11-12-2007 12:40 PM - edited 03-03-2019 07:31 PM
I am trying to configure the WAN connection on a 2811 series router, but am not having any luck. I'm new to the Cisco world, and I'm trying to set up the router with an existing broadband cable connection. I configure the interface for 'Outside', set the static ip\netmask and create a NAT rule between this outside interface and the routers inside interface. However, when I test the connection on the router, I get an error that reads: "To test connectivity, SDM tries to ping the configured DNS servers. However, there is no configured route to any of the DNS servers through the selected interface." I go into SDM - Additional Tasks - DNS - Enable DNS and then add the DNS servers my ISP provided. Then, I get an error that reads: Ping to the destination host(s) failed. The possible reason may be one of the following, 1. The detected DNS servers or the IP address or hostname specified are unreachable or not responding." Not sure what to do here.
11-12-2007 01:07 PM
Can you post router configuration , strip out public IP.
11-12-2007 01:21 PM
Building configuration...
Current configuration : 3430 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname CISCO2811
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret xxx
!
no aaa new-model
!
resource policy
!
clock timezone PCTime -6
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
ip subnet-zero
no ip source-route
ip tcp synwait-time 10
!
!
ip cef
!
!
no ip bootp server
ip domain name westernmotorcompany.com
ip name-server 68.x.x.20
!
username admin privilege 15 secret xxx
!
!
!
interface FastEthernet0/0
description $ETH-SW-LAUNCH$$INTF-INFO-FE 0/0$$ES_LAN$$FW_INSIDE$$ETH-LAN$
ip address 10.4.167.252 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip route-cache flow
duplex auto
speed auto
no mop enabled
!
interface FastEthernet0/1
description $ES_WAN$$FW_OUTSIDE$$ETH-WAN$
ip address X.X.X.X 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip route-cache flow
duplex auto
speed auto
no mop enabled
!
interface FastEthernet0/0/0
description DSL Line
!
interface FastEthernet0/0/1
!
interface FastEthernet0/0/2
!
interface FastEthernet0/0/3
!
interface Vlan1
ip address X.X.X.X 255.255.255.248
!
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1 permanent
ip route 63.96.4.94 255.255.255.255 Vlan1 permanent
ip route 63.96.4.95 255.255.255.255 Vlan1 permanent
ip route 68.230.242.29 255.255.255.255 FastEthernet0/1 permanent
!
ip http server
ip http authentication local
ip http timeout-policy idle 5 life 86400 requests 10000
ip nat inside source static tcp 10.4.167.102 80 interface FastEthernet0/1 80
ip nat inside source static tcp 10.4.167.102 25 interface FastEthernet0/1 25
ip nat inside source static tcp 10.4.167.100 3389 interface FastEthernet0/1 3389
!
ip access-list extended sdm_fastethernet0/0_in_100
remark SDM_ACL Category=1
permit udp host 10.4.167.100 eq domain any
permit icmp any any
permit ip any any
permit tcp any any
ip access-list extended sdm_fastethernet0/0_out
remark SDM_ACL Category=1
permit udp any any
permit ip any any
permit tcp any any
ip access-list extended sdm_fastethernet0/1_in
remark SDM_ACL Category=1
permit udp host 68.230.242.29 eq domain any
permit udp host 68.230.242.20 eq domain any
permit tcp any any
permit icmp any any
permit tcp any host X.X.X.X eq wwwX.X.X.X 24.249.107.28 eq smtp
permit ip any any
ip access-list extended sdm_fastethernet0/1_out
remark SDM_ACL Category=1
permit tcp any any
!
logging trap debugging
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.4.167.0 0.0.0.255
access-list 1 permit X.X.X.X 0.0.0.7
no cdp run
!
control-plane
!
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet
line vty 5 15
privilege level 15
login local
transport input telnet
!
scheduler allocate 20000 1000
!
end
11-12-2007 01:40 PM
did you try changing your default route,
defaul route should be next hop.
if you change this
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1
with
ip route 0.0.0.0 0.0.0.0 ISP_NEXT_HOP_IP
Try and let us know the result.
11-12-2007 02:25 PM
Ya, I changed that and received an error when the host was pinged. Host did not return a response. I have a Cisco ASA that is set up that way, where the defualt route is the ISP's first hop. However, I'm just not getting out with this setup. Could it be an ACL problem?
11-12-2007 08:04 PM
I see what the problem may be, create dynamic NAT for your inside hosts or 10.4.167.0 subnet get out outbound internet.
e.g
ip nat pool mypool interface fastethernet0/1
ip nat inside source list 1 mypool overload
you already have acl 1
access-list 1 permit 10.4.167.0 0.0.0.255
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide