?
Solved

Cisco router configuration

Posted on 2009-12-20
33
Medium Priority
?
759 Views
Last Modified: 2012-08-13
I have a router with the below configuration. I can ping other IPs in my VPN from he router but I cannot pint them from a client connnected to this router.
What are the missing commands?

Router#      
Router#show run              
Building configuration...                        

Current configuration : 1440 bytes                                  
!
version 12.4            
service timestamps debug datetime msec                                      
service timestamps log datetime msec                                    
no service password-encryption                              
!
hostname Router              
!
boot-start-marker                
boot-end-marker              
!
!
no aaa new-model                
dot11 syslog            
ip cef      
!
!
!
!
!
multilink bundle-name authenticated                                  
chat-script 3G "" "ATDT*99#" TIMEOUT 60 "CONNECT"                                                
!
!
!
!
archive      
 log config          
  hidekeys          
!
!
!
!
!
!
!
interface FastEthernet0/0                        
 no ip address              
 shutdown        
 duplex auto            
 speed auto          
!
interface FastEthernet0/1                        
 ip address 192.169.11.1 255.255.255.0                                      
 duplex auto            
 speed auto          
!
interface Cellular0/0/0                      
 no ip address              
 encapsulation ppp                  
 dialer in-band              
 dialer pool-member 1                    
 dialer-group 1              
 async mode interactive                      
!
interface Dialer1                
 ip address negotiated                      
 ip rip triggered                
 encapsulation ppp                  
 dialer pool 1              
 dialer idle-timeout 0                      
 dialer string 3G                
 dialer persistent                  
 dialer-group 1              
 no cdp enable              
 ppp authentication pap chap callin                                  
 ppp chap hostname 9222210023                              
 ppp chap password 0 922231                          
 ppp ipcp dns request accept2.4(13r)T, RELEASE SOFTWARE
!c
router rip          
 version 2          
 timers basic 30 180 0 240cal Support: http://www.ci
 network 172.24.0.0                  
 no auto-summary              
C
!y
ip forward-protocol nd Systems, Inc.        
ip route 0.0.0.0 0.0.0.0 Dialer1
PLD version 0x10              
!G
!
no ip http server                
no ip http secure-server 262144 Kbytes of main m
!o
dialer-list 1 protocol ip permit                
Main memory is
!
control-plane
!
!
line con 0
 password m111
 login
line aux 0
line 0/0/0
 script dialer 3G
 no exec
 rxspeed 3600000
 txspeed 384000
line vty 0 4
 password m111
 login
!
scheduler allocate 20000 1000
end

Router#
Router#
Router#
0
Comment
Question by:aldahan
  • 15
  • 12
  • 6
33 Comments
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 26094529
Hi,

the dialer interface is up?
0
 

Author Comment

by:aldahan
ID: 26094582
Yes it is up and I can ping the WAN IPs from the router. but I  cannot ping them from the computers connected tothe router. I think that the router is not routening the ping requists comming from ethernet interface to the cellulare interface.
0
 
LVL 16

Expert Comment

by:Aaron Street
ID: 26094782
are you sure the fire wall is not stopping them. IT is normaly to stop all traffic coming from out side hitting the routers interfaces. so check your security settigns as well
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 

Author Comment

by:aldahan
ID: 26094905
The firewall is not stopping them.
0
 

Author Comment

by:aldahan
ID: 26095464
I found that I can ping the router WAN IP from the other locations but I cannot ping the network internal IP of the router.
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 26095483
Hi,

Why you didn't configured NAT?
0
 

Author Comment

by:aldahan
ID: 26095505
how to configure it?
0
 

Author Comment

by:aldahan
ID: 26095538
the following nat confige does not work.

interface FastEthernet0/1
 ip address 192.169.11.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto

interface Cellular0/0/0
 no ip address
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer in-band
 dialer pool-member 1
 dialer-group 1
 async mode interactive
!
0
 
LVL 34

Accepted Solution

by:
Istvan Kalmar earned 1400 total points
ID: 26095547
HI the ip nat ouside need to Dialer interface:

interface Dialer1    
 ip nat outside

ip nat indise source list 1 interface dialer1 overload

access-list 1 permit 192.168.1.0 0.0.0.255
0
 

Author Comment

by:aldahan
ID: 26095576
it does not work. and the following is error message and followed by running configuration

Router(config-if)#ip nat indise source list 1 interface dialer1 overload
                           ^
% Invalid input detected at '^' marker.


Router#      
Router#      
Router#      
Router#      
Router#show run              
Building configuration...                        

Current configuration : 1596 bytes                                  
!
version 12.4            
service timestamps debug datetime msec                                      
service timestamps log datetime msec                                    
no service password-encryption                              
!
hostname Router              
!
boot-start-marker                
boot-end-marker              
!
!
no aaa new-model                
dot11 syslog            
ip cef      
!
!
!
!
!
multilink bundle-name authenticated                                  
chat-script 3G "" "ATDT*99#" TIMEOUT 60 "CONNECT"                                                
!
!
!
!
archive      
 log config          
  hidekeys          
!
!
!
!
!
!
!
interface FastEthernet0/0                        
 no ip address              
 shutdown        
 duplex        
 speed auto          
!
interface FastEthernet0/1                        
 ip address 192.169.112.1 255.255.255.0                                      
 ip nat inside              
 ip virtual-reassembly                      
 duplex auto            
 speed auto          
!
interface Cellular0/0/0                      
 no ip address              
 ip nat outside              
 ip virtual-reassembly                      
 encapsulation ppp                  
 dialer in-band              
 dialer pool-member 1                    
 dialer-group 1              
 async mode interactive                      
!
interface Dialer1                
 ip address negotiated                      
 ip nat outside              
 ip rip triggered                
 ip virtual-reassembly                      
 encapsulation ppp                  
 dialer pool 1              
 dialer idle-timeout 0                      
 dialer string 3G                
 dialer persistent                  
 dialer-group          
 no cdp enable              
 ppp authentication pap chap callin                                  
 ppp chap hostname 966509310023                              
 ppp chap password 0 966509310023                                
 ppp ipcp dns request accept                            
!
router rip          
 version 2          
 timers basic 30 180 0 240                          
 network 172.22.0.0                  
 no auto-summary                
!
ip forward-protocol nd                      
ip route 0.0.0.0 0.0.0.0 Dialer1                                
!
!
ip http server              
no ip http secure-server                        
!
access-list 1 permit 192.168.1.0 0.0.0.255                                          
dialer-list 1 protocol ip permit                                
!
!
!
!
control-plane
!
!
line con 0
 password mohannad
 login
line aux 0
line 0/0/0
 script dialer 3G
 no exec
 rxspeed 3600000
 txspeed 384000
line vty 0 4
 password mohannad
 login
!
scheduler allocate 20000 1000
end

Router#
Router#
Router#
Router#
Router#
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 26095634
sorry I've misstiped::)

ip nat inside source 1 interface Dialer1 overload
0
 

Author Comment

by:aldahan
ID: 26095670
still same error:
Router(config-if)#ip nat inside source 1 interface Dialer1 overload                                                                  
                                ^                                
% Invalid input detected at '^' marker.
0
 
LVL 16

Expert Comment

by:Aaron Street
ID: 26095695
can you do a show ip interface brief as well

nat should not affect this, the internal private IP should be abel to ping the ip of the wan interface. as it is directly connected to the router so would not be natted.

the clients do have 192.169.11.1 as there default gate way yes ?
0
 
LVL 16

Expert Comment

by:Aaron Street
ID: 26095713
sorry one of you configs uses 11.1 and one has 112.1 on the fast ethernet interface
0
 
LVL 16

Expert Comment

by:Aaron Street
ID: 26095718
what router is it you are using ?

I assume it can run NAT?
0
 

Author Comment

by:aldahan
ID: 26095721
yes. the gateway is correct.

Router#show ip interface brief
Interface                  IP-Address      OK? Method Status                Prot
ocol
FastEthernet0/0            unassigned      YES NVRAM  administratively down down

FastEthernet0/1            192.169.11.1   YES NVRAM  up                    up

Cellular0/0/0              unassigned      YES NVRAM  up                    up

NVI0                       192.169.11.1   YES unset  up                    up

Dialer1                    172.22.76.3     YES IPCP   up                    up

Router#
0
 

Author Comment

by:aldahan
ID: 26095737
it is 192.169.11.1
0
 
LVL 16

Expert Comment

by:Aaron Street
ID: 26095768
the command is

IP NAT INSIDE SOURCE LIST 1 interface dialer1 overload


access-list 1 permit 192.168.1.0 0.0.0.255                                          
dialer-list 1 protocol ip permit

whats this  list for? 192.168.1.x ? is not going to let 192.168.11.x address through?
0
 

Author Comment

by:aldahan
ID: 26095779
also note that from a client connected to the router, I can ping 172.22.76.3
0
 
LVL 16

Expert Comment

by:Aaron Street
ID: 26095788
yer then it is the nat thats causing the issue
try that second command including the keyword "list"
0
 

Author Comment

by:aldahan
ID: 26095986
what should be
access-list 1 permit 192.168.1.0 0.0.0.255?
is it
access-list 1 permit 192.169.11.0 0.0.0.255?
0
 

Author Comment

by:aldahan
ID: 26096041
OK.
Now I can ping from router clients to other VPN locations. However from other locations I cannot ping the router internal IP or any clients connected to the router.
0
 
LVL 16

Expert Comment

by:Aaron Street
ID: 26096046
sorry I was asking why you had the access list 1 in the first place as it does not match with the ipaddress on your Fast ethernet interface.

If your clients are on the 192.168.11.0 network then you dont want to use the access list 1 that is for the 192.168.1.0 network.

for NAT you need an access lsit that permists the IP address you want to NAT (ie 192.168.11.0 0.0.0.255)

and secondly the command to enable NAT is

ip nat inside source [b]list[/b] 1 interface Dialer1 overload

not ip nat inside source 1 interface Dialer 1 overload as ikalmar typed (i'm assuming it was a miss type on his part)
0
 
LVL 16

Expert Comment

by:Aaron Street
ID: 26096116
tahts right you can ping back through a NAT'ed IP

this is becasues to the outside all your inside clients are using the single IP assigned to your dialer interface

ping a few outside address from a client, and then on the router types

show ip nat transulations. you will see how the address are all trasnlated to a single IP address.

Private IP's cant get routed across the internet. you need to do port forwarding.

so you woudl do something like

ip nat static 192.168.11.5 44 172.22.76.3 44 (this might not be the exact command)

this would then mean any traffic recived on port 44 sent to ip addresss 172.22.76.3 would be forwarded to the internal ip address 192.168.11.5 port 44.

it is not normal to do this apart from in the case of some thing like a webserver you need to be connected to rom out side.

if you want to do things like remoe desktop, then you need a proxy server. so all incoming connectings are sent to this serve and it forwards them on to the correct internal device.

however I suggest you do a bit of reading up on NAT and how it works, cisco site has a lot of data on it. NAT works for outgoing connections but does not realy handely incomming connections well. (but then that gives you a lot of securiy)
0
 
LVL 16

Expert Comment

by:Aaron Street
ID: 26096121
can we see you running config now ?
0
 
LVL 16

Expert Comment

by:Aaron Street
ID: 26096132
oh and that other post should have started you [b]cant[/b] ping back theough a NAT'ed IP.
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 26096187
sorry I have a hangover:)

do that DewilWAH said.....
0
 

Author Comment

by:aldahan
ID: 26096353
The link that I am using should connect me to my IP-VPN. So I think it should allow me to ping all the IPs connected to the router. This is not an internet connection.
The following is the running config

Router#      
Router#show run              
Building configuration...                        

