?
Solved

can resolve, but no response on ping..

Posted on 2005-03-05
5
Medium Priority
?
544 Views
Last Modified: 2012-06-21
hi all,

i have a 1753 router. as i am not to great with programming a router, i have run into a problem

current senario

ADSL connection going into WIC-ADSL (cisco 1700 series, this is my gateway))
LAN via Ethernet0/0
4 Computers on LAN
   3 computers - internal use (192.168.0.x range)
   1 computer - web, DNS & email server (192.168.1.x range)

the issue is residing on the 1 computer (server). i can ping and it resolves the address but i get 0 response. example is pasted below
=========
C:\Documents and Settings\Administrator>ping www.guess.com
Pinging guess.com [206.17.226.10] with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 206.17.226.10:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
=========

i have also tried pinging other locations as well and recieved the ping timed out error.

and below is the configuration of the router..

=========
show running-conf
Building configuration...

Current configuration : 3378 bytes
!
! Last configuration change at 23:54:47 PCTime Fri Mar 4 2005
! NVRAM config last updated at 23:54:53 PCTime Fri Mar 4 2005
!
version 12.3
no service pad
service timestamps debug
datetime msec localtime
service timestamps log
datetime msec localtime
service password-encryption
!
hostname C1754
!
boot-start-marker
boot-end-marker
!
logging buffered 4096 debugging
enable secret xxxxx
enable password xxxxxxxx
!
memory-size iomem 25
clock timezone PCTime 10
clock summer-time PCTime
date Mar 30 2003 3:00 Oct 26 2003 2:00
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
no aaa new-model
ip subnet-zero
no ip source-route
!
!
ip domain name internode.on.net
ip name-server 192.231.203.2
ip name-server 192.231.203.3
ip dhcp excluded-address 192.168.0.1 192.168.0.99
ip dhcp excluded-address 192.168.1.0 192.168.255.254
ip dhcp excluded-address 192.168.0.200
!
ip dhcp pool Internal
   network 192.168.0.0 255.255.0.0
   domain-name vanoosbree
   dns-server 192.168.0.10 192.231.203.2
   default-router 192.168.0.2
!
ip cef
vpdn enable
!
vpdn-group pppoe
 request-dialin
  protocol pppoe
!
!
!
!
!
interface ATM0/0
 description +++ CONNECTION TO ISP +++
 no ip address
 no atm ilmi-keepalive
 bundle-enable
 dsl operating-mode auto
 hold-queue 224 in
!
interface ATM0/0.1 point-to-point
 pvc 8/35
  pppoe-client dial-pool-number 1
 !
!
interface FastEthernet0/0
 description $ETH-LAN$+++ LAN +++
 ip address 192.168.0.2 255.255.0.0
 ip broadcast-address 192.168.255.255
 ip nat inside
 speed auto
 full-duplex
 no cdp enable
!
interface Dialer1
 ip address negotiated
 ip mtu 1492
 ip nat outside
 encapsulation ppp
 dialer pool 1
 ppp authentication chap callin
 ppp chap hostname myinternetusername
 ppp chap password xxxxx
!
ip nat pool Internal-0 192.168.0.0 192.168.0.255 netmask 255.255.0.0
ip nat pool Interal-1 192.168.1.0 192.168.1.255 netmask 255.255.0.0
ip nat inside source list 2 interface Dialer1 overload
ip nat inside source list 3 interface Dialer1 overload
ip nat inside source list NATAddresses interface Dialer1 overload
ip nat inside source static tcp 192.168.1.10 6080 interface Dialer1 6080
ip nat inside source static tcp 192.168.1.10 20 interface Dialer1 20
ip nat inside source static tcp 192.168.1.10 443 interface Dialer1 443
ip nat inside source static tcp 192.168.1.10 25 interface Dialer1 25
ip nat inside source static tcp 192.168.1.10 53 interface Dialer1 53
ip nat inside source static udp 192.168.1.10 53 interface Dialer1 53
ip nat inside source static tcp 192.168.1.10 80 interface Dialer1 80
ip nat inside source static tcp 192.168.1.10 221 interface Dialer1 221
ip nat inside source static tcp 192.168.0.11 8080 interface Dialer1 8080
ip nat inside source static tcp 192.168.0.10 5800 interface Dialer1 5800
ip nat inside source static tcp 192.168.1.10 3200 interface Dialer1 3200
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
no ip http server
!
!
access-list 1 permit 192.83.231.0 0.0.0.255
access-list 1 permit 192.168.33.0 0.0.0.255
access-list 2 permit 192.168.33.0 0.0.0.255
access-list 3 permit 192.168.0.0 0.0.0.255
access-list 3 permit 192.168.1.0 0.0.0.255
dialer-list 1 protocol ip permit
!
!
line con 0
 terminal-type vt100
 length 25
 stopbits 1
 speed 115200
line aux 0
line vty 0 4
 access-class 3 in
 password xxxxx
 login
 terminal-type vt100
 length 25
!
scheduler max-task-time 5000
end

