Default Route to Internet on Cisco Router

We recently changed the way we access the internet from a single location shared between 3 sites with the DNS server located at the main site to local internet access at each site.   At one of the locations the local internet has been installed and I need to route traffic over the new connection and not over the WAN.  

I tried changing the Gateway of last resort to the internal IP address of the local firewall.  but when I do that I lose all internet connectivity.   I can still access the network and see the servers over the WAN but I can not access the Internet and a DNS query to our DNS server located at  the main location comes back rejected. ( it currently works)

I would appreciate any suggestions on what else I need to do to do to route the Internet traffic out the local connection and be able to query our DNS server at the main location.

Below is the IP Routing table.  I changed the gateway of last resort to 192.168.110.21 which is the internal IP address of the firewall on site.   The DNS server I am trying to utilize is 65.10.1.51 and the IP address on the router at the main location is 192.168.12.5.  

Router_2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is 192.168.12.5 to network 0.0.0.0

C    192.168.110.0/24 is directly connected, FastEthernet0/0
     172.31.0.0/24 is subnetted, 3 subnets
C       172.31.3.0 is directly connected, FastEthernet0/1
D       172.31.2.0 [90/4359680] via 192.168.12.5, 01:20:31, Serial0/0/0.1
D       172.31.1.0 [90/3847680] via 192.168.12.5, 1w0d, Serial0/0/0.1
     89.0.0.0/24 is subnetted, 1 subnets
D       89.10.2.0 [90/4359680] via 192.168.12.5, 01:20:31, Serial0/0/0.1
     65.0.0.0/24 is subnetted, 1 subnets
D       65.10.1.0 [90/3847680] via 192.168.12.5, 1w0d, Serial0/0/0.1
     192.168.11.0/30 is subnetted, 1 subnets
D       192.168.11.12 [90/4357120] via 192.168.12.5, 01:20:32, Serial0/0/0.1
     192.168.12.0/30 is subnetted, 1 subnets
C       192.168.12.4 is directly connected, Serial0/0/0.1
S*   0.0.0.0/0 [1/0] via 192.168.12.5
Router_2#

Thanks for any suggestions.
qvfpsAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

qvfpsAuthor Commented:
I will not be working on this again before the 27th.
kuohCommented:
The firewall and router configs at the remote site would be more useful for troubleshooting.

KuoH
qvfpsAuthor Commented:
Below is the Router config before I make any changes.   I do not think the firewall is an issue.   I can not get out to the Internet since I can not do a DNS lookup after I change the gateway of last resort.  

192.168.12.5 is the interface on the Router at site 1 where the DNS server is located.  


