cisco router weird problem (should be simple)

Discussion in 'Cisco' started by Joe, Dec 4, 2003.

  1. Joe

    Joe Guest

    Hi, helpers,

    We have just installed T1 service. The T1 provider turned up the
    service this morning. However, we have a problem connecting our client
    machine to outside.

    Here is some info from the T1 provider -- Qwest:

    Qwest Serial: 65.112.97.133/30(255.255.255.252)
    Customer Serial: 65.112.97.134/30(255.255.255.252)
    Encapsulation: HDLC
    LAN IP Block: 65.115.16.64/27(255.255.255.224)
    Routing Type: Static

    Here is the configuration:

    ip subnet-zero
    !
    interface fastEthernet0/0
    ip address 10.10.10.1 255.255.255.0
    duplex auto
    speed auto
    !
    interface serial0/0
    ip address 65.112.97.134 255.255.255.252
    !
    interface fastEthernet0/1
    ip address 192.168.0.1 255.255.255.0
    duplex auto
    speed auto
    !
    router rip
    network 10.0.0.0
    !
    ip classless
    ip route 0.0.0.0 0.0.0.0 65.112.97.133
    no ip http server

    From a client machine 10.10.10.10, we can ping 10.10.10.1,
    65.112.97.134; we can also ping another interface 192.168.0.1 and that
    subnet machines like 192.168.0.2. But we cannot ping 65.112.97.133 and
    outside ip like 216.109.117.204.

    This client machine(10.10.10.10) is with a mask of 255.255.255.0 and a
    gateway of 10.10.10.1. From "route print" command, it has no routing
    problem. However, when I "traceroute" to outside ip addresses like
    216.109.117.204, it stops at 10.10.10.1.

    From the router, the "show ip route" command shows the following info:

    Gateway of last resort is 65.112.97.133 to network 0.0.0.0
    65.0.0.0/30 is subnetted, 1 subnets
    C 65.112.97.132 is directly connected, serial0/0
    C 10.10.0.0/24 is subnetted, 1 subnets
    C 10.10.10.0 is directly connected, fastethernet0/0
    C 192.168.0.0/24 is directly connected, fastethernet0/1
    S* 0.0.0.0/0 [1/0] via 65.112.97.133 is directly connected, serial0/0

    From the router, I can ping both outside and inside ip addresses.

    I guess I may have missed something. Any advices will be highly
    appreciated.

    Sincerely,
    Joe Gao
    Joe, Dec 4, 2003
    #1
    1. Advertising

  2. (Joe) writes:
    >We have just installed T1 service. The T1 provider turned up the
    >service this morning. However, we have a problem connecting our client
    >machine to outside.


    >Here is some info from the T1 provider -- Qwest:


    >Qwest Serial: 65.112.97.133/30(255.255.255.252)
    >Customer Serial: 65.112.97.134/30(255.255.255.252)
    >Encapsulation: HDLC
    >LAN IP Block: 65.115.16.64/27(255.255.255.224)
    >Routing Type: Static


    >Here is the configuration:
    >
    >ip subnet-zero
    >!
    >interface fastEthernet0/0
    > ip address 10.10.10.1 255.255.255.0
    > duplex auto
    > speed auto
    >!
    >interface serial0/0
    > ip address 65.112.97.134 255.255.255.252



    You don't have NAT turned on. If you are using private IP space (ie. 10.10.10)
    you'll need to NAT into your public range of 65.115.16.64/27.

    http://www.cisco.com/pcgi-bin/Support/browse/psp_view.pl?p=Internetworking:NAT


    --
    Doug McIntyre
    Network Engineer/Jack of All Trades
    Vector Internet Services, Inc.
    Doug McIntyre, Dec 4, 2003
    #2
    1. Advertising

  3. Joe

    PES Guest

    You have no NAT. Those private ip's will not work on the internet. You
    need to do the following.