Current configuration : 1674 bytes                                  
!
version 12.4            
service timestamps debug datetime msec                                      
service timestamps log datetime msec                                    
no service password-encryption                              
!
hostname Router              
!
boot-start-marker                
boot-end-marker              
!
!
no aaa new-model                
dot11 syslog            
ip cef      
!
!
!
!
!
multilink bundle-name authenticated                                  
chat-script 3G "" "ATDT*99#" TIMEOUT 60 "CONNECT"                                                
!
!
!
!
archive      
 log config          
  hidekeys          
!
!
!
!
!
!
!
interface FastEthernet0/0                        
 no ip address              
 shutdown        
 duplex auto            
 speed auto          
!
interface FastEthernet0/1                        
 ip address 192.169.11.1 255.255.255.0                                      
 ip nat inside              
 ip virtual-reassembly                      
 duplex auto            
 speed auto          
!
interface Cellular0/0/0                      
 no ip address              
 ip nat outside              
 encapsulation ppp                  
 dialer in-band              
 dialer pool-member 1                    
 dialer-group 1              
 async mode interactive                      
!
interface Dialer1                
 ip address negotiated                      
 ip nat outside              
 ip rip triggered                
 ip virtual-reassembly                      
 encapsulation ppp                  
 dialer pool 1              
 dialer idle-timeout 0                      
 dialer string 3G                
 dialer persistent                  
 dialer-group            
 no cdp enable              
 ppp authentication pap chap callin                                  
 ppp chap hostname 110023                              
 ppp chap password 0 110023                                
 ppp ipcp dns request accept                            
!
router rip          
 version 2          
 timers basic 30 180 0 240                          
 network 172.22.0.0                  
 no auto-summary                
!
ip forward-protocol nd                      
ip route 0.0.0.0 0.0.0.0 Dialer1                                
!
!
ip http server              
no ip http secure-server                        
ip nat inside source list 1 interface Dialer1 overload                                                      
!
access-list 1 permit 192.169.11.0 0.0.0.255                                          
dialer-list 1 protocol ip permit                                
!
!
!
!
control-plane
!
!
line con 0
 password mo111
 login
line aux 0
line 0/0/0
 script dialer 3G
 no exec
 rxspeed 3600000
 txspeed 384000
line vty 0 4
 password mo111
 login
!
scheduler allocate 20000 1000
end

Router#
Router#
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 26096403
if it is a VPN colud you not need to NAT am I right?
This sim card belongs to a special APN?
0
 
LVL 16

Assisted Solution

by:Aaron Street
Aaron Street earned 600 total points
ID: 26096459
well taht really depends how you have your VPN's set up. but you could well be right ikalmar,

i think the

access-list 1 permit 192.169.11.0 0.0.0.255                                          
dialer-list 1 protocol ip permit    

was the problem when you had is set to 192.168.1.0. as you where then blocking all address apart from the 192.168.1.0 address to you dialer interface.

you could try takeing the nat of

no ip nat source list.......

and see if it still works
0
 

Author Comment

by:aldahan
ID: 26096624
It does not work after removing the NAT
0
 
LVL 16

Expert Comment

by:Aaron Street
ID: 26096647
ok in which case you do need NAT,

with VPN's you should be able to get it to work with out NAT but thats something you would have to take some time studying.

so many ways to implement it and so many factors to consider. espicaly what is olding public / private IP address and how these are routed between the networks.
0
 

Author Closing Comment

by:aldahan
ID: 31668400
Thank You
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are two basic ways to configure a static route for Cisco IOS devices. I've written this article to highlight a case study comparing the configuration of a static route using the next-hop IP and the configuration of a static route using an outg…
Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question