User Access Verification

Username: adminuser
Password:
Router_2#show config
Using 4367 out of 196600 bytes
!
! Last configuration change at 15:55:27 EDT Tue Mar 13 2007 by adminuser
! NVRAM config last updated at 15:55:29 EDT Tue Mar 13 2007 by adminuser
!
version 12.3
service timestamps debug datetime msec localtime show-timezone year
service timestamps log datetime msec localtime show-timezone year
service password-encryption
!
hostname Router_2
!
boot-start-marker
boot system flash c1841-adventerprisek9-mz.123-8.YG3.bin
boot-end-marker
!
logging buffered 8092 notifications
no logging console
enable secret 5 *********************************
!
username adminuser privilege 15 secret 5 ****************************
clock timezone EST -5
clock summer-time EDT recurring 2 Sun Mar 2:00 1 Sun Nov 2:00
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
no aaa new-model
ip subnet-zero
ip cef
!
no ip domain lookup
ip domain name MyCo.com
ip ips po max-events 100
ipx routing 00d0.586c.4540
no ftp-server write-enable
!
application
 !
 monitor
 !
 session
 !
 global
!
crypto pki trustpoint TP-self-signed-****************
 subject-name cn=IOS-Self-Signed-Certificate-****************
 revocation-check none
 rsakeypair TP-self-signed-***************
!
class-map match-all VOIP
 match access-group name VOIP
class-map match-all VIDEO
 match access-group name VIDEO
!
policy-map VOIPTRAFFIC
 class VOIP
  priority percent 10
 class VIDEO
  bandwidth 346
 class class-default
  fair-queue
  random-detect
!
crypto isakmp policy 1
 encr 3des
 hash md5
 authentication pre-share
crypto isakmp key MyCo**********************209.19.2.69
!
crypto ipsec transform-set MyCo esp-3des
!
crypto map MyCoBACKUPVPN 10 ipsec-isakmp
 set peer 209.19.2.67
 set peer 209.19.2.69
 set transform-set MyCo
 match address 101
!
interface Tunnel0
 description BACKUP VPN TUNNELL WITH ENCRYPTION
 bandwidth 384
 ip address 172.21.1.2 255.255.255.252
 ip nat inside
 ip virtual-reassembly
 tunnel source FastEthernet0/1/0
 tunnel destination 172.21.1.1
!
interface FastEthernet0/0
 description Connection to Site2 Data network
 ip address 192.168.110.254 255.255.255.0
 duplex auto
 speed auto
 ipx network 1B encapsulation SAP
!
interface FastEthernet0/1
 description Connection to Site2 Phone System
 ip address 172.31.3.1 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet0/1/0
 description CROSSOVER CABLE TO ATT DSL/CABLE INTERNET
 no ip address
!
interface FastEthernet0/1/1
 no ip address
 shutdown
!
interface FastEthernet0/1/2
 no ip address
 shutdown
!
interface FastEthernet0/1/3
 no ip address
 shutdown
!
interface Serial0/0/0
 description Site2 T1 with 768K Port and 384K PVC
 bandwidth 768
 no ip address
 encapsulation frame-relay
 load-interval 30
 no fair-queue
 service-module t1 timeslots 1-12
 service-module t1 remote-alarm-enable
 service-module t1 fdl both
 frame-relay traffic-shaping
 frame-relay lmi-type ansi
!
interface Serial0/0/0.1 point-to-point
 description 384K PVC to Site1
 ip address 192.168.12.6 255.255.255.252
 ipx network AA2
 frame-relay interface-dlci 16
  class shapetraffic
!
interface Vlan1
 no ip address
!
router eigrp 1
 network 172.31.0.0
 network 192.168.12.0
 network 192.168.110.0
 network 192.168.11.0
 no auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.12.5
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1/0 205
!
no ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 5 life 86400 requests 10000
!
ip access-list extended VIDEO
 permit ip host 192.168.11.31 any
ip access-list extended VOIP
 permit ip 172.31.3.0 0.0.0.255 172.31.1.0 0.0.0.255
 permit ip 172.31.3.0 0.0.0.255 172.31.2.0 0.0.0.255
!
map-class frame-relay shapetraffic
 frame-relay cir 744800
 frame-relay bc 7448
 frame-relay mincir 384000
 service-policy output VOIPTRAFFIC
access-list 101 permit gre host 172.21.1.2 host 172.21.1.1
snmp-server community public RO
!
ipx router eigrp 1
 network 1B
 network AA2
 log-neighbor-changes
!
control-plane
!
line con 0
 login local
line aux 0
 password 7 ************
 login
 modem InOut
 transport input all
 speed 115200
 flowcontrol hardware
line vty 0 4
 privilege level 15
 login local
 transport input telnet ssh
line vty 5 15
 privilege level 15
 login local
 transport input telnet ssh
!
ntp clock-period 17179867
ntp server 192.168.12.5
end

Router_2#

 
would changing the default route below and deleting the second line resolve the issue?

ip route 0.0.0.0 0.0.0.0 192.168.12.5
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1/0 205
Your Guide to Achieving IT Business Success

The IT Service Excellence Tool Kit has best practices to keep your clients happy and business booming. Inside, you’ll find everything you need to increase client satisfaction and retention, become more competitive, and increase your overall success.

kevinhsiehCommented:
It looks like you are getting internal routing for your other WAN sites via eigrp, which is good. You should delete all of your other static routes and put just 1 static route in for your Internet connection. From what I can tell, 192.168.12.5 is the router at the main site, and that used to be your gateway. Delete that as a route, or at least lower the metric to something like 210.

Normally you would have an IP address on FastEthernet0/1/0, and you would set your default route to the IP address on your DCL/Cable modem.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
qvfpsAuthor Commented:
Thanks.   I will start worning on this again in a day or two when I can get back into the office.  
qvfpsAuthor Commented:
Thanks for the suggestions but I have resolved the issue and it was not a routing issue.      It might still have something to do with routing but I think it is a misconfiguration on my local DNS server.

There were two separate issues.
 
One: There was a newer firmware version for the firwall which I downloaded and installed.  This resolved an issue with NAT I had not realized I was having until I tried to ping an eternal IP address and checked the error log on the firewall.

Two: The ISP had not provided any DNS servers.  I was not concerned since I wanted to use our internal DNS server at the main location.  It now looks to me that the DNS query is getting to the DNS server but is being rejected.   I contacted our ISP and asked for the IP address of their DNS servers and once I added those along with the upgraded firmware I had internet access again.

I will be looking in the issue with the DNS server next.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.