb 1 07:16:40.915: NAT*: s=192.168.5.10->10.88.96.212, d=132.245.1.25 [23527]
*Feb 1 07:16:40.915: NAT*: s=132.245.1.25, d=10.88.96.212->192.168.5.10 [16029]
*Feb 1 07:16:40.919: NAT*: s=132.245.1.25, d=10.88.96.212->192.168.5.10 [16030]
*Feb 1 07:16:40.923: NAT*: s=192.168.5.10->10.88.96.212, d=132.245.1.25 [23528]
*Feb 1 07:20:00.951: NAT*: s=192.168.5.10->10.88.96.212, d=132.245.1.25 [24439]
*Feb 1 07:20:01.415: NAT*: s=132.245.1.25, d=10.88.96.212->192.168.5.10 [21093]
*Feb 1 07:20:36.331: NAT*: s=132.245.1.25, d=10.88.96.212->192.168.5.10 [7563]
*Feb 1 07:20:36.335: NAT*: s=132.245.1.25, d=10.88.96.212->192.168.5.10 [7564]
*Feb 1 07:20:36.335: NAT*: s=192.168.5.10->10.88.96.212, d=132.245.1.25 [24598]
*Feb 1 07:20:36.335: NAT*: s=192.168.5.10->10.88.96.212, d=132.245.1.25 [24599]
*Feb 1 07:20:36.799: NAT*: s=132.245.1.25, d=10.88.96.212->192.168.5.10 [8363]
*Feb 1 07:21:39.979: NAT*: s=192.168.5.10->10.88.96.212, d=132.245.1.25 [25017]
*Feb 1 07:21:39.979: NAT*: s=192.168.5.10->10.88.96.212, d=132.245.1.25 [25018]
*Feb 1 07:21:40.247: NAT*: s=132.245.1.25, d=10.88.96.212->192.168.5.10 [34]
*Feb 1 07:21:40.251: NAT*: s=132.245.1.25, d=10.88.96.212->192.168.5.10 [35]
*Feb 1 07:21:40.727: NAT*: s=192.168.5.10->10.88.96.212, d=132.245.1.25 [25023]
*Feb 1 07:21:40.995: NAT*: s=132.245.1.25, d=10.88.96.212->192.168.5.10 [257]
*Feb 1 07:21:40.995: NAT*: s=192.168.5.10->10.88.96.212, d=132.245.1.25 [25026]
*Feb 1 07:21:41.263: NAT*: s=132.245.1.25, d=10.88.96.212->192.168.5.10 [322]
*Feb 1 07:21:41.691: NAT*: s=132.245.1.25, d=10.88.96.212->192.168.5.10 [482]
*Feb 1 07:21:41.691: NAT*: s=132.245.1.25, d=10.88.96.212->192.168.5.10 [483]
*Feb 1 07:21:41.691: NAT*: s=132.245.1.25, d=10.88.96.212->192.168.5.10 [484]
*Feb 1 07:21:41.691: NAT*: s=132.245.1.25, d=10.88.96.212->192.168.5.10 [485]
*Feb 1 07:21:41.695: NAT*: s=192.168.5.10->10.88.96.212, d=132.245.1.25 [25028]
*Feb 1 07:21:41.695: NAT*: s=192.168.5.10->10.88.96.212, d=132.245.1.25 [25029]
ping 8.8.8.8 source fa0/0
-------
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
Packet sent with a source address of 192.168.5.1
!!!!!
Success rate is 0 percent (0/5)
--------
sh ip nat trans
-------
Pro Inside global Inside local Outside local Outside global
tcp 192.167.18.222:2020 192.168.5.10:2020 132.245.1.25 132.245.1.24:443
-------
sh ip route
-------
Gateway of last resort is 192.167.18.221 to network 0.0.0.0
C 192.168.5.0/24 is directly connected, FastEthernet0/0
192.167.18.0/30 is subnetted, 1 subnets
C 192.167.18.220 is directly connected, FastEthernet 0/1
S* 0.0.0.0/0 [1/0] via 192.167.18.221
-------
sh run | s nat
-------
ip nat inside
ip nat outside
ip nat outside
ip nat inside
ip nat inside source list 1 interface FastEthernet0/1 overload
Edit: typo in the debug part... 10.88.96.212 should be 192.167.18.222
02-01-2014 07:15 AM
David,
Can you ping 8.8.8.8 from a workstation? If so, it's dns related. You can test this by taking out the two name servers in your router and adding 8.8.8.8. After that, try to ping www.google.com sourcing from fa0/0. If you get a response, your natting/internet is working. Then put the same config (dns entries) on a workstation. Try to ping google from there. If that works, you're good.
HTH,
John
*** Please rate all useful posts ***
02-02-2014 02:00 AM
Oh man, turns out it was a dns issue like you and satya said.
I changed the name-servers in the router (to 8.8.8.8 and 4.4.4.4) and on my Laptop and the Internet WORKS!!!!
Which made me realise that I hadn't changed the forwarders on my DNS Servers in my LAN. So I changed the forwarders (on my DNS Server) to the ISP DNS IPs and now I can use the ISP name-servers in the router.
You guys have all been so awesome. In just these few days I have learnt so much. Everyone has been so helpful. Great community here
Thanks a lot
01-31-2014 07:34 AM
Hi,
in addition to John request could you also post sh ip route output as well as sh run | s nat
Regards
Alain
Don't forget to rate helpful posts.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide