asked on

Cisco 1841 - unable to ping internal address from outside

I have a Cisco 1841 router, F0/1 is connected direct to ISP while F0/0 is connected to a switch. From the switch I have connected also a computer with IP address same range with F0/0. I am able to ping from router and computer to any public ip address but I could not ping from external network to the computer. Can anyone take a look on the configuration if I've missed out anything?

Below are the IP address used:
ISP - 10.0.0.1/30
FastEthernet 0/1 - 10.0.0.2/30
FastEthernet 0/0 - 192.168.0.1/29
Computer - 192.168.0.2/29

Building configuration...
 
Current configuration : 1819 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname Cisco1841
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 10 log
security passwords min-length 6
logging buffered 4096 debugging
logging console critical
enable secret 5 @#!$%^&*()$#@@
enable password 7 9845765424567890
aaa new-model
!
!
aaa authentication login local_auth local
!
aaa session-id common
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
no ip source-route
no ip gratuitous-arps
ip cef
!
!
no ip dhcp use vrf connected
!
!
login block-for 120 attempts 10 within 120
!
username administrator password 7 9845765424567890
!
!
!
interface FastEthernet0/0
 ip address 192.168.0.1 255.255.255.248
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 duplex auto
 speed auto
 no mop enabled
!
interface FastEthernet0/1
 ip address 10.0.0.2 255.255.255.252
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 duplex auto
 speed auto
!
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1
!
no ip http server
!
!
logging trap debugging
logging facility local2
access-list 100 permit udp any any eq bootpc
dialer-list 1 protocol ip permit
no cdp run
!
control-plane
!
banner motd ^CCisco 1841 Router^C
!
line con 0
 login authentication local_auth
 transport output telnet
line aux 0
 exec-timeout 15 0
 transport output telnet
line vty 0 4
 password 7 050656012A1F575C
 login authentication local_auth
 transport input telnet
!
end

Open in new window

rexxus

When you say that you are unable to ping from external are you ping'ing from the 10 network or from a public IP address on the internet?

If you are trying to ping the internal 192 range from an address on the internet you won't get a response as the 192.168.0.x address range is not routable across the internet.

If you are ping'ing from something on the other side of the 10 network is there a route to the 192 network (is this a home lab network?)

tdic_syap

ASKER

I'm trying to ping from a public IP address on the internet and also on the cisco router. If I try to do tracert from a computer on another network (public ip, internet) it only can trace until WAN Gateway (customer side) which is FastEthernet0/1 could not pass thru it.

I could not give you the exact public IP ranges that my ISP gave me. 192.168.0.x is only a representation of the IP ranges same as with 10.0.0.x.

WAN Gateway (ISP side) - X.X.X.A/30
WAN Gateway (customer side) - X.X.X.B/30

Ethernet IP (isp given ip ranges) - Y.Y.Y.C/29 - Y.Y.Y.J/29

cstosgale

Is the internal interface physically up? If it is not plugged in, you won't be able to ping it!

To confirm, if you are on the cisco router, and you ping the IP on fa0/0 you get no response?

leonjs

What is the default gateway on the computer set to ?

tdic_syap

ASKER

Interface F0/0 and F0/1 is up, Protocol for F0/0 and F0/1 is up as well. I could ping from router and even on the computer (internal network) to any public internet ip.

The default gateway for the computer (internal network) is the IP of F0/0. F0/1 (WAN gateway customer side going to ISP) while F0/0 is (IP address taken from the IP Ranges given by ISP).

leonjs

Can you post the running config?

tdic_syap

ASKER

Please refer to code snippet on the above post, that's the current configuration but I've changed the IP.

rexxus

Are you able to ping the IP address of the internal network from the internet?

Is there a firewall anywhere in the setup? Hardware or software?

tdic_syap

ASKER

I cannot ping any internal network from the internet. I could only ping up to the cisco router F0/0 interface. There's no firewall setup, please refer to below diagram.

Internet (ISP)
|
F0/1 (ip add X.X.X.A/30)
(Cisco Router)
F0/0 (ip add Y.Y.Y.C/29)
|
Internal Network (default route, 0.0.0.0 0.0.0.0 F0/1)

leonjs

I beleive factory settings allow this but for testing try adding these . .

allow pings into the network
access-list 100 permit icmp any any echo

allow ping responses
access-list 100 permit icmp any any echo-reply

allow ICMP source-quench
access-list 100 permit icmp any any source-quench

allow path MTU discovery
access-list 100 permit icmp any any packet-too-big

allow time-exceeded, which is useful for traceroute
access-list 100 permit icmp any any time-exceeded

deny all other ICMP packets
access-list 100 deny icmp any any

rexxus

From the router can you issue an extended ping using the following:

ping
ip
source <ip address of fa0/1>
destination <ip address of computer>
enter through the remainder of questions

and let us know the outcome?

tdic_syap

ASKER

I've done the extended ping and ACL on icmp, still having the same problem.

rexxus

If the extended ping failed then there is something wrong with either the interface addressing or something in the interface configuration that is missing.

Can you paste the output from "show ip route" please. Sanitised to the match above.

Also check all ip addressing and subnet masks to make sure they match as appropriate.

ASKER CERTIFIED SOLUTION

cstosgale

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial