2611 Behind Cable Modem Can't Go out

[nagamin]

Pls someone help me. I have stuck on 2611. I can ping from router, but not from my internal LAN. following are my version and config.Pls guide me.


vimge#sh ver
Cisco Internetwork Operating System Software
IOS (tm) C2600 Software (C2600-IK9O3S3-M), Version 12.3(19), RELEASE SOFTWARE (fc2)
Technical Support:

http://www.cisco.com/techsupport

Copyright (c) 1986-2006 by cisco Systems, Inc.
Compiled Fri 12-May-06 04:14 by evmiller
Image text-base: 0x80008098, data-base: 0x81A0C1A4

ROM: System Bootstrap, Version 12.2(8r) [cmong 8r], RELEASE SOFTWARE (fc1)
ROM: C2600 Software (C2600-IK9O3S3-M), Version 12.3(19), RELEASE SOFTWARE (fc2)

vimge uptime is 3 hours, 45 minutes
System returned to ROM by reload
System image file is "flash:c2600-ik9o3s3-mz.123-19.bin"


This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:

http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

cisco 2611XM (MPC860P) processor (revision 0x401) with 126976K/4096K bytes of me
mory.
Processor board ID FTX0931A1J4 (3923599682)
M860 processor: part number 5, mask 2
Bridging software.
X.25 software, Version 3.0.0.
2 FastEthernet/IEEE 802.3 interface(s)
1 Virtual Private Network (VPN) Module(s)
32K bytes of non-volatile configuration memory.
49152K bytes of processor board System flash (Read/Write)

Configuration register is 0x2102


===================================================


vimge#sh run
Building configuration...

Current configuration : 1112 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname vimge
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$yaiG$hMTAPQPvAgsfr2LPUrPoA/
enable password cisco
!
no network-clock-participate slot 1
no network-clock-participate wic 0
no aaa new-model
ip subnet-zero
no ip routing
no ip cef
!
!
ip name-server 24.25.5.60
ip name-server 24.25.5.61
!
ip audit po max-events 100
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 192.168.0.254 255.255.255.0
ip nat inside
no ip route-cache
speed auto
half-duplex
!
interface FastEthernet0/1 \\Public Static IP
ip address 70.x.x.x 255.255.255.252
ip nat outside
no ip route-cache
duplex auto
speed 10
!
ip default-gateway 70.x.x.x \\Public Gateway
ip nat inside source list 1 interface FastEthernet0/0 overload
ip http server
no ip http secure-server
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1
!
!
access-list 1 permit 192.168.0.0 0.0.0.255
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
password cisco
login local
transport input telnet
!
!
end

============================================================

vimge#ping 192.168.0.5

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.0.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms

-----------------------------------
vimge#ping 70.x.x.x \\Public Static IP

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 70.x.x.x, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms

---------------------------------------
vimge#ping 70.x.x.x \\Public Gateway

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 70.x.x.x, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms

---------------------------------------
vimge#ping 24.25.5.61 \\ISP DNS

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 24.25.5.61, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/20/28 ms

---------------------------------------
vimge#ping yahoo.com

Translating "yahoo.com"...domain server (24.25.5.60) [OK]

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 66.94.234.13, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 104/105/108 ms

 

[Minue]

Hello
Is the workstation configure correctly?Try to ping the router inside address from the client and then the outside interface.
Also do an extended ping from the router using this 192.168.0.254 IP address as the source.
Regards

 

[nagamin]

Hi,

Yes. Workstation was correct. 192.168.0.172 255.255.255.0, gw router outside address. DNS was ISP DNS. I can ping inside add and outside add. can't ping ISP gateway and ISP DNS. Igot request timeout. I can ping router IN ADD and OUT ADD it self. Help me.

 

[Minue]

Hello
Please confirm that the workstation default gateway is 192.168.0.254.
Regards

 

[nagamin]

Hi!

Yes, it's correct. I was wrong typing. WK de-gw was 192.168.0.254.

 

[nagamin]

Hi!

It is correct for following ACl--

ip nat inside source list 1 interface fastethernet0/0 overload
when fa0/0 is connect to LAN and fa0/1 is connect to WAN.
Do i need to configure router to use dynamic routing, like RIP or act as gateway. Thanks in advance.

 

[Minue]

Hello
You don't need a dynamic routing protocol!The config is correct.Just change the configuration to with the command.
"ip routing"


Let me know how it goes.
Regards

 

[nagamin]

Hi!

