Cannot ping first hop

[Glitchen]

I have a 2800 series router that I have specified the ip's for both interfaces, enabled routing, put the default route in and made sure the interfaces are up.

I can ping from the outside interface to the next hop and get a reply. But if I ping from the inside interface or a host on the inside interface I get request timed out.

If I do an extended ping from the outside int to the inside int or host I get a reply.
Aswell I get a reply from the outside interface when I ping from the inside interface but I cannot ping outside the router from the 192.168.1.x network

Please can someone tell me what I have wrong.

Here is the config


Current configuration : 896 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname TWcon
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$UL7N$U5OQ/d4r56tCNBY4DfK8r.
enable password r3dk@t007
!
no network-clock-participate aim 0
no network-clock-participate aim 1
no aaa new-model
ip subnet-zero
!
!
ip cef
!
!
no ftp-server write-enable
!
!
!
!
interface GigabitEthernet0/0
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
no mop enabled
!
interface GigabitEthernet0/1
ip address 64.132.73.46 255.255.255.252
duplex auto
speed auto
!
ip default-gateway 64.132.73.45
ip classless
ip route 0.0.0.0 0.0.0.0 64.132.73.45
ip http server
!
!
snmp-server community public RO
snmp-server enable traps tty
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
password nitro007
login
!
scheduler allocate 20000 1000
!
end

 

[burtsbees]

You need to configure NAT, which is Network Address Translation---this maps the private IP adress pool behind the router to the public WAN IP address, because private IP adresses are not routable on the internet. Here's a link...

http://64.233.167.104/search?q=cach...sco&hl=en&ct=clnk&cd=1&gl=us&client=firefox-a

Burt

 

[Glitchen]

Thanks for the reply, I understand nat and that is not what I need. When I say I am pinging the inside network 192.168.x from the outside interface I am talking about doing an extended ping.
I am actually performing the ping on the router and not on the internet to the non routable 192.168.1.x network.

Thanks!!!

 

[burtsbees]

ip route 0.0.0.0 0.0.0.0 int ge0/1

 

[Glitchen]

No go, Didn't work, Since I removed the next hop and replaced it with the interface like you said. I added the ip default-gateway.

 

[burtsbees]

But if I ping from the inside interface or a host on the inside interface I get request timed out."
"... but I cannot ping outside the router from the 192.168.1.x network"
These symptoms really sound like NAT, or lack thereof...I'd like to know your opinion on why you don't think so, please.

Burt

 

[Glitchen]

Sure no problem, Here is why I don't think I would need to nat that address.
If I have host a on the internet trying to get to host b with the ip address of 192.168.1.5 then I would have to static nat a public ip to the ip of host b.

But that is not what I am doing I am simply trouble shooting why host b (192.168.1.5) is not able to access the internet.
From host b I can ping the inside interface on the router 192.168.1.1 and the outside interface on the router ge0/1 but I cannot ping the next hop which would be some router on the internet (64.132.73.45)

I can ping the next hop on the router and I can also ping host B from the router.

Make more sense?

 

[Minue]

Hello
The private address isn't routable.You will need NAT or a public address for your inside host.Beware that NAT works in two ways.The one you mention for public access to private (for web,ftp mail service).Then private to the Internet,this is most commonly use.To allow lots of people to surf the Web when you only have 1 public address.
I think you are able to ping the router ge0/1 interface because it's a "Connected interface" No routing needed or NAT.But getting beyond that you will need NAT or routing.
Regards

 

[burtsbees]

Trust me---you need to establish dynamic NAT---actually, for internet access, it's called PAT, oe Many-To-One NAT.

Burt

 

[Glitchen]

Yes I absolutly understand pat and nat, What I am saying is I cannot ping the next hop off the outside interface from a host on the inside interface which that may involve pat. But when I perform an extened ping from the outside interface(see below for example) I do not get a reply. i think there is a routing issue but I can't find it. That is why I posted the config

Thanks!!!

test#ping
Protocol [ip]:
Target IP address: 192.168.1.1
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: GigabitEthernet0/1
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
Packet sent with a source address of 64.132.73.46
.....
Success rate is 0 percent (0/5)
test#

 

[burtsbees]

Your default route says "Here is a path from anywhere to anywhere via 64.132.73.45." It still cannot get from inside to outside without NAT!!! The outside destination needs a source address---without NAT/PAT, it looks at it and says, "192.168.1.x exists in many places in the world---where the hell is this coming from? Wait---this is a private IP address---you can't route this!" NAT takes this private IP address and translates the source into your outside public IP address, which IS routable on the internet. That is this routing problem you have---you are trying to route an ip address on the internet that is NOT routable. Take 3 minutes and put in a NAT overload config (PAT), and THEN do your ping test, and post the results please.

Burt

 

[burtsbees]

By the way, the default route on the edge router should define the outside interface, not the next hop. This with NAT should accomplish your goal. Why you would even want to simply ping the inside network from the outside router interface is beyond me, but hey---to each their own.

Burt

 

[Glitchen]

you are right, I was thinking of how the pix works, I am going to have to nat the 192 subnet. Actually I already did and it works for me.
Just for refernce here is what I added

access-list 1 permit 192.168.1.0 0.0.0.255
ip nat inside source list 1 interface GigabitEthernet0/1 overload
ip nat inside on ge0/0
ip nat outside on ge0/1

THANKS FOR BEATING ME INTO SUBMISSION

 

[Minue]

WELL DONE BURT!!!!!!!!!!!!!!!!!!

 

[burtsbees]

Glad it's working. What you said about NATting outside to inside, like for FTP server (static NAT) is true, but NAT is a general principle that works for more than just that. LAter.

Burt