tblinc
asked on
Cisco base WAN config trouble
Greetings,
I have some trouble to configure my WAN isp for my cisco 881 router.
My wan isp is a dedicated site to site dsl (internal isp networking, I don't have internet access on it).
My isp provide my a standard dsl with a static IP address which is 10.0.0.1 /24.
My wan interface IP is 10.0.0.2 /24 and the default gateway is of course 10.0.0.1 /24.
I have one vlan which is vlan 20 : 172.16.116.0 /24
My issue is that when I'm connected to my vlan 20, I'm able to successfully ping 10.0.0.2 but I can't ping 10.0.0.1 which I should.
I don't need nat nor firewall. I only need a direct link to my other office.
There is a copy of my running config.
I don't know if I should create some ACL ..
cisco.txt
I have some trouble to configure my WAN isp for my cisco 881 router.
My wan isp is a dedicated site to site dsl (internal isp networking, I don't have internet access on it).
My isp provide my a standard dsl with a static IP address which is 10.0.0.1 /24.
My wan interface IP is 10.0.0.2 /24 and the default gateway is of course 10.0.0.1 /24.
I have one vlan which is vlan 20 : 172.16.116.0 /24
My issue is that when I'm connected to my vlan 20, I'm able to successfully ping 10.0.0.2 but I can't ping 10.0.0.1 which I should.
I don't need nat nor firewall. I only need a direct link to my other office.
There is a copy of my running config.
I don't know if I should create some ACL ..
cisco.txt
does your ISP have a route back to your locally configured subnets (the one you are trying to ping from (which could bei either 172 or the 10.10.10 subnet ? if they do, then check if they have any access-list denying ICMP back to you
ASKER
This is not the fist setup like this. And they shouldn't block anything.
Right now, I have connected another router to the isp link (a small dlink) just to be functionnal. The Dlink is configured exactly the same way as the cisco router should be. .
I don't have this issue. I'm able to ping my wan gateway and my remote office. It seems that the issue come from my cisco router.
Thank you
Right now, I have connected another router to the isp link (a small dlink) just to be functionnal. The Dlink is configured exactly the same way as the cisco router should be. .
I don't have this issue. I'm able to ping my wan gateway and my remote office. It seems that the issue come from my cisco router.
Thank you
Try issuing these commands:
no ip route 0.0.0.0 0.0.0.0 10.0.0.1
ip route 0.0.0.0 0.0.0.0 fa4
Also, try this command:
ping 10.0.0.1 source fa4
no ip route 0.0.0.0 0.0.0.0 10.0.0.1
ip route 0.0.0.0 0.0.0.0 fa4
Also, try this command:
ping 10.0.0.1 source fa4
The ping command (which should be done on the router) will see if the Cisco can ping your ISP side of the link.
ASKER
Yes I can ping from my router, I always can.. but I'm still not able to ping my gateway from my computer and I should be able to.
If I can't ping my gateway, I'll not be able to ping my remote equipement too.
If I can't ping my gateway, I'll not be able to ping my remote equipement too.
ASKER
I also tried to change my route to 0.0.0.0 0.0.0.0 fastethernet 4
ASKER
Also (excuse me for the multiple post..) just to remember that I installed another router in replacement of the cisco 881 (a small dlink).
With the Dlink, I'm able to ping ,from my computer (which is in the 172.16.116.0 /24 network), my ISP gateway (10.0.0.1) my remote office, my remote isp gateway (10.0.1.1).
So the trouble really came from the cisco router.
With the Dlink, I'm able to ping ,from my computer (which is in the 172.16.116.0 /24 network), my ISP gateway (10.0.0.1) my remote office, my remote isp gateway (10.0.1.1).
So the trouble really came from the cisco router.
ASKER
Hum I thing I have solved my trouble.
I created some NAT rules to allow my traffic and now every thing seems to work. I'm able to ping my gateway successfully.
But this is very strange.. because I have setted up another scenario like this without nat and it works great.
I even try to copy the working config of another router (working without nat) to this one and it didn't work.
