How do I configure WAN connection on Cisco 2811 router

kltconsulting · ‎11-12-2007

I am trying to configure the WAN connection on a 2811 series router, but am not having any luck. I'm new to the Cisco world, and I'm trying to set up the router with an existing broadband cable connection. I configure the interface for 'Outside', set the static ip\netmask and create a NAT rule between this outside interface and the routers inside interface. However, when I test the connection on the router, I get an error that reads: "To test connectivity, SDM tries to ping the configured DNS servers. However, there is no configured route to any of the DNS servers through the selected interface." I go into SDM - Additional Tasks - DNS - Enable DNS and then add the DNS servers my ISP provided. Then, I get an error that reads: Ping to the destination host(s) failed. The possible reason may be one of the following, 1. The detected DNS servers or the IP address or hostname specified are unreachable or not responding." Not sure what to do here.

JORGE RODRIGUEZ · ‎11-12-2007

Can you post router configuration , strip out public IP.

Jorge Rodriguez

kltconsulting · ‎11-12-2007

Building configuration...

Current configuration : 3430 bytes

!

version 12.4

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

service password-encryption

service sequence-numbers

!

hostname CISCO2811

!

boot-start-marker

boot-end-marker

!

security authentication failure rate 3 log

security passwords min-length 6

logging buffered 51200 debugging

logging console critical

enable secret xxx

!

no aaa new-model

!

resource policy

!

clock timezone PCTime -6

clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00

ip subnet-zero

no ip source-route

ip tcp synwait-time 10

!

ip cef

!

no ip bootp server

ip domain name westernmotorcompany.com

ip name-server 68.x.x.20

!

username admin privilege 15 secret xxx

!

interface FastEthernet0/0

description $ETH-SW-LAUNCH$$INTF-INFO-FE 0/0$$ES_LAN$$FW_INSIDE$$ETH-LAN$

ip address 10.4.167.252 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

ip route-cache flow

duplex auto

speed auto

no mop enabled

!

interface FastEthernet0/1

description $ES_WAN$$FW_OUTSIDE$$ETH-WAN$

ip address X.X.X.X 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat outside

ip route-cache flow

duplex auto

speed auto

no mop enabled

!

interface FastEthernet0/0/0

description DSL Line

!

interface FastEthernet0/0/1

!

interface FastEthernet0/0/2

!

interface FastEthernet0/0/3

!

interface Vlan1

ip address X.X.X.X 255.255.255.248

!

ip classless

ip route 0.0.0.0 0.0.0.0 FastEthernet0/1 permanent

ip route 63.96.4.94 255.255.255.255 Vlan1 permanent

ip route 63.96.4.95 255.255.255.255 Vlan1 permanent

ip route 68.230.242.29 255.255.255.255 FastEthernet0/1 permanent

!

ip http server

ip http authentication local

ip http timeout-policy idle 5 life 86400 requests 10000

ip nat inside source static tcp 10.4.167.102 80 interface FastEthernet0/1 80

ip nat inside source static tcp 10.4.167.102 25 interface FastEthernet0/1 25

ip nat inside source static tcp 10.4.167.100 3389 interface FastEthernet0/1 3389

!

ip access-list extended sdm_fastethernet0/0_in_100

remark SDM_ACL Category=1

permit udp host 10.4.167.100 eq domain any

permit icmp any any

permit ip any any

permit tcp any any

ip access-list extended sdm_fastethernet0/0_out

remark SDM_ACL Category=1

permit udp any any

permit ip any any

permit tcp any any

ip access-list extended sdm_fastethernet0/1_in

remark SDM_ACL Category=1

permit udp host 68.230.242.29 eq domain any

permit udp host 68.230.242.20 eq domain any

permit tcp any any

permit icmp any any

permit tcp any host X.X.X.X eq wwwX.X.X.X 24.249.107.28 eq smtp

permit ip any any

ip access-list extended sdm_fastethernet0/1_out

remark SDM_ACL Category=1

permit tcp any any

!

logging trap debugging

access-list 1 remark SDM_ACL Category=2

access-list 1 permit 10.4.167.0 0.0.0.255

access-list 1 permit X.X.X.X 0.0.0.7

no cdp run

!

control-plane

!

banner login ^CAuthorized access only!

Disconnect IMMEDIATELY if you are not an authorized user!^C

!

line con 0

login local

transport output telnet

line aux 0

login local

transport output telnet

line vty 0 4

privilege level 15

login local

transport input telnet

line vty 5 15

privilege level 15

login local

transport input telnet

!

scheduler allocate 20000 1000

!

end

JORGE RODRIGUEZ · ‎11-12-2007

did you try changing your default route,

defaul route should be next hop.

if you change this

ip route 0.0.0.0 0.0.0.0 FastEthernet0/1

with

ip route 0.0.0.0 0.0.0.0 ISP_NEXT_HOP_IP

Try and let us know the result.

Jorge Rodriguez

kltconsulting · ‎11-12-2007

Ya, I changed that and received an error when the host was pinged. Host did not return a response. I have a Cisco ASA that is set up that way, where the defualt route is the ISP's first hop. However, I'm just not getting out with this setup. Could it be an ACL problem?

JORGE RODRIGUEZ · ‎11-12-2007

I see what the problem may be, create dynamic NAT for your inside hosts or 10.4.167.0 subnet get out outbound internet.

e.g

ip nat pool mypool interface fastethernet0/1

ip nat inside source list 1 mypool overload

you already have acl 1

access-list 1 permit 10.4.167.0 0.0.0.255

Jorge Rodriguez