• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 897
  • Last Modified:

Cisco 1841 internet access

hi all,

We have 2 networks, 195.11.192.0 and 194.159.8.0 the 192.0 network can access the internet through the s0/0/0 of the router no problem. the 8.0 network cannot access the internet through the same interface ?. I can ping all interfaces from anywhere across both nets.
here's the running config.

Router 1841
*********#sh run
Building configuration...

Current configuration : 1248 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ********
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
no ip source-route
ip cef
!
!
no ip dhcp use vrf connected
!
!
!
!
!
!
interface FastEthernet0/0
 description LAN Interface to PIX
 ip address 195.11.192.17 255.255.255.252
 duplex auto
 speed auto
 no cdp enable
!
interface FastEthernet0/1
 description DMZ Port
 ip address 194.159.8.217 255.255.255.248
 duplex auto
 speed auto
!
interface Serial0/0/0
 description Leased Line Interface
 ip address 195.11.192.** 255.255.255.252
 encapsulation ppp
 no fair-queue
 no cdp enable
!
router rip
 version 2
 network 194.159.8.0
 network 195.11.192.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0/0
!
no ip http server
!
logging source-interface FastEthernet0/0
access-list 100 permit ip 195.11.192.16 0.0.0.7 any
access-list 100 permit ip any any
access-list 100 permit ip 194.159.8.216 0.0.0.7 any
!
control-plane
!
!
line con 0
 password ********
 login
line aux 0
line vty 0 4
 password *******
 login
 transport preferred none
!
end

DMZ switch
DMZ#sh run
Building configuration...

Current configuration : 1803 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname DMZ
!
enable password **********
!
no aaa new-model
ip subnet-zero
ip routing
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree portfast default
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface GigabitEthernet0/1
 description TRUNK TO ROUTER
 switchport mode access
!
interface GigabitEthernet0/2
 switchport mode access
!
interface GigabitEthernet0/3
 switchport mode access
!
interface GigabitEthernet0/4
!
interface GigabitEthernet0/5
!
interface GigabitEthernet0/6
!
interface GigabitEthernet0/7
!
interface GigabitEthernet0/8
!
interface GigabitEthernet0/9
!
interface GigabitEthernet0/10
!
interface GigabitEthernet0/11
!
interface GigabitEthernet0/12
!
interface GigabitEthernet0/13
!
interface GigabitEthernet0/14
!
interface GigabitEthernet0/15
!
interface GigabitEthernet0/16
!
interface GigabitEthernet0/17
!
interface GigabitEthernet0/18
!
interface GigabitEthernet0/19
!
interface GigabitEthernet0/20
!
interface GigabitEthernet0/21
!
interface GigabitEthernet0/22
!
interface GigabitEthernet0/23
!
interface GigabitEthernet0/24
!
interface GigabitEthernet0/25
!
interface GigabitEthernet0/26
!
interface GigabitEthernet0/27
!
interface GigabitEthernet0/28
!
interface Vlan1
 ip address 194.159.8.222 255.255.255.248
!
interface Vlan2
 no ip address
 shutdown
!
router rip
 version 2
 network 194.159.8.0
 network 195.11.192.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 194.159.8.217
ip route 195.11.192.0 255.255.255.0 194.159.8.217
ip http server
!
access-list 100 permit ip any any
!
control-plane
!
!
line con 0
line vty 0 4
 password ********
 login
line vty 5 15
 password ********
 login
!
end

Open in new window

0
p-henderson
Asked:
p-henderson
  • 6
  • 4
1 Solution
 
harbor235Commented:
Is the PIX setup to allow this traffic through? Or are we talking about going out the leased line to th einternet?

Also, you using 192.159.8.0/28 however this router is advertising the 192.159.8.0/24. Does your pix or any other  router in the path have a more specific route that is taking precedence ?

example: 192.159.8.0/25/26/27?

harbor235 ;}
0
 
Jan SpringerCommented:
Is the switch layer 2 or layer 3?

If layer 2, what is the default route on the equipment behind the DMZ?
0
 
p-hendersonAuthor Commented:
Hi Harbor,
straight out the leased line, not sure where you got /28 from, its all /29 ?

I can ping 194.159.8.218 from the internet which hangs off the DMZ switch, however when i try to ping an internet address from the DMZ switch it gets as far as fa0/1 on the router then drops
0
Shaping tomorrow’s technology leaders, today

The leading technology companies all recognize the growing need for gender diversity. Through its Women in IT scholarship program, WGU is working to reverse this trend by empowering more women to earn IT degrees and become tomorrow’s tech-industry leaders.  

 
p-hendersonAuthor Commented:
its a layer 3 capable switch, however i am using it as layer 2, i have swapped the switch out for a dumb layer 2 switch to check, same issue.

the default route on the router points out the s0/0/0
0
 
Jan SpringerCommented:
what is the default route for the client machines on the dmz?
0
 
p-hendersonAuthor Commented:
hi jesper,

default gateway for client machines is 194.159.8.217
0
 
Jan SpringerCommented:
Can you ping the IP of the serial interface?

If so, can you ping the opposite end?
0
 
p-hendersonAuthor Commented:
yeah i can ping the serial interface, have'nt tried the next hop yet, it's quite bizzare.
I'am at home now and i can ping a sip server that hangs off the DMZ switch, but i still cant ping the switch and when on the switch i cant ping address outside my range
0
 
p-hendersonAuthor Commented:
Hi Jesper,
back in the office i cant ping the next hop after the serial interface from the switch, pings fine from the router
0
 
Jan SpringerCommented:
Your ISP is blocking ICMP to its network interfaces.  Once I hit their network with a traceroute, I get no data.

From the cisco, I'd like you to do an extended ping to 69.147.114.210

ping
Protocol [ip]:  < enter>
Target IP address: 69.147.114.210
Repeat count [5]: <enter>
Datagram size [100]: <enter>
Timeout in seconds [2]: <enter>
Extended commands [n]: y
Source address or interface: 194.159.8.217
<enter> through everything else

What is the ping response?


0
 
p-hendersonAuthor Commented:
your right Jesper,

I figured the ISP was blocking ICMP, dropped them a line and they had the wrong DfG for our network.
all sorted.

Cheers
0

Featured Post

Shaping tomorrow’s technology leaders, today

The leading technology companies all recognize the growing need for gender diversity. Through its Women in IT scholarship program, WGU is working to reverse this trend by empowering more women to earn IT degrees and become tomorrow’s tech-industry leaders.  

  • 6
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now