C1754#
==================

is there a way to program the router so i can get beyond the time out ? and the odd thing is i can ping and get responses if i ping directly from the router, i just cant get the same result on anything within my LAN (computers i use)

i am hoping this makes sense, feel free to ask if this is totally confusing

thanks
Chuck

PS, please provide any feedback on the config as i have no clue as to what most of the config actually does
thanks again
0
Comment
Question by:cvanoosbree
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 3

Expert Comment

by:skpruett
ID: 13479488
Hi cvanoosbree,
Looks like you are doing specific NAT translations for the server. Some questions for you first.

1) Would the IP for that server happen to be 192.168.1.10?
2) Are the rest of the internal machines able to browse the internet?
3) Your IP address for your DSL connection looks negotiated "ip address negotiated". Is this a non changing address (static)?
4) The services on that server; Web, DNS, Email. Are they available publicly from the internet and do they work okay? (Can you reach them from outside of your network).


-skpruett
0
 

Author Comment

by:cvanoosbree
ID: 13481942
hey skpruett,

the ip for the server is as you stated.. 192.168.1.10
the rest of the machines are able to browse the internet via my proxy server 192.168.0.11
although my ip address is "negotiated", it is a static IP
and yes, i can see my web/email/dns server from the outside..
www.i-design.cc
the site above is the webserver & everything else

im hoping this helps out
0
 
LVL 3

Accepted Solution

by:
skpruett earned 150 total points
ID: 13508554
Sorry for not getting back to you. Work issues have kept me busy. Your config has a few unneeded statements and those have me a bit confused since, but the way I'm reading this, you should be able to ping and recieve replies.

Why you aren't working I'm not sure. You've overloaded as a global PAT for most all outgoing traffic, i.e. everyone should be able to get out to where they need. But you've also put static's inbound on that overload on a port basis to at least two servers coming back in. I've seen this before and I'm pretty sure this should work.

I'm guessing that since the server gets traffic destined for it's hosting ports, that the problem is that when you assigned NAT coming back on a port by port basis for the proxy and web servers, it ONLY allows traffic back on those ports to those individual machines. I don't think this is the way it should behave, but it appears it's the way it does behave.

You can test this by trying to ping out from the proxy server (if that's an option). If it fails, then yep, that's the problem. Easy fix if so:
ip nat inside source static icmp 192.168.1.10 interface Dialer1

Note that if that's the problem, I don't think there will be a way to allow pings to two separate explicitly defined servers. It may also prevent local LAN users from pinging out and that should be tested too.

-skpruett

0
 

Author Comment

by:cvanoosbree
ID: 13513283
skpruett

i think it could be a software firewall thing (win2k3) option somewhere or something.  i have had others look at my config and they all stated it should work fine..

i shall thankyou for your input and just do more experimenting
thanks
0
 
LVL 3

Expert Comment

by:skpruett
ID: 13513374
No problem on the help. If you have problems on the win2k3 part though, be sure and post in the Windows section as well, there's a great amount of help available for issues like that.

-skpruett
0

Featured Post

New benefit for Premium Members - Upgrade now!

Ready to get started with anonymous questions today? It's easy! Learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question