The only different thing is the firmware. Does the firmware change anything ?
Thanks for your help, I'll let the question open for 2-3 days just to be sure that everything is ok now.
I created some NAT rules to allow my traffic and now every thing seems to work. I'm able to ping my gateway successfully.
But this is very strange.. because I have setted up another scenario like this without nat and it works great.
I even try to copy the working config of another router (working without nat) to this one and it didn't work.
The only different thing is the firmware. Does the firmware change anything ?
Thanks for your help, I'll let the question open for 2-3 days just to be sure that everything is ok now.
Excellent, I'm glad you got it working. What did you have to NAT your IP to?
I doubt the firmware (I assume you mean IOS version?) would make a difference.
Are you using different ISPs for the two locations? If not, I assume the issue may be at the ISP's end (perhaps a mis configuration).
Havign said that, does your DLINK have NAT set up? If not, then it would have to be something with the CIsco.
"Yes I can ping from my router, I always can."
So the Cisco can ping 10.0.0.1... hmm that is interesting.
If you want us to take a further look, feel free to upload the config of your other working router (which does not have the NAT applied).
I doubt the firmware (I assume you mean IOS version?) would make a difference.
Are you using different ISPs for the two locations? If not, I assume the issue may be at the ISP's end (perhaps a mis configuration).
Havign said that, does your DLINK have NAT set up? If not, then it would have to be something with the CIsco.
"Yes I can ping from my router, I always can."
So the Cisco can ping 10.0.0.1... hmm that is interesting.
If you want us to take a further look, feel free to upload the config of your other working router (which does not have the NAT applied).
ASKER
bbd00,
Indeed I mean IOS version.
"Are you using different ISPs for the two locations? If not, I assume the issue may be at the ISP's end (perhaps a mis configuration)."
I use the same ISP for the two locations.
I have also tested my setup in my lab using a small router acting like my isp provider.
I configured the small router just like my dsl (using 10.0.0.1 for wan IP) and connected it into my cisco wan port. Configured my cisco wan port with 10.0.0.2, without nat.. still can't ping my gateway from my computer.
I'll upload my other cisco config tomorrow morning just to solve this issue.. even if it's working great with nating.
Thanks again for your support, it's very appreciated.
Indeed I mean IOS version.
"Are you using different ISPs for the two locations? If not, I assume the issue may be at the ISP's end (perhaps a mis configuration)."
I use the same ISP for the two locations.
I have also tested my setup in my lab using a small router acting like my isp provider.
I configured the small router just like my dsl (using 10.0.0.1 for wan IP) and connected it into my cisco wan port. Configured my cisco wan port with 10.0.0.2, without nat.. still can't ping my gateway from my computer.
I'll upload my other cisco config tomorrow morning just to solve this issue.. even if it's working great with nating.
Thanks again for your support, it's very appreciated.
"I configured the small router just like my dsl (using 10.0.0.1 for wan IP) and connected it into my cisco wan port. Configured my cisco wan port with 10.0.0.2, without nat.. still can't ping my gateway from my computer. "
That is extremely interesting. I would really like to get to the bottom of this one.
Can you please paste the output of the "show ip route" command from the non working router?
Not a problem, it is my absolute pleasure helping (or at least trying to!) :)
That is extremely interesting. I would really like to get to the bottom of this one.
Can you please paste the output of the "show ip route" command from the non working router?
Not a problem, it is my absolute pleasure helping (or at least trying to!) :)
ASKER
Good morning bbd00,
I have attached two text file. The first one is the result of "show ip route" of my non working router.
The second one is the config file of another working setup without nat.
Working-router.txt
show-ip-route.txt
I have attached two text file. The first one is the result of "show ip route" of my non working router.
The second one is the config file of another working setup without nat.
Working-router.txt
show-ip-route.txt
ASKER
I forget to told you that I make another test. I tried this in my cisco hyperterm
ping 10.0.0.1 source 172.16.116.1
I can't ping
If I make this : ping 10.0.0.1, it works
ping 10.0.0.1 source 172.16.116.1
I can't ping
If I make this : ping 10.0.0.1, it works
Thanks for the files.