    1. Assign interfaces to inside or outside

    To do this go to each interface and do and ip nat inside or outside
    statement. For example

    interface fastEthernet0/0
    ip nat inside
    !
    interface fastEthernet0/1
    ip nat inside
    !
    interface serial0/0
    ip nat outside
    !

    2. You need to create access-lists to assign what is to be translated.

    access-list 1 10.10.10.0 0.0.0.255
    access-list 1 192.168.0.0 0.0.0.255

    3. Your next step is to either overload on an interface or create a pool
    (using your lan range). It is easiest to overload on an interface.

    ip nat inside source list 1 interface s0/0 overload


    "Joe" <> wrote in message
    news:...
    > Hi, helpers,
    >
    > We have just installed T1 service. The T1 provider turned up the
    > service this morning. However, we have a problem connecting our client
    > machine to outside.
    >
    > Here is some info from the T1 provider -- Qwest:
    >
    > Qwest Serial: 65.112.97.133/30(255.255.255.252)
    > Customer Serial: 65.112.97.134/30(255.255.255.252)
    > Encapsulation: HDLC
    > LAN IP Block: 65.115.16.64/27(255.255.255.224)
    > Routing Type: Static
    >
    > Here is the configuration:
    >
    > ip subnet-zero
    > !
    > interface fastEthernet0/0
    > ip address 10.10.10.1 255.255.255.0
    > duplex auto
    > speed auto
    > !
    > interface serial0/0
    > ip address 65.112.97.134 255.255.255.252
    > !
    > interface fastEthernet0/1
    > ip address 192.168.0.1 255.255.255.0
    > duplex auto
    > speed auto
    > !
    > router rip
    > network 10.0.0.0
    > !
    > ip classless
    > ip route 0.0.0.0 0.0.0.0 65.112.97.133
    > no ip http server
    >
    > From a client machine 10.10.10.10, we can ping 10.10.10.1,
    > 65.112.97.134; we can also ping another interface 192.168.0.1 and that
    > subnet machines like 192.168.0.2. But we cannot ping 65.112.97.133 and
    > outside ip like 216.109.117.204.
    >
    > This client machine(10.10.10.10) is with a mask of 255.255.255.0 and a
    > gateway of 10.10.10.1. From "route print" command, it has no routing
    > problem. However, when I "traceroute" to outside ip addresses like
    > 216.109.117.204, it stops at 10.10.10.1.
    >
    > From the router, the "show ip route" command shows the following info:
    >
    > Gateway of last resort is 65.112.97.133 to network 0.0.0.0
    > 65.0.0.0/30 is subnetted, 1 subnets
    > C 65.112.97.132 is directly connected, serial0/0
    > C 10.10.0.0/24 is subnetted, 1 subnets
    > C 10.10.10.0 is directly connected, fastethernet0/0
    > C 192.168.0.0/24 is directly connected, fastethernet0/1
    > S* 0.0.0.0/0 [1/0] via 65.112.97.133 is directly connected, serial0/0
    >
    > From the router, I can ping both outside and inside ip addresses.
    >
    > I guess I may have missed something. Any advices will be highly
    > appreciated.
    >
    > Sincerely,
    > Joe Gao
    PES, Dec 4, 2003
    #3
  4. Joe

    Vinny Abello Guest

    OK, a few things here.

    If you're just doing static routing, get rid of the router rip
    section. It's not needed.

    How are you planning on using the /27 assigned to you? If you want to
    have it fully routed, just add it to an ethernet interface as either
    the primary ip address or a secondary.

    Also, if you want to be able to use private IP address space you'll
    need to configure NAT.

