Solved

How to route cisco 2800 to the internet

Posted on 2015-02-17
27
237 Views
Last Modified: 2015-02-23
Hi all,

I am trying to figure out how to route my cisco router to the internet and statically assigned the address. I am fairly certain I set up the nat correctly but am not sure how to fix it.

When I try and ping say, google.com (216.58.216.46), I get a 0 percent success rate:
Router#ping 216.58.216.46

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 216.58.216.46, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
Router#

Open in new window



Here is my running config.
Router#sh running-config
Building configuration...

Current configuration : 1077 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
! card type command needed for slot/vwic-slot 0/0
enable secret 5 $1$yXmL$AGGkTPznGUb1b2OgUp2RY/
!
no aaa new-model
!
resource policy
!
ip subnet-zero
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.0.1 192.168.0.3
!
ip dhcp pool DATA
   import all
   network 192.168.0.0 255.255.255.0
   default-router 192.168.0.1
   dns-server 8.8.8.8
!
!
!
!
!
!
interface FastEthernet0/0
 ip address 173.192.xxx.xxx 255.255.255.0
 ip nat outside
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address 192.168.0.1 255.255.255.0
 ip nat inside
 duplex auto
 speed auto
!
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
!
no ip http server
ip nat inside source list 101 interface FastEthernet0/0 overload
!
access-list 101 permit ip 192.168.0.0 0.0.0.255 any
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
 login
!
warm-reboot
scheduler allocate 20000 1000
!
end

Open in new window


Any help is greatly appreciated!
0
Comment
Question by:ttriggs
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 8
  • 6
  • +2
27 Comments
 
LVL 9

Expert Comment

by:ffleisma
ID: 40615435
you are using the interface as next-hop IP, can you try and replace this with an IP address of your next-hop router instead.

ip route 0.0.0.0 0.0.0.0 FastEthernet0/0

also, to troubleshoot, can you try the following:
ping the next-hop router IP
do a traceroute

if the next-hop router IP is unreachble, it might be a Layer 1/2 problem between your router and the default-gateway/next-hop router.
0
 
LVL 12

Assisted Solution

by:Bryant Schaper
Bryant Schaper earned 125 total points
ID: 40615470
that is the problem, you need ip route 0.0.0.0 0.0.0.0 173.192.xxx.xxx with the ip being your next hop router on the far end.
0
 

Author Comment

by:ttriggs
ID: 40615497
Hmm, ok. I tried to change the next hop like you suggested but I get this error. Sorry I am new at this and trying to learn how to set up a network to go outside

Router(config)#ip route 0.0.0.0 0.0.0.0 173.196.xxx.xxx
%Invalid next hop address (it's this router)
Router(config)#

Open in new window


What settings would I have to change to fix this? Since, fa0/0 is the port being used for the internet, I thought I could set up that port with the ip address to nat outside, which is why I set the ip route 0.0.0.0 0.0.0.0 fa0/0. Is that not how you would normally do that?
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 12

Expert Comment

by:Bryant Schaper
ID: 40615498
Confirm both your IP and the gateway

You are showing:

Fa0/0 173.192.xxx.xxx 255.255.255.0
Gateway 173.196.59.250

Those are two separate subnets, is one a typo?
0
 
LVL 12

Expert Comment

by:Bryant Schaper
ID: 40615499
you should be able to ping 173.196.59.250 if you source interface fa0/0
0
 

Author Comment

by:ttriggs
ID: 40615507
Sorry, I accidentally showed my ip address, the other was a typo, it's set to 173.192.xxx.xxx.

I just pinged 173.192.xxx.xxx and it worked, but cant ping any  other outside address
0
 
LVL 9

Assisted Solution

by:ffleisma
ffleisma earned 250 total points
ID: 40615510
the IP address should be the IP address of the next-hop router.

ip route 0.0.0.0 0.0.0.0 173.192.xxx.yyy

where "173.192.xxx.yyy" is shown below
illustrationalso, can you try and ping the next-hop router IP? it might be an issue that your 173.192 interfaces has a different subnet mask as the next-hop router.

hope this helps, let me know if you have further question, be glad to help out.
0
 
LVL 9

Expert Comment

by:ffleisma
ID: 40615519
so a few other checks you can do.

traceroute 216.58.216.46
this should show us where you are stopping or might indicate where you are having issues beyond your router.

telnet 216.58.216.46 80
if it shows a blank screen, it means you are able to reach it via http but somehow ping (ICMP) is being blocked along the way

traceroute should show indication on routing issue along the way
while telnet should show indication of ICMP filtering issue along the path
0
 
LVL 12

Expert Comment

by:Bryant Schaper
ID: 40615520
so did you fix the ip route route to be 0.0.0.0 0.0.0.0 173.192.59.250?

also lose the ip route 0.0.0.0 0.0.0.0 fa0/0 line if you have not
0
 
LVL 12

Expert Comment

by:Bryant Schaper
ID: 40615528
could you repost your config as well if you dont get it working.
0
 

Author Comment

by:ttriggs
ID: 40615563
Here is the updated config. I removed the old ip route and I tried to set the new one you said to try ip route 0.0.0.0 0.0.0.0 173.192.xxx.xxx and it gave me the error -

Router(config)#ip route 0.0.0.0 0.0.0.0 173.192.xxx.xxx
%Invalid next hop address (it's this router)
Router(config)#

Open in new window


Current Config -
Current configuration : 1036 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
! card type command needed for slot/vwic-slot 0/0
enable secret 5 $1$yXmL$AGGkTPznGUb1b2OgUp2RY/
!
no aaa new-model
!
resource policy
!
ip subnet-zero
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.0.1 192.168.0.3
!
ip dhcp pool DATA
   import all
   network 192.168.0.0 255.255.255.0
   default-router 192.168.0.1
   dns-server 8.8.8.8
!
!
!
!
!
!
interface FastEthernet0/0
 ip address 173.192.xxx.xxx 255.255.255.0
 ip nat outside
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address 192.168.0.1 255.255.255.0
 ip nat inside
 duplex auto
 speed auto
!
ip classless
!
no ip http server
ip nat inside source list 101 interface FastEthernet0/0 overload
!
access-list 101 permit ip 192.168.0.0 0.0.0.255 any
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
 login
!
warm-reboot
scheduler allocate 20000 1000
!
end

Open in new window

0
 
LVL 9

Expert Comment

by:ffleisma
ID: 40615571
hi ttriggs, the IP address you use should not be the router interface IP.

you can reference the illustration below.
imagethe "ip route 0.0.0.0 0.0.0.0 a.a.a.a" should reference the ip address of your upstream neighbor router.

hope this helps
0
 

Author Comment

by:ttriggs
ID: 40615585
Hi ffleisma, Im not sure I understand; I thought I was already doing this.

I tried to set ip route 0.0.0.0 0.0.0.0 173.192.xxx.xxx but yields that error. Does it give me this error because that same address is set on fa0/0?

If so then what would I set fa0/0 to?

thanks again for the help, I really appreciate it
0
 
LVL 9

Accepted Solution

by:
ffleisma earned 250 total points
ID: 40615591
well, the confusion is that you are using 173.192.xxx.xxx, and this is your interface FastEthernet0/0 IP address.

If you look carefully in the diagram I'm attaching, you should reference the "other" router, upstream to yours.
imagei've highlighted it red for easy notice.

hope this helps.
0
 
LVL 12

Expert Comment

by:Natty Greg
ID: 40615848
must be configured like this

      ip route 0.0.0.0 0.0.0.0 Fastethernet0/0 173.192.xxx.xxx

you must do classless to an interface then next hop

use open dns google dns sucks plus they track everything you do online, without your permission.
0
 
LVL 29

Expert Comment

by:Predrag Jovic
ID: 40615928
Router(config)#ip route 0.0.0.0 0.0.0.0 173.192.xxx.xxx
%Invalid next hop address (it's this router)
This means that you added your router as next hop. Next-hop router should be your ISP router.

Are you sure that your subnet mask is 255.255.255.0 for WAN interface?
Did you get that IP range from your ISP?
interface FastEthernet0/0
 ip address 173.192.xxx.xxx 255.255.255.0
0
 
LVL 12

Expert Comment

by:Natty Greg
ID: 40615977
there is really no need for nexthop in his config since the interface is already facing the internet, or maybe he has his wires cross meaning he has the lan cable into the wan side and wan into lan.  next yes I agree should be his isp however, isp's only give out next op addresses to businesses needing it for specific services.

for lab purposes you set next op to routers of other subnet and gateways, unless he uses his isp gateway as the nexthop
0
 
LVL 29

Expert Comment

by:Predrag Jovic
ID: 40616037
I am not really sure what Author is doing (is this real life or lab situation) so I am just pointing out why error %Invalid next hop address (it's this router) appeared.
From posts above looks like author don't understand issue.
0
 
LVL 12

Expert Comment

by:Bryant Schaper
ID: 40617074
the format of the ip route command is the network to route (0.0.0.0 0.0.0.0 - which means all unknown traffic default route) and then ip address of the next router after your router.  ISP will usually provide this.
0
 

Author Comment

by:ttriggs
ID: 40617794
This is just for a lab, I am trying to learn how to set up a router to have internet access and be able to reach outside the network, nothing really fancy yet, Im just trying to learn.

