?
Solved

Cisco 3925 not routing traffic.

Posted on 2013-01-15
13
Medium Priority
?
907 Views
Last Modified: 2013-04-10
We currently installed a 100Mbps fiber line with Ethernet hand-off.  I purchased a Cisco 3925 ISR to be the gateway for this connection.  I am not going to use it for any security purposes.  I have an ASA5520 that will do that work.  Right now I am currently just trying to get the router online.

I know the following
Laptop <--->GB 0/1((()))GB0/0<---->Ethernet handoff from ISP.

I can ping and SSH to the outside interface of the router from outside the network.  I can also ping and SSH to the router from the laptop that is directly attached to the routers GB0/1 port.  From the Router's CLI I can ping IP addresses on the internet. From the laptop I can not.

I can not access the internet through the router though.

Here is my config.
Building configuration...

Current configuration : 3724 bytes
!
! Last configuration change at 02:17:03 UTC Tue Jan 15 2013 by ggsis
! NVRAM config last updated at 02:09:33 UTC Tue Jan 15 2013 by ggsis
! NVRAM config last updated at 02:09:33 UTC Tue Jan 15 2013 by ggsis
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname XXXNAMEXXX
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
enable secret 4 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
!
no aaa new-model
memory-size iomem 20
!
no ipv6 cef
ip source-route
ip cef
!
!
!
!
!
no ip domain lookup
ip domain name XXXXXXXXXXXXXXDomainXXXXXXXXXXX
multilink bundle-name authenticated
!
!
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-XXXXXXXXXXXXXXXX
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-XXXXXXXXXXXXX
revocation-check none
rsakeypair TP-self-signed-XXXXXXXXXXXXXX
!
!
crypto pki certificate chain TP-self-signed-XXXXXXXXXXXXXX
certificate self-signed 01
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
        quit
license udi pid C3900-SPE100/K9 sn FOC16140N3N
!
!        
username XXXXX privilege 15 secret 4 XXXXXXXXXXXXXXXXXXXXXXXXX
!
!
ip ssh time-out 60
ip ssh version 2
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description ISP Side of Router$ES_WAN$$ETH-WAN$
ip address 50.XXX.XX.XXX 255.255.255.252
no ip redirects
no ip proxy-arp
duplex auto
speed auto
no mop enabled
!
interface GigabitEthernet0/1
description My Side of Router$ES_LAN$$ETH-LAN$
ip address 50.YYY.YY.YYY 255.255.255.0
no ip redirects
no ip proxy-arp
duplex auto
speed auto
no mop enabled
!
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
!
ip forward-protocol nd
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip route 0.0.0.0 0.0.0.0 50.XXX.XX.NextHop
ip route 50.YYY.YY.0 255.255.255.0 GigabitEthernet0/1
!
!
!
!
control-plane
!
!
!
line con 0
login local
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
access-class 23 in
privilege level 15
login local
transport input telnet ssh
line vty 5 15
access-class 23 in
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 20000 1000
end
0
Comment
Question by:stuart100
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
13 Comments
 

Author Comment

by:stuart100
ID: 38779318
I confirmed the laptop settings and the GB0/1 interface's IP is set as the gateway.
0
 
LVL 17

Expert Comment

by:lruiz52
ID: 38779357
On the laptop' open a command line and Type ;

Tracert 8.8.8.8


And post results.

Also
ip route 50.YYY.YY.0 255.255.255.0 GigabitEthernet0/1

Might not be needed.
0
 
LVL 18

Accepted Solution

by:
fgasimzade earned 2000 total points
ID: 38779492
Are you sure your ISP knows that you own 50.YYY.YY.0 subnet?

I mean are you sure that your ISP routes 50.YYY.YY.0 subnet to the outside ip address of your router?
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:stuart100
ID: 38779572
When I tracert to 8.8.8.8 I get the GB0/1 interface that responds and after that all stars...

I have contacted them.  They gave me the IP block you would think that they would route it.
0
 
LVL 18

Expert Comment

by:fgasimzade
ID: 38779588
You said you can ping internet from router. Can you ping the interent with source address of your inside interface?

ping 8.8.8.8 source gb0/0
0
 

Author Comment

by:stuart100
ID: 38779668
No I can not. Tried that earlier sorry that I did not post those results.
0
 
LVL 18

Expert Comment

by:fgasimzade
ID: 38779762
Sorry, I meant

ping 8.8.8.8 source gb0/1
0
 
LVL 5

Expert Comment

by:Leeeee
ID: 38779822
Are you supposed to be announcing your block to your ISP? Are you sure the circuit is turned up? I 'd check with your ISP.
0
 

Author Comment

by:stuart100
ID: 38779928
Leeee the circuit is up.  I can SSH to the GB0/0 interface of my router from the outside.
0
 
LVL 18

Expert Comment

by:fgasimzade
ID: 38779962
If you can not ping with ping 8.8.8.8 source gb0/1  command, it seems like your ISP does not route your inside network
0
 

Author Comment

by:stuart100
ID: 38779968
I would agree I have called to speak with them.
0
 
LVL 10

Expert Comment

by:ddiazp
ID: 38780593
Based on all i've read, i'd assume you're expected to configure BGP on the router to advertise that 50.YY.YY.YY subnet of yours. That, or you've asked your ISP to do that for you on their backend.

Who owns that 50.yyy.yy.0/24 block?

I'd also go ahead an remove:

ip route 50.YYY.YY.0 255.255.255.0 GigabitEthernet0/1

Not that it matters since you'd already have a direct connect route via 0/1.
0
 

Author Closing Comment

by:stuart100
ID: 39065940
The ISP was not routing the IP block.  Once they did that we were set.
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
Every server (virtual or physical) needs a console: and the console can be provided through hardware directly connected, software for remote connections, local connections, through a KVM, etc. This document explains the different types of consol…
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Suggested Courses
Course of the Month12 days, 5 hours left to enroll

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question