Solved

Cisco 1841 internet access

Posted on 2007-12-05
11
879 Views
Last Modified: 2011-10-03
hi all,

We have 2 networks, 195.11.192.0 and 194.159.8.0 the 192.0 network can access the internet through the s0/0/0 of the router no problem. the 8.0 network cannot access the internet through the same interface ?. I can ping all interfaces from anywhere across both nets.
here's the running config.

Router 1841
*********#sh run
Building configuration...

Current configuration : 1248 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ********
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
no ip source-route
ip cef
!
!
no ip dhcp use vrf connected
!
!
!
!
!
!
interface FastEthernet0/0
 description LAN Interface to PIX
 ip address 195.11.192.17 255.255.255.252
 duplex auto
 speed auto
 no cdp enable
!
interface FastEthernet0/1
 description DMZ Port
 ip address 194.159.8.217 255.255.255.248
 duplex auto
 speed auto
!
interface Serial0/0/0
 description Leased Line Interface
 ip address 195.11.192.** 255.255.255.252
 encapsulation ppp
 no fair-queue
 no cdp enable
!
router rip
 version 2
 network 194.159.8.0
 network 195.11.192.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0/0
!
no ip http server
!
logging source-interface FastEthernet0/0
access-list 100 permit ip 195.11.192.16 0.0.0.7 any
access-list 100 permit ip any any
access-list 100 permit ip 194.159.8.216 0.0.0.7 any
!
control-plane
!
!
line con 0
 password ********
 login
line aux 0
line vty 0 4
 password *******
 login
 transport preferred none
!
end

DMZ switch
DMZ#sh run
Building configuration...

Current configuration : 1803 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname DMZ
!
enable password **********
!
no aaa new-model
ip subnet-zero
ip routing
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree portfast default
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface GigabitEthernet0/1
 description TRUNK TO ROUTER
 switchport mode access
!
interface GigabitEthernet0/2
 switchport mode access
!
interface GigabitEthernet0/3
 switchport mode access
!
interface GigabitEthernet0/4
!
interface GigabitEthernet0/5
!
interface GigabitEthernet0/6
!
interface GigabitEthernet0/7
!
interface GigabitEthernet0/8
!
interface GigabitEthernet0/9
!
interface GigabitEthernet0/10
!
interface GigabitEthernet0/11
!
interface GigabitEthernet0/12
!
interface GigabitEthernet0/13
!
interface GigabitEthernet0/14
!
interface GigabitEthernet0/15
!
interface GigabitEthernet0/16
!
interface GigabitEthernet0/17
!
interface GigabitEthernet0/18
!
interface GigabitEthernet0/19
!
interface GigabitEthernet0/20
!
interface GigabitEthernet0/21
!
interface GigabitEthernet0/22
!
interface GigabitEthernet0/23
!
interface GigabitEthernet0/24
!
interface GigabitEthernet0/25
!
interface GigabitEthernet0/26
!
interface GigabitEthernet0/27
!
interface GigabitEthernet0/28
!
interface Vlan1
 ip address 194.159.8.222 255.255.255.248
!
interface Vlan2
 no ip address
 shutdown
!
router rip
 version 2
 network 194.159.8.0
 network 195.11.192.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 194.159.8.217
ip route 195.11.192.0 255.255.255.0 194.159.8.217
ip http server
!
access-list 100 permit ip any any
!
control-plane
!
!
line con 0
line vty 0 4
 password ********
 login
line vty 5 15
 password ********
 login
!
end

Open in new window

0
Comment
Question by:p-henderson
  • 6
  • 4
11 Comments
 
LVL 32

Expert Comment

by:harbor235
ID: 20411072
Is the PIX setup to allow this traffic through? Or are we talking about going out the leased line to th einternet?

Also, you using 192.159.8.0/28 however this router is advertising the 192.159.8.0/24. Does your pix or any other  router in the path have a more specific route that is taking precedence ?

example: 192.159.8.0/25/26/27?

harbor235 ;}
0
 
LVL 28

Expert Comment

by:Jan Springer
ID: 20411295
Is the switch layer 2 or layer 3?

If layer 2, what is the default route on the equipment behind the DMZ?
0
 

Author Comment

by:p-henderson
ID: 20412325
Hi Harbor,
straight out the leased line, not sure where you got /28 from, its all /29 ?

I can ping 194.159.8.218 from the internet which hangs off the DMZ switch, however when i try to ping an internet address from the DMZ switch it gets as far as fa0/1 on the router then drops
0
 

Author Comment

by:p-henderson
ID: 20412507
its a layer 3 capable switch, however i am using it as layer 2, i have swapped the switch out for a dumb layer 2 switch to check, same issue.

the default route on the router points out the s0/0/0
0
 
LVL 28

Expert Comment

by:Jan Springer
ID: 20412543
what is the default route for the client machines on the dmz?
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 

Author Comment

by:p-henderson
ID: 20412791
hi jesper,

default gateway for client machines is 194.159.8.217
0
 
LVL 28

Expert Comment

by:Jan Springer
ID: 20412971
Can you ping the IP of the serial interface?

If so, can you ping the opposite end?
0
 

Author Comment

by:p-henderson
ID: 20415116
yeah i can ping the serial interface, have'nt tried the next hop yet, it's quite bizzare.
I'am at home now and i can ping a sip server that hangs off the DMZ switch, but i still cant ping the switch and when on the switch i cant ping address outside my range
0
 

Author Comment

by:p-henderson
ID: 20418117
Hi Jesper,
back in the office i cant ping the next hop after the serial interface from the switch, pings fine from the router
0
 
LVL 28

Accepted Solution

by:
Jan Springer earned 250 total points
ID: 20420518
Your ISP is blocking ICMP to its network interfaces.  Once I hit their network with a traceroute, I get no data.

From the cisco, I'd like you to do an extended ping to 69.147.114.210

ping
Protocol [ip]:  < enter>
Target IP address: 69.147.114.210
Repeat count [5]: <enter>
Datagram size [100]: <enter>
Timeout in seconds [2]: <enter>
Extended commands [n]: y
Source address or interface: 194.159.8.217
<enter> through everything else

What is the ping response?


0
 

Author Comment

by:p-henderson
ID: 20420929
your right Jesper,

I figured the ISP was blocking ICMP, dropped them a line and they had the wrong DfG for our network.
all sorted.

Cheers
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco Router DMZ 5 57
MiTM SSH session on a Cisco device talking TACACS+ 1 60
ESXI home lab network setup (KISS) 12 124
BGP routing on Windows 2016 7 38
As dyndns has reduced the capabilities of the free service, I looked around for other free providers of Dynamic DNS service. After testing several I decided to move my DNS hosting to Hurricane Electric as then domains that require dynamic hostnam…
Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now