Info provided by my ISP
Static IP - 173.192.xxx.xxx
Gateway - 173.192.xxx.1
Subnet mask - 255.255.255.0

Once again thanks for any help
0
 
LVL 9

Expert Comment

by:ffleisma
ID: 40618048
@ttriggs, so were you able to apply the correct static route and are you able to have outside reachability?

You might also want to check the reverse direction of the traffic if the routers along the path have a route towards your firewall.
0
 
LVL 29

Assisted Solution

by:Predrag Jovic
Predrag Jovic earned 125 total points
ID: 40618231
Your default route should be
ip route 0.0.0.0 0.0.0.0 173.192.xxx.1

If this is info from ISP and router is directly connected to ISP, he doesn't have to care about reverse direction ISP should take care of that.
0
 

Author Comment

by:ttriggs
ID: 40624941
Well I tried that and it still doesn't work :(  Any ideas what I am missing here?

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
! card type command needed for slot/vwic-slot 0/0
enable secret 5 $1$yXmL$AGGkTPznGUb1b2OgUp2RY/
!
no aaa new-model
!
resource policy
!
ip subnet-zero
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.0.1 192.168.0.3
!
ip dhcp pool DATA
   import all
   network 192.168.0.0 255.255.255.0
   default-router 192.168.0.1
   dns-server 8.8.8.8
!
!
!
!
!
!
interface FastEthernet0/0
 ip address 173.192.xxx.xxx 255.255.255.0
 ip nat outside
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address 192.168.0.1 255.255.255.0
 ip nat inside
 duplex auto
 speed auto
!
ip classless
ip route 0.0.0.0 0.0.0.0 173.192.xxx.1
!
no ip http server
ip nat inside source list 101 interface FastEthernet0/0 overload
!
access-list 101 permit ip 192.168.0.0 0.0.0.255 any
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
 login
!
warm-reboot
scheduler allocate 20000 1000
!
end

Open in new window


Router#ping 74.125.224.35

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 74.125.224.35, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

Open in new window

0
 
LVL 9

Expert Comment

by:ffleisma
ID: 40624981
The failed ping you showed , I assume that is the next hop IP correct?
Can't ping next-hopA few issue that can cause this which you can check are as follows:
Your subnet mask does not match the next-hop router subnet mask. Based from your configuration you are using 173.192.xxx.xxx with a /24 subnet mask, ensure  not only you have the same mask but both interface IP address are within the same subnet.
Do you have an intermediate device between your router and the next-hop router like a switch? Or is this is directly connected connection between two routers using ethernet? Kindly check your "show ip interface brief" and "show cdp neighbor". Issue might be caused by Layer2 or Layer1 issue between your router and the next-hop router.

At the very least you should be able to ping the next-hop router's IP address. Let me know if you have further questions be glad to help you out.
0
 
LVL 9

Expert Comment

by:ffleisma
ID: 40624983
Also, I'm curious to where your are running your test?
are these physical Cisco devices?
GNS3?
IOU?
0
 

Author Comment

by:ttriggs
ID: 40626225
ffleisma, so apparently TWC gave me the incorrect static IP.... I have the correct one now and I can ping ip addresses on the internet!

I also discovered I hadn't setup DNS completely as I was still getting this error:

Router#ping google.com
Translating "google.com"...domain server (255.255.255.255)
% Unrecognized host or address, or protocol not running.
Router#ping 74.125.224.35
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 74.125.224.35, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/5/8 ms

Open in new window


To fix it I had to configure the following and can now ping google.com :
ip dns server
ip domain name itrouter.com
ip name-server 66.75.164.89

Open in new window

Router#ping google.com
Translating "google.com"...domain server (66.75.164.89) [OK]

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 74.125.224.71, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/5/8 ms
Router#

Open in new window

0
 

Author Closing Comment

by:ttriggs
ID: 40626231
Thanks for the help. It makes a lot of sense now.
0

Featured Post

Secure Your Active Directory - April 20, 2017

Active Directory plays a critical role in your company’s IT infrastructure and keeping it secure in today’s hacker-infested world is a must.
Microsoft published 300+ pages of guidance, but who has the time, money, and resources to implement? Register now to find an easier way.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question