Solved

Setting up Cisco route with out a defalut gateway

Posted on 2004-09-01
17
283 Views
Last Modified: 2013-12-14
We are setting up a Cisco Router behind a DSL modem using DHCP Spoofing.

How ever the DSL provider does not provide a Default Gateway address.  They say you do not need one.

I can not ping the external network with out an Ip route set.

My router is assigned and ip address of 213.123.200.50
If i make my ip route say, ip route 0.0.0.0 0.0.0.0 213.123.200.1 I can ping the ouside network from with in the Cisco box.  If I try to ping from my computer I can see the 213.123.200.50 address but nothing past it.

I also change the ip route  to 0.0.0.0 0.0.0.0 213.123.200.49
My router is assigned and ip address of 213.123.200.50
If i make my ip route say, ip route 0.0.0.0 0.0.0.0 213.123.200.49 I can ping the ouside network from with in the Cisco box.  If I try to ping from my computer I can see the 213.123.200.50 address but nothing past it.

My computer is set to have the deafult getway as the internal IP on my Cisco box.

I have several simliar routers around the US but all the ISP  have provided a default gateway.  Is there a way to set this up with our a default gateway?
0
Comment
Question by:mrobert2127
  • 5
  • 4
  • 4
  • +2
17 Comments
 
LVL 43

Expert Comment

by:JFrederick29
ID: 11962356
No, you need a default gateway.  If you don't know the next hop address, you can point your default route out an interface:

ip route 0.0.0.0 0.0.0.0 ethernet0

You could do a traceroute as well to see what the next hop IP address is.

If you are able to ping from the router but not your PC, NAT may not be setup on the router.

For example:

Outside interface:

interface ethernet0
ip nat outside

Inside interface:

interface ethernet1
ip nat inside

Setup NAT access list to permit inside network:

access-list 1 permit 192.168.0.0 0.0.0.255

Setup NAT overload statement:

ip nat inside source list 1 interface ethernet0 overload
0
 

Author Comment

by:mrobert2127
ID: 11965837
Still Not working.

Below is the config from the router.  Of course the names have been change to protect the innocent.
The setup is almost exactly like 3 other routers we have.

version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec

!
hostname Test_Router
!
boot-start-marker
boot-end-marker
!
enable secret 5 aaaaaaaa
enable password aaaaaaaa
!
username username password 0 password
aaa new-model
!
!
aaa authentication login testauth local
aaa authorization network groupauthor local
aaa session-id common
ip subnet-zero
!
!
!
!
ip cef
ip inspect name mcns smtp timeout 45
ip audit notify log
ip audit po max-events 100
ip ssh break-string
no ftp-server write-enable
no scripting tcl init
no scripting tcl encdir
!
!
!
!
!
crypto isakmp policy 3
 authentication pre-share
 group 2
crypto isakmp key password address xx.xx.xx.xx no-xauth
crypto isakmp keepalive 30 3
!
crypto isakmp client configuration group Test
 key password
 dns 197.1.3.102
 domain test.usa
 pool ippool
 acl 102
!
!
crypto ipsec transform-set myset esp-des esp-sha-hmac
!
crypto dynamic-map dynmap 10
 set transform-set myset
!
!
crypto map clientmap client authentication list testauth
crypto map clientmap isakmp authorization list groupauthor
crypto map clientmap client configuration address respond
crypto map clientmap 15 ipsec-isakmp
 set peer xxx.xx.xx.xx
 set transform-set myset
 match address 100
crypto map clientmap 100 ipsec-isakmp dynamic dynmap
!
!
!
!
interface Ethernet0
 ip address dhcp
 ip access-group 115 out
 no ip unreachables
 ip nat outside
 ip route-cache flow
 half-duplex
 no cdp enable
 crypto map clientmap
!
interface FastEthernet0
 ip address 197.1.3.220 255.255.255.0
 ip nat inside
 ip inspect mcns in
 ip route-cache flow
 speed auto
 half-duplex
 no cdp enable
!
ip local pool ippool 10.1.254.1 10.1.254.254
ip nat inside source route-map nonat interface FastEthernet0 overload
ip nat inside source static tcp 197.1.3.56 1352 197.1.20.189 1352 extendable
ip nat inside source static tcp 197.1.3.56 25 .213.123.200.50 25 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 213.123.200.49
no ip http server
no ip http secure-server
!
!
!
access-list 100 permit ip 197.1.3.0 0.0.0.255 197.1.0.0 0.0.0.255
access-list 101 deny   ip 197.1.3.0 0.0.0.255 10.1.254.0 0.0.0.255
access-list 101 deny   ip 197.1.3.0 0.0.0.255 197.1.0.0 0.0.0.255
access-list 101 permit ip 197.1.3.0 0.0.0.255 any
access-list 102 permit ip 197.1.3.0 0.0.0.255 10.1.254.0 0.0.0.255
access-list 115 permit ip any any
access-list 115 deny   tcp any any eq 135
access-list 115 deny   udp any any eq 135
access-list 115 deny   udp any any eq netbios-ns
access-list 115 deny   udp any any eq netbios-dgm
access-list 115 deny   udp any any eq netbios-ss
access-list 115 deny   udp any any eq 445
access-list 115 deny   tcp any any eq 445
access-list 115 deny   tcp any any eq 139
access-list 115 deny   tcp any any eq 593
access-list 115 deny   tcp any any eq 4444
access-list 115 deny   tcp any any eq 4751
access-list 115 deny   udp any any eq 4751
no cdp run
!
route-map nonat permit 10
 match ip address 101
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
 password password
!
no scheduler allocate
!
end

Thanks
Mark
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 11966092
Do you own the 197.1.x.x block of IP addresses? or are you changing them in your posted config?  These are registered addresses so you don't need to run NAT on them yet you are via the route-map.  You also have registered to registered address static NAT's which is a little confusing.
0
 

Author Comment

by:mrobert2127
ID: 11966160
The address where change on my posted config.

