Link to home
Create AccountLog in
Avatar of anordquist
anordquist

asked on

Cisco 1841 Change WAN access from T-1 to Comcast Cable

I'm changing my WAN connection from a T-1 to Comcast cable.  The network configuration looks like:

Internet <--> Cisco 1841  <--> Cisco ASA <--> LAN
All of my firewalling, NATing and DHCP happens on either the ASA or from a server on the LAN, so the 1841 configuration is quite simple.

=================================
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname My_Router
!
boot-start-marker
boot-end-marker
!
no logging console
enable secret 5 $1$mZj5$BuazMEPz35K.O8YUtsYs30
!
no aaa new-model
ip cef
!
ip name-server 8.8.8.8
!
interface Loopback0
 ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0/0
 description Comcast cable
 ip address cc.cc.cc.142 255.255.255.240
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address bb.bb.bb.93 255.255.255.248
 duplex auto
 speed auto
!
interface Serial0/0/0
 description POPP circuit 3.HCFU.107017..NW
 ip address aa.aa.aa.82 255.255.255.252
 encapsulation ppp
 no fair-queue
 service-module t1 timeslots 1-24
!
ip route 0.0.0.0 0.0.0.0 aa.aa.aa.81
!
ip http server
no ip http secure-server
!
!
control-plane
!
!
line con 0
 password secretpasswordgoeshere
 login
line aux 0
line vty 0 4
 password secretpasswordgoeshere
 login
!
scheduler allocate 20000 1000
end

=============================

When I add these commands to switch the default route from my T1 to FE0/0, I lose my internet connection.  I've verified that the address for the cable model is cc.cc.cc.142.

no ip route 0.0.0.0  0.0.0.0 aa.aa.aa.81
ip route 0.0.0.0  0.0.0.0  cc.cc.cc.142


What am I missing here?
Avatar of anordquist
anordquist

ASKER

The correct IP address for FastEthernet0/0 is cc.cc.cc.141
Did comcast assign you multiple IP addresses or just one?  Do a show int f0/0 to verify if interface and protocol are up up.
interface FastEthernet0/0
 description Comcast cable
 ip address cc.cc.cc.142 255.255.255.240
 duplex auto
 speed auto

But you said " I've verified that the address for the cable model is cc.cc.cc.142." Are you using the same ip for your router and cable mode? You router interface should have a different one or the cable modem has another one.


ip route 0.0.0.0  0.0.0.0  cc.cc.cc.142

is cc.cc.cc.142 your next hop of Comcast cable?

You can trouble shot by ping from the router after you change the static ip routing.
Avatar of ArneLovius
Where are you seeing the internet conection go down from ?

Are you running private addresses or public addresses between the ASA and the 1841 ?

If you are using public addresses, these would also need to be changed on the ASA.

I would be tempted to connect the comcast connection directly to the ASA on a new interface, create duplicates of any NAT pools using the new address but the same pool ID, add the required NAT statements and ACLs and add an additional route, you can then test connectivity by adding a static route over the comcast connection to an external host and confirm that traffic flows over the correct route
I had a typo on the original problem entry, the correction is what should have been there.

I have a /28 block of addresses from Comcast.  I've decided to save a couple of the addresses by using public addresses between the Comcast cable modem and the 1841.  The inside address of the Comcast is now 10.1.10.1 and the outside address of the 1841 is 10.1.10.2.

I can ping successfully from the 1841 to the internet.  I can ping successfully from the Comcast through the 1841 to the ASA.  But when the default route on the 1841 is pointing to 10.1.10.1, I can't ping from the networks inside ASA to the internet.

I am using private addresses between the ASA and the 1841.

In the course of working with this, I created a static route on the Comcast.  It's gateway IP is 10.1.10.2 for the 1841 and it uses the private network addresses between the ASA and the 1841.    It didn't help or hinder with pinging from the networks inside the ASA to the internet
ASKER CERTIFIED SOLUTION
Avatar of ArneLovius
ArneLovius
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
I had hoped to run the cable and T-1 connections simultaneously while waiting for DNS changes for my servers to propogate.  I ended up leaving the connection directly between the Comcast modem and the ASA.