    I'll insert some statements in your config that should make NAT work,
    but I only got 4 hours of sleep last night so don't be surprised if it
    doesn't work. :) I'm sure someone else will correct me if I make a
    mistake. :D

    On 3 Dec 2003 16:08:30 -0800, (Joe) wrote:

    >Hi, helpers,
    >
    >We have just installed T1 service. The T1 provider turned up the
    >service this morning. However, we have a problem connecting our client
    >machine to outside.
    >
    >Here is some info from the T1 provider -- Qwest:
    >
    >Qwest Serial: 65.112.97.133/30(255.255.255.252)
    >Customer Serial: 65.112.97.134/30(255.255.255.252)
    >Encapsulation: HDLC
    >LAN IP Block: 65.115.16.64/27(255.255.255.224)
    >Routing Type: Static
    >
    >Here is the configuration:
    >
    >ip subnet-zero
    >!
    >interface fastEthernet0/0
    > ip address 10.10.10.1 255.255.255.0

    ip nat inside
    > duplex auto
    > speed auto
    >!
    >interface serial0/0
    > ip address 65.112.97.134 255.255.255.252

    ip nat outside
    >!
    >interface fastEthernet0/1
    > ip address 192.168.0.1 255.255.255.0

    ip nat inside
    > duplex auto
    > speed auto
    >!
    >router rip <delete>
    > network 10.0.0.0 <delete>
    >!
    >ip classless
    >ip route 0.0.0.0 0.0.0.0 65.112.97.133
    >no ip http server


    ip nat inside source list 1 interface serial0/0 overload

    access-list 1 permit 10.10.10.0 0.0.0.255
    access-list 1 permit 192.168.0.0 0.0.0.255
    >
    >From a client machine 10.10.10.10, we can ping 10.10.10.1,
    >65.112.97.134; we can also ping another interface 192.168.0.1 and that
    >subnet machines like 192.168.0.2. But we cannot ping 65.112.97.133 and
    >outside ip like 216.109.117.204.
    >
    >This client machine(10.10.10.10) is with a mask of 255.255.255.0 and a
    >gateway of 10.10.10.1. From "route print" command, it has no routing
    >problem. However, when I "traceroute" to outside ip addresses like
    >216.109.117.204, it stops at 10.10.10.1.
    >
    >From the router, the "show ip route" command shows the following info:
    >
    >Gateway of last resort is 65.112.97.133 to network 0.0.0.0
    > 65.0.0.0/30 is subnetted, 1 subnets
    >C 65.112.97.132 is directly connected, serial0/0
    >C 10.10.0.0/24 is subnetted, 1 subnets
    >C 10.10.10.0 is directly connected, fastethernet0/0
    >C 192.168.0.0/24 is directly connected, fastethernet0/1
    >S* 0.0.0.0/0 [1/0] via 65.112.97.133 is directly connected, serial0/0
    >
    >From the router, I can ping both outside and inside ip addresses.
    >
    >I guess I may have missed something. Any advices will be highly
    >appreciated.
    >
    >Sincerely,
    >Joe Gao
    Vinny Abello, Dec 4, 2003
    #4
  5. Joe

    Vinny Abello Guest

    Oh, another reason your shouldn't use RIP is because you have
    classless ip networks in your config. If you want to use RIP you need
    to specificy to use version 2 which supports classless networks. I
    still wouldn't use RIP though and if this is your only router, again
    just disable it. You're not speaking with the ISP using RIP for
    sure... or if you are and they are accepting your private address
    space being announced (via RIP1!), they should re-evaluate their
    customer setups and route propogation design. ;) I'm sure that's not
    the case though.

    On 3 Dec 2003 16:08:30 -0800, (Joe) wrote:

