Ryan_Kempt
asked on
Cisco 2611XM can ping internet from router, but not from a PC on the lan.
Hello,
I have a Cisco 2611XM. I've configured FE 0/0 as the port to connect to my cable modem. FE 0/1 is my lan port, which connects to my Cisco 2950.
The cisco 2611XM is setup as a DHCP server, it gives out ip addresses fine, all computers on the lan can communicate and they get the correct default gateway (the ip of FE 0/1). They can ping the ip of FE 0/0 as well, but they can not ping the gateway beyond that, nor can they ping any other external ip (obviously).
When logged into the router I can ping all ip's just fine and I can resolve dns (I can ping google.com).
I'm obviously missing something simple, and I just can't figure it out. This is an older router I've had for some time and I have no service contract so I can't call TAC for help.
All ACLS are turned off for the sake of troubleshooting. If you need any additional information I can provide it, but I'm hoping I overlooked something simple.
Thanks,
Ryan
I have a Cisco 2611XM. I've configured FE 0/0 as the port to connect to my cable modem. FE 0/1 is my lan port, which connects to my Cisco 2950.
The cisco 2611XM is setup as a DHCP server, it gives out ip addresses fine, all computers on the lan can communicate and they get the correct default gateway (the ip of FE 0/1). They can ping the ip of FE 0/0 as well, but they can not ping the gateway beyond that, nor can they ping any other external ip (obviously).
When logged into the router I can ping all ip's just fine and I can resolve dns (I can ping google.com).
I'm obviously missing something simple, and I just can't figure it out. This is an older router I've had for some time and I have no service contract so I can't call TAC for help.
All ACLS are turned off for the sake of troubleshooting. If you need any additional information I can provide it, but I'm hoping I overlooked something simple.
Thanks,
Ryan
ASKER
Lan ip addresses are exact and untouched, wan ip addresses have been modified slightly for internet posting :)
Let me know if you need any other info.
show running-config
Building configuration...
Current configuration : 3060 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname 2611XM-1
!
boot-start-marker
boot-end-marker
!
no logging buffered
enable secret 5 $1$4u62$56dA3Xu3222BVhC7bT 2K0
enable password 7 0145123F53393951
!
no aaa new-model
clock timezone PCTime -5
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
no network-clock-participate slot 1
no network-clock-participate wic 0
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.251 10.10.10.254
ip dhcp excluded-address 10.10.10.1 10.10.10.9
!
ip dhcp pool main
import all
network 10.10.10.0 255.255.255.0
dns-server 20.215.60.18
default-router 10.10.10.1
!
!
ip name-server 20.215.60.18
ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW dns
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW https
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW imap
ip inspect name SDM_LOW pop3
ip inspect name SDM_LOW netshow
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW esmtp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp
ip inspect name SDM_LOW udp
ip inspect name SDM_LOW vdolive
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
description $FW_OUTSIDE$$ETH-LAN$
ip address 20.215.41.115 255.255.255.0
ip verify unicast reverse-path
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
description $FW_INSIDE$$ETH-LAN$
ip address 10.10.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly
speed auto
half-duplex
no mop enabled
!
ip default-gateway 20.215.41.1
ip route 0.0.0.0 0.0.0.0 20.215.41.1
!
!
ip http server
no ip http secure-server
!
access-list 100 remark auto generated by SDM firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 deny ip 20.215.41.0 0.0.0.255 any
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by SDM firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 permit udp host 20.215.60.18 eq domain host 20.215.41.115
access-list 101 deny ip 10.10.10.0 0.0.0.255 any
access-list 101 permit icmp any host 20.215.41.115 echo-reply
access-list 101 permit icmp any host 20.215.41.115 time-exceeded
access-list 101 permit icmp any host 20.215.41.115 unreachable
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip host 0.0.0.0 any
access-list 101 deny ip any any log
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
password 7 09561D19325D063A48
login
!
!
end
Let me know if you need any other info.
show running-config
Building configuration...
Current configuration : 3060 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname 2611XM-1
!
boot-start-marker
boot-end-marker
!
no logging buffered
enable secret 5 $1$4u62$56dA3Xu3222BVhC7bT
enable password 7 0145123F53393951
!
no aaa new-model
clock timezone PCTime -5
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
no network-clock-participate slot 1
no network-clock-participate wic 0
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.251 10.10.10.254
ip dhcp excluded-address 10.10.10.1 10.10.10.9
!
ip dhcp pool main
import all
network 10.10.10.0 255.255.255.0
dns-server 20.215.60.18
default-router 10.10.10.1
!
!
ip name-server 20.215.60.18
ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW dns
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW https
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW imap
ip inspect name SDM_LOW pop3
ip inspect name SDM_LOW netshow
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW esmtp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp
ip inspect name SDM_LOW udp
ip inspect name SDM_LOW vdolive
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
description $FW_OUTSIDE$$ETH-LAN$
ip address 20.215.41.115 255.255.255.0
ip verify unicast reverse-path
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
description $FW_INSIDE$$ETH-LAN$
ip address 10.10.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly
speed auto
half-duplex
no mop enabled
!
ip default-gateway 20.215.41.1
ip route 0.0.0.0 0.0.0.0 20.215.41.1
!
!
ip http server
no ip http secure-server
!
access-list 100 remark auto generated by SDM firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 deny ip 20.215.41.0 0.0.0.255 any
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by SDM firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 permit udp host 20.215.60.18 eq domain host 20.215.41.115
access-list 101 deny ip 10.10.10.0 0.0.0.255 any
access-list 101 permit icmp any host 20.215.41.115 echo-reply
access-list 101 permit icmp any host 20.215.41.115 time-exceeded
access-list 101 permit icmp any host 20.215.41.115 unreachable
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip host 0.0.0.0 any
access-list 101 deny ip any any log
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
password 7 09561D19325D063A48
login
!
!
end
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks,
I knew it was something simple I was missing.
-Ryan
I knew it was something simple I was missing.
-Ryan
Does your router avae the correct default route ?
Post the running-conf output, will be much easier.
Regards,