Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Unable to route out WAN

I understand the question I am about to ask must be a very simple problem. My situation, I have a 2811 router that has two FE ports. 0/0 is WAN and 0/1 is LAN. 0/0 is set for DHCP and 0/1 is xxx.xx.35.225 255.255.255.240. I can ping everything when I am telnet in the router but if I try pinging from the host machine I can ping my routers lan and wan interface but nothing else. When I do a tracert from the host machine it times out after the lan interface. Any suggestions?

Rt1(config)#do show run
Building configuration...

Current configuration : 1056 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Rt1
!
boot-start-marker
boot-end-marker
!
no logging buffered
enable password cisco
!
no aaa new-model
!
resource policy
!
ip subnet-zero
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address xxx.xx.35.225 xxx.xx.35.228
!
ip dhcp pool KIT_7_DHCP
   network xxx.xx.35.224 255.255.255.240
   default-router xxx.xx.35.225
   dns-server 8.8.8.8
   lease 3
!
!
!
!
!
!
username xxxxxx privilege 15 password 0 xxxxxxxxxxxx
!
!
!
!
interface FastEthernet0/0
ip address dhcp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
ip address xxx.xx.35.225 255.255.255.240
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
ip classless
ip route 0.0.0.0 0.0.0.0 dhcp
!
ip http server
ip http authentication local
no ip http secure-server
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line vty 0 4
password cisco
login
!
scheduler allocate 20000 1000
!
end

1 ACCEPTED SOLUTION

Accepted Solutions
Silver

Re: Unable to route out WAN

NAT is provisioned on the interfaces but there are no NAT rules defined.  Could it be the LAN traffic is not being translated and the service provider network has no idea what to do with it?

There are may ways to configure NAT but the following may be helpful in this case:

access-list 101 permit ip xxx.xx.35.225 0.0.0.15 any

ip nat inside source list 101 interface fa0/0 overload


Because the outside interface receives it's IP address via DHCP there's nothing wrong with the default gateway next hop being learned via DHCP.  With this config remember you'll encounter some of the same problems any DHCP host will encounter in regard to requesting, receiving and renewing DHCP information.  It would be worth your while to have a static IP address and default gateway in regard to network infrastructure that all users depend on.


Chris

4 REPLIES
New Member

Re: Unable to route out WAN

HI Brandon,

Change your ip route statement to

ip route 0.0.0.0 0.0.0.0 FastEthernet0/0

Mario

Hall of Fame Super Gold

Re: Unable to route out WAN

marioagarcia@gmail.com

HI Brandon,

Change your ip route statement to

ip route 0.0.0.0 0.0.0.0 FastEthernet0/0

Mario

No, that is VERY wrong, NEVER point routes directly to LAN interface, always use next hop address.

However, regarding the problem for the OP, it is due that other device have no routing configuration to go bacjk to router.

Silver

Re: Unable to route out WAN

NAT is provisioned on the interfaces but there are no NAT rules defined.  Could it be the LAN traffic is not being translated and the service provider network has no idea what to do with it?

There are may ways to configure NAT but the following may be helpful in this case:

access-list 101 permit ip xxx.xx.35.225 0.0.0.15 any

ip nat inside source list 101 interface fa0/0 overload


Because the outside interface receives it's IP address via DHCP there's nothing wrong with the default gateway next hop being learned via DHCP.  With this config remember you'll encounter some of the same problems any DHCP host will encounter in regard to requesting, receiving and renewing DHCP information.  It would be worth your while to have a static IP address and default gateway in regard to network infrastructure that all users depend on.


Chris

New Member

Re: Unable to route out WAN

I believe you got it right, I put a Linksys router between the 2811 and the WAN connection I have then put a static route on the Linksys pointing back to the IP address it was giving the 2811 and all traffic started flowing ( i kept the -ip route 0.0.0.0 0.0.0.0 dhcp- and also tried changing dhcp to fasteithernet 0/0 and an IP address, all worked fine).

I little bit more about what my setup is designed for, it is a mobile kit that is to VPN back into my companies network, so the xxx.xx.35.0 network is public IP space. The fix for now was to have access to the device that is giving my WAN connection and put a static route in it, but I will not always have that ability. Maybe it is that once the VPN tunnel was configured it would route properly because it is now back into the xxx.xx.0.0 network?

Regarding the VPN, the "kits" that I am refering to are currently in working condition but the router is a Sonicwall router and the VPN is setup through the sonicwall's gui. We are trying to replace all the equipment in our mobile kits with Cisco products. It is a site-to-site and uses ike and ipsec. Any suggestion on where some good reading matterial for this type of setup can befound so I can figure out how to put those settingins into cli format and into the cisco routers?

Thanks for your help and the quick feedback from everyone, this is a great resource.

Brandon

669
Views
5
Helpful
4
Replies
CreatePlease login to create content