Cisco 1841 router

01-27-2009, 08:18 AM

Hi all,

I just installed a 1841 router with an internet T1 as it's primary connection and a DSL for the backup. For some odd reason, I can't source ping fa0/1 (LAN interface) to any public IP addresses (4.2.2.2 for example). Now the users on that subnet are able to access the internet and ping any public IP addresses just fine. I really need to be able to source ping from the LAN interface for failover testing. Please advise.

------------------------------------------------

router# ping 4.2.2.2 source fastEthernet 0/1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:
Packet sent with a source address of 192.168.60.254
.....
Success rate is 0 percent (0/5)

-------------------------------------------------

version 12.4
service nagle
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
!
boot-start-marker
boot-end-marker
!
logging buffered 32000 debugging
!
aaa new-model
!
!
!
aaa session-id common
clock timezone PST -8
clock summer-time PDT recurring
no ip source-route
ip cef
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.60.10 192.168.60.20
ip dhcp excluded-address 192.168.60.1
ip dhcp excluded-address 192.168.60.254
!
ip dhcp pool kitchen
network 192.168.60.0 255.255.255.0
dns-server x.x.x.x
default-router 192.168.60.254
!
!
ip flow-cache timeout active 1
no ip domain lookup
ip sla monitor 1
type echo protocol ipIcmpEcho x.x.x.x source-interface Serial0/0/0
timeout 1000
threshold 2
frequency 15
ip sla monitor schedule 1 start-time now
vpdn enable
!
!
!
!

archive
log config
hidekeys
!
!
ip tcp selective-ack
ip tcp window-size 65535
ip tcp synwait-time 10
ip tcp path-mtu-discovery
ip ssh time-out 60
!
track 100 rtr 1 reachability
!
!
crypto isakmp policy 11
encr aes 256
authentication pre-share
group 5
crypto isakmp key xxxxx address x.x.x.x no-xauth
!
!
crypto ipsec transform-set encryption esp-aes 256 esp-sha-hmac
!
crypto map colovpn 11 ipsec-isakmp
set peer x.x.x.x
set transform-set encryption
match address 101
!
!
!
interface FastEthernet0/0
description DSL WAN Interface
no ip address
ip virtual-reassembly
no ip mroute-cache
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
no cdp enable
!
interface FastEthernet0/1
description LAN subnet
ip address 192.168.60.254 255.255.255.0
no ip unreachables
ip nat inside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
!
interface Serial0/0/0
description Internet T1
ip address x.x.x.x 255.255.255.252
no ip redirects
no ip unreachables
ip nat outside
ip virtual-reassembly
encapsulation ppp
no ip route-cache cef
no ip route-cache
no ip mroute-cache
crypto map colovpn
!
interface Dialer0
description DSL WAN Dialer
ip address negotiated
no ip unreachables
ip nat outside
ip virtual-reassembly
encapsulation ppp
no ip mroute-cache
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname xxxxx
ppp chap password 7 xxxxxx
ppp pap sent-username xxxxxx password 7 xxxxxxx
ppp ipcp dns request
ppp ipcp address accept
crypto map colovpn
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 x.x.x.x track 100
ip route 0.0.0.0 0.0.0.0 Dialer0 200
ip flow-export source FastEthernet0/1
ip flow-export version 5
ip flow-export destination 192.168.9.1 2055
!
no ip http server
no ip http secure-server
ip nat inside source list nat interface Serial0/0/0 overload
ip nat inside source list natDSL interface Dialer0 overload
!
ip access-list extended nat
deny ip 192.168.60.0 0.0.0.255 192.168.52.0 0.0.0.15
deny ip 192.168.60.0 0.0.0.255 192.168.8.0 0.0.3.255
permit ip any any
ip access-list extended natDSL
deny ip 192.168.60.0 0.0.0.255 192.168.52.0 0.0.0.15
deny ip 192.168.60.0 0.0.0.255 192.168.8.0 0.0.3.255
permit ip any any
!
logging history informational
logging facility syslog
logging source-interface FastEthernet0/1
logging 192.168.9.1
access-list 101 permit ip 192.168.60.0 0.0.0.255 192.168.52.0 0.0.0.15
access-list 101 permit ip 192.168.60.0 0.0.0.255 192.168.8.0 0.0.3.255
access-list 101 deny ip any any

--------------------------------------------
router#sho ip int br
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 unassigned YES NVRAM up up
FastEthernet0/1 192.168.60.254 YES NVRAM up up
Serial0/0/0 x.x.x.x YES NVRAM up up
NVI0 unassigned NO unset up up
Virtual-Access1 unassigned YES unset up up
Virtual-Access2 unassigned YES unset up up
Dialer0 x.x.x.x YES IPCP up up

yg1985

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Ca't telnet to cisco router from outside network. Inside works fine..	ejeangilles	Hardware	1	04-08-2009 03:42 AM
Cisco Router can't connect to internet t1	pgmarcus	Hardware	1	10-31-2008 07:58 PM
Cisco 831 Comcast Internet Cable Modem	chesco9	Hardware	0	10-03-2008 09:38 AM
Cisco VPN Restrict Access by IP ?	samirise	Hardware	1	12-16-2007 03:17 PM
The Non-Arguable Case Against the Bush Administration 1	Sara	DVD Video	65	11-07-2004 02:42 AM