It is showing "ip cef". Do I need to delete the that ACL and config as "ip routing" command?

 

[plshlpme]

your nat is overloading on the wrong interface..

no ip nat inside source list 1 interface FastEthernet0/0 overload

ip nat inside source list 1 interface FastEthernet0/1 overload

 

[Minue]

Hi
Plshlpme,good catch!!I overlook that!Nmhtun,leaving "ip cef" and the ACL is OK!Just change the NAT statement as Plshlpme said.An add the "ip routing" from the global configuration.After that it must work!
Regards

 

[nagamin]

Hi!

No. I'm still stuck. With "ip routing" I can't ping my ISP DNS and other Ex-source from my router. Without "ip routing" I can ping every where from my router, but not from LAN node. LAN node can ping up to router's WAN interface.

here is my config again

vimge#sh run
Building configuration...

Current configuration : 1101 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname vimge
!
boot-start-marker
boot-end-marker
!
no logging buffered
enable secret 5 $1$yaiG$hMTAPQPvAgsfr2LPUrPoA/
enable password cisco
!
no network-clock-participate slot 1
no network-clock-participate wic 0
no aaa new-model
ip subnet-zero
ip cef
!
!
ip name-server 24.25.5.61 \\ ISP DNS
ip name-server 24.25.5.60 ||
!
ip audit po max-events 100
!
!
!
!
!
!
interface FastEthernet0/0
description $ETH-LAN$
ip address 192.168.0.254 255.255.255.0
ip nat inside
speed auto
half-duplex
!
interface FastEthernet0/1
description $ETH-LAN$
ip address 70.x.x.x 255.255.255.252 \\static public address
ip nat outside
duplex auto
speed 10
!
ip default-gateway 70.x.x.x \\ISP DEF-GW
ip nat inside source list 1 interface FastEthernet0/1 overload
ip http server
no ip http secure-server
ip classless
!
!
access-list 1 permit 192.168.0.0 0.0.0.255
!
!
!
!
line con 0
line aux 0
line vty 0 4
exec-timeout 30 0
password cisco
login local
transport input telnet
!
!
end

 

[nagamin]

Hi Guys!

Guide me. Did my ios is somthing wrong? I found on cisco feature navigator that ios c2600-ik9o3s3-mz.123-19 is for cisco 2610-2613 routers. My current one is 2611XM, and it is not in list. Is that can cause trouble? When I search with ios c2600-jk9o3s-mz.122-27, my 2611XM is in list. How can I restore my config from TFTP server. PLEASE !!!!!!!!!!

 

[plshlpme]

you can put this back in

ip route 0.0.0.0 0.0.0.0 FastEthernet0/1

and make sure all your pcs have this as their default gateway
192.168.0.254

http://www.cisco.com/warp/public/105/default.html

 

[nagamin]

????

Now I can ping up to ISP's gateway from my laptop, which is behind of router, but not to other ex-source like my ISP's DNS server, yahoo.com. I can ping them from my router. I got more gray hair come out. Anyway thank for your help. Give me smoe more shots.

 

[burtsbees]

I played with something like this with my 2621XM for some time with my dsl modem, and got sick of it. I finally got a WIC-1ADSL, and it works just fine. But you have cable, so I don't know...does the cable modem give a 192.168.1.0/24, or a /16 when it is connected by itself?

Burt

 

[plshlpme]

are you manually assigning these nameservers to your pcs?
ip name-server 24.25.5.61 \\ ISP DNS
ip name-server 24.25.5.60 ||

its very common for dns servers to not respond to icmp...

i think your connectivity is ok now.. but you have a dns issue likely..

try pinging 69.147.114.210
which i just cheked is yahoo.com
it replied to me when i pinged it.

 

[nagamin]

Hi everyone,

I can't. DNS was manually assigned in my PC. When I ping from my router it's good responce. Not from PC. PC can't go more then ISP gateway. What about metric? Is that router can be config the metric? On PC it is auto. But you can fix for it.

I don't have access to go in to cable modem. It is holding by TWC. I really don't know what mode that modem acting.What should be, Bridge or Router?

 

[burtsbees]

Bridge mode, since you want to NAT with the router---also, when in bridge mode, you will need the credentials in your router to authenticate the PPPoA/PPPoE session. If the modem is actively doing all this, then the router cannot (or should not) have a NAT config.

Burt

 

[plshlpme]

this is cable though burt..
there wont be any pppoe/pppoa...

 

[brianinms]

Why not set your interface to DHCP and let your cable modem assign your router an IP.