Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6904
Views
0
Helpful
5
Replies

HELP! Cisco 1921 Router Won't Route LAN to WAN traffic

Go to solution
wedwards
Level 1
Level 1

‎02-19-2012 07:41 AM - edited ‎03-04-2019 03:20 PM

At this point I am very frustrated.  The router passes the Interface test for the WAN port in CCP but it still we cannot access the internet.  ANY HELP WOULD BE GREATLY APPRECIATED!  Here is my configuration:

Building configuration...

Current configuration : 3663 bytes

!

! Last configuration change at 09:29:52 Chicago Mon Feb 20 2012 by fbcpekin

version 15.1

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Router

!

boot-start-marker

boot-end-marker

!

!

no logging buffered

!

no aaa new-model

!

clock timezone Chicago -6 0

clock summer-time Chicago date Apr 6 2003 2:00 Oct 26 2003 2:00

!

no ipv6 cef

ip source-route

ip cef

!

!

!

ip dhcp excluded-address 192.168.1.1 192.168.1.9

ip dhcp excluded-address 192.168.1.101 192.168.1.254

!

ip dhcp pool FBCPEKIN

import all

network 192.168.1.0 255.255.255.0

!

!

no ip domain lookup

!

multilink bundle-name authenticated

!

crypto pki token default removal timeout 0

!

crypto pki trustpoint TP-self-signed-3546398486

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-3546398486

revocation-check none

rsakeypair TP-self-signed-3546398486

!

!

crypto pki certificate chain TP-self-signed-3546398486

certificate self-signed 01

  3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030

  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

  69666963 6174652D 33353436 33393834 3836301E 170D3132 30323139 30333035

  35365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649

  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 35343633

  39383438 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281

  8100B860 89AC13B6 CA531BD3 74C101FE 61B692F8 489F752F 446A67F8 585C79DB

  0903ECBF ABDDD96C 48E3A722 079C2C75 4DF10411 4E324ABC 91525659 FF0DF5ED

  5D402F3B E58149BC CCC59CC2 AE3791B8 E01D1058 D4C138CA 9CC5DF1D FF6C4982

  D87555F2 98E3BE0E 9AD0EBAD 0046088F 975153CE 831448DB C980E871 CE210F11

  4BB10203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603

  551D2304 18301680 14684EFE D8F89D07 8BEB59C1 2A0B4EB6 4381C6E2 F1301D06

  03551D0E 04160414 684EFED8 F89D078B EB59C12A 0B4EB643 81C6E2F1 300D0609

  2A864886 F70D0101 05050003 81810077 E7BF3077 00BE1B82 753CB4FA 21EB3050

  9F69D5B2 D1DD0C25 064BEACF A4CFBB15 A3387FED 83FBFB45 E2B29096 93F1E032

  9AC08D09 2619A6C7 40F0983F 27F42A33 F4EC689E BA86B6D5 8DF0AC43 B4ABBF56

  A369433F 51F97571 4F66CD0E A8021C43 43072C28 E5295F7A E3FEB3C6 D5B046C9

  2B776313 42FC7517 F98FF7A3 E1B420

            quit

license udi pid CISCO1921/K9 sn FTX155283EJ

license boot module c1900 technology-package securityk9

!

!

username fbcpekin privilege 15 secret 5 $1$a8TV$EO9ocWsA1p8R/SYt.a0lZ/

!

redundancy

!

!

!

!

!

!

!

!

!

!

!

interface Embedded-Service-Engine0/0

no ip address

shutdown

!

interface GigabitEthernet0/0

description $ETH-LAN$

ip address 192.168.1.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

duplex auto

speed auto

!

interface GigabitEthernet0/1

description $ETH-WAN$

ip address dhcp client-id GigabitEthernet0/1

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

!

ip forward-protocol nd

!

ip http server

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

ip nat pool FBCPEKIN 192.168.1.10 192.168.1.250 netmask 255.255.255.0

ip route 0.0.0.0 0.0.0.0 98.215.144.1 254

ip route 0.0.0.0 0.0.0.0 dhcp

!

!

!

!

!

!

!

control-plane

!

!

!

line con 0

line aux 0

line 2

no activation-character

no exec

transport preferred none

transport input all

transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

stopbits 1

line vty 0 4

privilege level 15

login local

transport input telnet ssh

transport output telnet ssh

line vty 5 15

privilege level 15

login local

transport input telnet ssh

transport output telnet ssh

!

scheduler allocate 20000 1000

end

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Safar Safarov
Level 1
Level 1

‎02-19-2012 09:05 AM

Hi,

add a standard access list

access-list 1 permit 192.168.1.0 0.0.0.255

change your NAT and route

ip nat inside source list 1 interface GigabitEthernet0/1 overload

ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1

Hope this will help you.

View solution in original post

0 Helpful

Go to solution
cadet alain
VIP Alumni
VIP Alumni
In response to Safar Safarov

‎02-19-2012 09:35 AM

Hi,

try avoiding configuring a static route pointing to  outgoing multipoint interface, use the the next-hop in this case

ip route 0.0.0.0 0.0.0.0 98.215.144.1 254

ip route 0.0.0.0 0.0.0.0 dhcp

The second route  will also have an AD of 254 but it shouldn't be configured because just by issuing ip address dhcp you should obtain the same result.

So I would remove both satic and do a sh ip route static and if it is empty you can choose which one to use( if you know the gateway of last resort then you can choose option 1) because i highly doubt option  2 will work  if you already can't get it through dhcp with the ip address dhcp command.

Regards.

Alain

And indeed he must configure the NAt like you suggested

Don't forget to rate helpful posts.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Safar Safarov
Level 1
Level 1

‎02-19-2012 09:05 AM

Hi,

add a standard access list

access-list 1 permit 192.168.1.0 0.0.0.255

change your NAT and route

ip nat inside source list 1 interface GigabitEthernet0/1 overload

ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1

Hope this will help you.

0 Helpful

Go to solution
cadet alain
VIP Alumni
VIP Alumni
In response to Safar Safarov

‎02-19-2012 09:35 AM

Hi,

try avoiding configuring a static route pointing to  outgoing multipoint interface, use the the next-hop in this case

ip route 0.0.0.0 0.0.0.0 98.215.144.1 254

ip route 0.0.0.0 0.0.0.0 dhcp

The second route  will also have an AD of 254 but it shouldn't be configured because just by issuing ip address dhcp you should obtain the same result.

So I would remove both satic and do a sh ip route static and if it is empty you can choose which one to use( if you know the gateway of last resort then you can choose option 1) because i highly doubt option  2 will work  if you already can't get it through dhcp with the ip address dhcp command.

Regards.

Alain

And indeed he must configure the NAt like you suggested

Don't forget to rate helpful posts.
0 Helpful

Go to solution
Safar Safarov
Level 1
Level 1
In response to cadet alain

‎02-19-2012 09:55 AM

Hi Alain,

Agree with you in case he knows next-hop address.

Cheers,

Safar.

0 Helpful

Go to solution
wedwards
Level 1
Level 1

‎02-19-2012 10:57 AM

Ok Guys, I really do appreciate the input!  I changed the config exactly as Safar had suggested and I did get me my internet access! 

However,  it was ridiculously slow.  So I looked at Alain's suggestion and removed all my routes accept the DHCP and now it is perfect.

Thanks couldn't have done it without you guys!

0 Helpful

Go to solution
cadet alain
VIP Alumni
VIP Alumni
In response to wedwards

‎02-19-2012 11:12 AM

Hi,

Happy it is working now.

could you mark the thread as solved and rate helpful posts.

Regards.

Alain

Don't forget to rate helpful posts.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card