What did you mean by,
You also have registered to registered address static NAT's
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 11966198
The addresses are private right? 192.168.x.x addresses? or 10.x.x.x?

Nevermind the registered to registered address static NAT's since you changed the addresses in your config.

>ip nat inside source route-map nonat interface FastEthernet0 overload

This should be:

ip nat inside source route-map nonat interface Ethernet0 overload
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 11966224
You can also set your default route to point to the interface connected to your ISP if you're not sure on the next hop address.

ip route 0.0.0.0 0.0.0.0 ethernet0
0
 

Author Comment

by:mrobert2127
ID: 11966402
We tried the ip route to the interface.  We were not able to ping anything.

I have done a traceroute an found the first hope.  We enter that in the ip route.  We were able to ping the external network but we still could not ping from the internal trough the router.  Also we had success sending external email through the NAT and into the internel email server could not send internal to external.

Seems as though the nat is working okay from the external interface internal is were the problem must be.
0
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 500 total points
ID: 11966689
Did you change the "ip nat" statement?

no ip nat inside source route-map nonat interface FastEthernet0 overload

ip nat inside source route-map nonat interface Ethernet0 overload
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 4

Expert Comment

by:JonSh
ID: 11969825
Um, you guys are going to laff....yoju are missing a very basic command in the config :)
(the following is excerpted from Cisco's website)

Enabling IP Routing
IP routing is automatically enabled in the Cisco IOS software. If you choose to set up the router to bridge rather than route IP datagrams, you must disable IP routing. To re-enable IP routing if it has been disabled, use the following command in global configuration mode:


 Command  Purpose  
Router(config)# ip routing
 Enables IP routing.
 




When IP routing is disabled, the router will act as an IP end host for IP packets destined for or sourced by it, whether or not bridging is enabled for those IP packets not destined for the device. To re-enable IP routing, use the ip routing command.


0
 
LVL 4

Expert Comment

by:sriwi
ID: 11980775
I have the exact same problem as well, when i check the "show ip route" it says that no default gateway defined, i know that i need a gateway to route the packet, but why is the cisco doesn't put it automatically ?

i am using ppoe dialer, and have "ip route 0.0.0.0 0.0.0.0 dialer 1" in my config file.

!
ip subnet-zero
no ip routing
!
!
ip audit notify log
ip audit po max-events 100
vpdn enable
!
vpdn-group 1
 request-dialin
  protocol pppoe
!
no ftp-server write-enable
!
!
!
!
!
interface Ethernet0
 ip address 192.168.0.15 255.255.255.0
 ip nat inside
 no ip route-cache
 no ip mroute-cache
 hold-queue 32 in
 hold-queue 100 out
!
interface ATM0
 no ip address
 no ip route-cache
 no atm ilmi-keepalive
 pvc 8/35
  pppoe-client dial-pool-number 1
 !
 dsl operating-mode auto
!
interface Dialer1
 ip address negotiated
 ip mtu 1492
 ip nat outside
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 ppp authentication chap callin
 ppp chap hostname xxxx
 ppp chap password xxxx
!
ip nat inside source list 101 interface Dialer1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
no ip http server
no ip http secure-server
!
access-list 101 permit 192.168.0.0 0.0.0.255
dialer-list 1 protocol ip permit

Any help or coments ?

cheers
0
 
LVL 4

Expert Comment

by:JonSh
ID: 11981303
sriwi, you're even worse off.  The 2nd line in your config says "no ip routing."  And as to default gateways, the only time you ever get one automatically is when you get a routing update from another router (OSPF, EIGRP, RIP, etc) giving you a default route.  You never want an automatic default route generated unless you are in a simple, soho kind of environment.

Folks, if you want the router to route IP packets, you must explicitly turn on IP ROUTING with the "ip routing" command.

same applies to IPX, Appletalk, DECnet, Vines, etceteras......



0
 
LVL 3

Expert Comment

by:fatlad
ID: 11987985
sriwi what would you think the defualt gateway should be in your case? How would Cisco know this?
0
 
LVL 4

Expert Comment

by:sriwi
ID: 12001787
i've got it working after take out the no ip routing statement, 'show ip route' command give a default gateway straight away.

cheers
0
 
LVL 4

Expert Comment

by:JonSh
ID: 12001884
I'm laffing....sriwi, too bad I don't get the points for it :)

0
 
LVL 4

Expert Comment

by:sriwi
ID: 12001996
I can spare some 50 point if you want, not 500, i am not that rich yet.

Cheers
0
 
LVL 4

Expert Comment

by:JonSh
ID: 12002079
LOL...I was kidding, it doesn't really matter, just glad the answers are helping....enjoy :)
0
 
LVL 4

Expert Comment

by:sriwi
ID: 12002101
Cheers and thx
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

    Over the past few years, small business and home owners have become so dependent on internet that a need for redundancy has arisen.    What happens when your small business or home / home office loses its internet connection?  The results c…
This solves the problem of diagnosing why an internet connection is no longer working. It also helps identify the likely cause of the lost connection if the procedure fails to re-establish your internet connection. It helps to pinpoint the likely co…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now