    >Hi, helpers,
    >
    >We have just installed T1 service. The T1 provider turned up the
    >service this morning. However, we have a problem connecting our client
    >machine to outside.
    >
    >Here is some info from the T1 provider -- Qwest:
    >
    >Qwest Serial: 65.112.97.133/30(255.255.255.252)
    >Customer Serial: 65.112.97.134/30(255.255.255.252)
    >Encapsulation: HDLC
    >LAN IP Block: 65.115.16.64/27(255.255.255.224)
    >Routing Type: Static
    >
    >Here is the configuration:
    >
    >ip subnet-zero
    >!
    >interface fastEthernet0/0
    > ip address 10.10.10.1 255.255.255.0
    > duplex auto
    > speed auto
    >!
    >interface serial0/0
    > ip address 65.112.97.134 255.255.255.252
    >!
    >interface fastEthernet0/1
    > ip address 192.168.0.1 255.255.255.0
    > duplex auto
    > speed auto
    >!
    >router rip
    > network 10.0.0.0
    >!
    >ip classless
    >ip route 0.0.0.0 0.0.0.0 65.112.97.133
    >no ip http server
    >
    >From a client machine 10.10.10.10, we can ping 10.10.10.1,
    >65.112.97.134; we can also ping another interface 192.168.0.1 and that
    >subnet machines like 192.168.0.2. But we cannot ping 65.112.97.133 and
    >outside ip like 216.109.117.204.
    >
    >This client machine(10.10.10.10) is with a mask of 255.255.255.0 and a
    >gateway of 10.10.10.1. From "route print" command, it has no routing
    >problem. However, when I "traceroute" to outside ip addresses like
    >216.109.117.204, it stops at 10.10.10.1.
    >
    >From the router, the "show ip route" command shows the following info:
    >
    >Gateway of last resort is 65.112.97.133 to network 0.0.0.0
    > 65.0.0.0/30 is subnetted, 1 subnets
    >C 65.112.97.132 is directly connected, serial0/0
    >C 10.10.0.0/24 is subnetted, 1 subnets
    >C 10.10.10.0 is directly connected, fastethernet0/0
    >C 192.168.0.0/24 is directly connected, fastethernet0/1
    >S* 0.0.0.0/0 [1/0] via 65.112.97.133 is directly connected, serial0/0
    >
    >From the router, I can ping both outside and inside ip addresses.
    >
    >I guess I may have missed something. Any advices will be highly
    >appreciated.
    >
    >Sincerely,
    >Joe Gao
    Vinny Abello, Dec 4, 2003
    #5
  6. Joe

    Frank Boehm Guest

    > >Here is the configuration:
    > >
    > >ip subnet-zero
    > >!
    > >interface fastEthernet0/0
    > > ip address 10.10.10.1 255.255.255.0
    > >!
    > >interface serial0/0
    > > ip address 65.112.97.134 255.255.255.252
    > >!
    > >interface fastEthernet0/1
    > > ip address 192.168.0.1 255.255.255.0
    > >!
    > >router rip
    > > network 10.0.0.0


    of course nat/pat

    In comp.dcom.sys.cisco Vinny Abello <> wrote:
    > Oh, another reason your shouldn't use RIP is because you have
    > classless ip networks in your config. If you want to use RIP you need
    > to specificy to use version 2 which supports classless networks. I
    > still wouldn't use RIP though and if this is your only router, again
    > just disable it. You're not speaking with the ISP using RIP for
    > sure... or if you are and they are accepting your private address
    > space being announced (via RIP1!), they should re-evaluate their
    > customer setups and route propogation design. ;) I'm sure that's not
    > the case though.


    rip will only be send/recieved on interface fastEthernet0/0, that is
    the only match for network 10.0.0.0

    there is no risk to send unnecessary rip updates to the ISP with this
    configuration

    on this router 10.x.x.x is only used for a single interface, if it's a
    stubbed network and/or there are no other 10.x.x.x on his site, he
    don't have to to use rip version 2

    Followup-To: comp.dcom.sys.cisco

    cu Frank

    --
    "It is worth noticing that there are 3 kinds of people in the world, those
    who can count and those who can’t." from Chap. 10.8 Diablo1 Guide Jarulf)
    Frank Boehm, Dec 9, 2003
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. ken gallagher
    Replies:
    3
    Views:
    1,142
    ken gallagher
    Oct 24, 2006
  2. Replies:
    7
    Views:
    4,184
    Kimba W. Lion
    Jan 26, 2007
  3. Kim
    Replies:
    10
    Views:
    470
  4. GrandpaChuck
    Replies:
    0
    Views:
    388
    GrandpaChuck
    Jul 25, 2006
  5. MeekiMoo
    Replies:
    0
    Views:
    630
    MeekiMoo
    Jul 28, 2009
Loading...

Share This Page