Can you please issue the "ip classless" command on the non working router and then show me the output of the "show ip route" command again please? And also try the extended ping I mentioned above ( ping 10.0.0.1 source 172.16.116.1 ) and let me know the outcome?
Thanks!
Can you please issue the "ip classless" command on the non working router and then show me the output of the "show ip route" command again please? And also try the extended ping I mentioned above ( ping 10.0.0.1 source 172.16.116.1 ) and let me know the outcome?
Thanks!
ASKER
***** This is the ping command output *****
AeconLebourgneuf#ping 10.0.0.1 source 172.16.116.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds:
Packet sent with a source address of 172.16.116.1
.....
Success rate is 0 percent (0/5)
***** This is the show ip route command (I did it after "ip classless") *****
Gateway of last resort is 10.0.0.1 to network 0.0.0.0
172.16.0.0/24 is subnetted, 1 subnets
C 172.16.116.0 is directly connected, Vlan20
10.0.0.0/24 is subnetted, 1 subnets
C 10.0.0.0 is directly connected, FastEthernet4
S* 0.0.0.0/0 [1/0] via 10.0.0.1
AeconLebourgneuf#
AeconLebourgneuf#ping 10.0.0.1 source 172.16.116.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds:
Packet sent with a source address of 172.16.116.1
.....
Success rate is 0 percent (0/5)
***** This is the show ip route command (I did it after "ip classless") *****
Gateway of last resort is 10.0.0.1 to network 0.0.0.0
172.16.0.0/24 is subnetted, 1 subnets
C 172.16.116.0 is directly connected, Vlan20
10.0.0.0/24 is subnetted, 1 subnets
C 10.0.0.0 is directly connected, FastEthernet4
S* 0.0.0.0/0 [1/0] via 10.0.0.1
AeconLebourgneuf#
Thanks for that.
Can you please try issuing the "tracert" command (as below) on a PC in the 172.16.116.0/24 network? And paste the results here?
tracert 10.0.0.1
I want to see how far the trace gets before being dropped.
Cheers
Can you please try issuing the "tracert" command (as below) on a PC in the 172.16.116.0/24 network? And paste the results here?
tracert 10.0.0.1
I want to see how far the trace gets before being dropped.
Cheers
ASKER
This is the output of my tracert on a pc in the 172.16.116.0 /24 network.
C:\Documents and Settings\fnbisson.TBLINC-P
Tracing route to 10.0.0.1 over a maximum of 30 hops
1 <1 ms <1 ms <1 ms 172.16.116.1
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
5 * * * Request timed out.
6 * * * Request timed out.
7 * * * Request timed out.
8 * * * Request timed out.
9 * * * Request timed out.
10 * * * Request timed out.
11 * * * Request timed out.
12 * * * Request timed out.
13 * * * Request timed out.
14 * * * Request timed out.
15 * * * Request timed out.
and so on...
C:\Documents and Settings\fnbisson.TBLINC-P
Tracing route to 10.0.0.1 over a maximum of 30 hops
1 <1 ms <1 ms <1 ms 172.16.116.1
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
5 * * * Request timed out.
6 * * * Request timed out.
7 * * * Request timed out.
8 * * * Request timed out.
9 * * * Request timed out.
10 * * * Request timed out.
11 * * * Request timed out.
12 * * * Request timed out.
13 * * * Request timed out.
14 * * * Request timed out.
15 * * * Request timed out.
and so on...
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I finally solve my trouble using the nat fonctionnality because we needed to build the link between the two office asap.
You help was very appreciated bbd00
Thank you very much.
You help was very appreciated bbd00
Thank you very much.
ASKER
thanks again, I wish to continued to work on this issue with you.. unfortunately I didn't have time to
Not a a problem tblinc. Sorry I couldn't help you fix the issue without having to resort to NATing the traffic, however, I am just glad it is working.
Cheers
Cheers