01-27-2009, 08:18 AM	#1
	Cisco 1841 router - can't source ping inside to internet Hi all, I just installed a 1841 router with an internet T1 as it's primary connection and a DSL for the backup. For some odd reason, I can't source ping fa0/1 (LAN interface) to any public IP addresses (4.2.2.2 for example). Now the users on that subnet are able to access the internet and ping any public IP addresses just fine. I really need to be able to source ping from the LAN interface for failover testing. Please advise. ------------------------------------------------ router# ping 4.2.2.2 source fastEthernet 0/1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds: Packet sent with a source address of 192.168.60.254 ..... Success rate is 0 percent (0/5) ------------------------------------------------- version 12.4 service nagle no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption ! ! boot-start-marker boot-end-marker ! logging buffered 32000 debugging ! aaa new-model ! ! ! aaa session-id common clock timezone PST -8 clock summer-time PDT recurring no ip source-route ip cef ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 no ip dhcp use vrf connected ip dhcp excluded-address 192.168.60.10 192.168.60.20 ip dhcp excluded-address 192.168.60.1 ip dhcp excluded-address 192.168.60.254 ! ip dhcp pool kitchen network 192.168.60.0 255.255.255.0 dns-server x.x.x.x default-router 192.168.60.254 ! ! ip flow-cache timeout active 1 no ip domain lookup ip sla monitor 1 type echo protocol ipIcmpEcho x.x.x.x source-interface Serial0/0/0 timeout 1000 threshold 2 frequency 15 ip sla monitor schedule 1 start-time now vpdn enable ! ! ! ! archive log config hidekeys ! ! ip tcp selective-ack ip tcp window-size 65535 ip tcp synwait-time 10 ip tcp path-mtu-discovery ip ssh time-out 60 ! track 100 rtr 1 reachability ! ! crypto isakmp policy 11 encr aes 256 authentication pre-share group 5 crypto isakmp key xxxxx address x.x.x.x no-xauth ! ! crypto ipsec transform-set encryption esp-aes 256 esp-sha-hmac ! crypto map colovpn 11 ipsec-isakmp set peer x.x.x.x set transform-set encryption match address 101 ! ! ! interface FastEthernet0/0 description DSL WAN Interface no ip address ip virtual-reassembly no ip mroute-cache duplex auto speed auto pppoe enable group global pppoe-client dial-pool-number 1 no cdp enable ! interface FastEthernet0/1 description LAN subnet ip address 192.168.60.254 255.255.255.0 no ip unreachables ip nat inside ip virtual-reassembly ip route-cache flow duplex auto speed auto ! interface Serial0/0/0 description Internet T1 ip address x.x.x.x 255.255.255.252 no ip redirects no ip unreachables ip nat outside ip virtual-reassembly encapsulation ppp no ip route-cache cef no ip route-cache no ip mroute-cache crypto map colovpn ! interface Dialer0 description DSL WAN Dialer ip address negotiated no ip unreachables ip nat outside ip virtual-reassembly encapsulation ppp no ip mroute-cache dialer pool 1 dialer-group 1 no cdp enable ppp authentication chap pap callin ppp chap hostname xxxxx ppp chap password 7 xxxxxx ppp pap sent-username xxxxxx password 7 xxxxxxx ppp ipcp dns request ppp ipcp address accept crypto map colovpn ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 x.x.x.x track 100 ip route 0.0.0.0 0.0.0.0 Dialer0 200 ip flow-export source FastEthernet0/1 ip flow-export version 5 ip flow-export destination 192.168.9.1 2055 ! no ip http server no ip http secure-server ip nat inside source list nat interface Serial0/0/0 overload ip nat inside source list natDSL interface Dialer0 overload ! ip access-list extended nat deny ip 192.168.60.0 0.0.0.255 192.168.52.0 0.0.0.15 deny ip 192.168.60.0 0.0.0.255 192.168.8.0 0.0.3.255 permit ip any any ip access-list extended natDSL deny ip 192.168.60.0 0.0.0.255 192.168.52.0 0.0.0.15 deny ip 192.168.60.0 0.0.0.255 192.168.8.0 0.0.3.255 permit ip any any ! logging history informational logging facility syslog logging source-interface FastEthernet0/1 logging 192.168.9.1 access-list 101 permit ip 192.168.60.0 0.0.0.255 192.168.52.0 0.0.0.15 access-list 101 permit ip 192.168.60.0 0.0.0.255 192.168.8.0 0.0.3.255 access-list 101 deny ip any any -------------------------------------------- router#sho ip int br Interface IP-Address OK? Method Status Protocol FastEthernet0/0 unassigned YES NVRAM up up FastEthernet0/1 192.168.60.254 YES NVRAM up up Serial0/0/0 x.x.x.x YES NVRAM up up NVI0 unassigned NO unset up up Virtual-Access1 unassigned YES unset up up Virtual-Access2 unassigned YES unset up up Dialer0 x.x.x.x YES IPCP up up yg1985