Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Can't ping through WAN router

Status
Not open for further replies.
chkmg

chkmg

Technical User
Aug 13, 2002
114
EU
Hi, I have setup three Cisco 1720 routers in my Lab and everything is working fine within the routers. One thing I have not been able to do is to reach the Internet through my WAN router (Named WAN because its directly connected to my wireless sitting behind the ISP's router). It has one interface each connected to the other two routers that I am trying to ping from.

Following is the configuration of my WAN router:

WAN#sh ru
Building configuration...

Current configuration : 1584 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname WAN
!
boot-start-marker
boot-end-marker
!
enable password
!
memory-size iomem 25
no aaa new-model
ip subnet-zero
!
!
ip name-server 192.168.2.1
ip dhcp excluded-address 10.1.1.1 10.1.1.10
!
ip cef
!
!
!
!
!
interface Ethernet0
description LAN
ip address 10.1.1.1 255.255.255.0
ip nat inside
full-duplex
!
interface Ethernet1
ip address 192.168.1.2 255.255.255.0
half-duplex
!
interface FastEthernet0
description WAN
ip address 192.168.2.50 255.255.255.0
ip nat outside
ip nbar protocol-discovery
speed auto
!
router ospf 10
log-adjacency-changes
redistribute static subnets
passive-interface FastEthernet0
network 10.1.1.0 0.0.0.255 area 0
network 192.168.1.0 0.0.0.255 area 0
network 192.168.2.0 0.0.0.255 area 0
!
ip nat inside source list 2 interface FastEthernet0 overload
ip nat inside source static tcp 10.1.1.11 3389 192.168.2.50 3389 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.2.1
no ip http server
!
access-list 2 permit 10.1.1.0 0.0.0.255 log
access-list 2 permit 192.168.1.0 0.0.0.255 log
access-list 2 permit 172.16.1.0 0.0.0.255 log
access-list 101 permit tcp any any eq 3389
access-list 101 permit tcp any any eq domain
access-list 101 permit tcp any any eq www
access-list 101 permit icmp any any
alias exec traffic sh ip nbar protocol-discovery stats bit-rate top-n 10
!
line con 0
exec-timeout 3660 0
line aux 0
password 7
line vty 0 4
password 7
login
!
end

-------------------------------------------------------

No here is the Config. on the other router that is connected to this WAN router but can not get to the WAN side of it (through the WAN router):
R-1#sh ru
Building configuration...

Current configuration : 960 bytes
!
version 12.1
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname R-1
!
enable password 7
!
!
!
!
!
memory-size iomem 15
ip subnet-zero
no ip domain-lookup
!
!
!
!
interface Loopback0
ip address 172.17.2.1 255.255.255.252
!
interface Serial0
ip address 192.168.4.1 255.255.255.0
shutdown
!
interface Serial1
ip address 172.16.1.2 255.255.255.0
no fair-queue
clockrate 64000
!
interface FastEthernet0
ip address 192.168.1.1 255.255.255.0
speed auto
!
router ospf 10
log-adjacency-changes
redistribute connected subnets
redistribute static subnets
network 172.16.1.0 0.0.0.255 area 0
network 192.168.1.0 0.0.0.255 area 0
network 192.168.4.0 0.0.0.255 area 0
!
ip classless
no ip http server
!
!
line con 0
line aux 0
modem InOut
no exec
transport input all
stopbits 1
line vty 0 4
password 7
login
!
no scheduler allocate
end


 
Sort by date Sort by votes
You need ip nat inside on fa0, since the next hop is doing NAT.

Burt
 
Upvote 0 Downvote
Also for good measures you should not use the same subnet on all of your interfaces.
 
Upvote 0 Downvote
Thanks for your reply Burt. I tried that dn't help :-(. I just figured it out that the Linksys router that connects to the WAN doesn't have an entry in the routing table for the Network 192.168.1.0. I added it and now everything is working fine.

Kind regards,
Chkmg
 
Upvote 0 Downvote
1. OSPF config hints:
your mask on R-1 loopback is /30 but the mask under the OSPF routing process is 0.0.0.255, don't mix masks! It's preferable to use /32 (host route mask) on a loopback -> 255.255.255.255 for neatness BUT you don't even need to advertise it's subnet (AKA host route) because OSPF does not need to be running on an interface for the router to use that address as the RID (router ID). In fact, doing so creates unneeded LSA's! Alternately, you can use the command <b>router id</b> under the router ospf process to define ANY id you want to.

2. show the ping commands and their results otherwise we are guessing what you mean by "through". Also, do an extended ping (look it up if you need to) using different IP source addresses and note the results also.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

bfordz
  • Locked
  • Question
new help on setting up third party VoIP phones through Catalyst 2960x switch
Replies
0
Views
101
bfordz
bfordz
steel_bender
  • Locked
  • Question
Allow HTTPS TCP Traffic through ASA5525
Replies
1
Views
109
Mogles49
Mogles49
mrdom
  • Locked
  • Question
RV325: Accessing LAN and WAN resources using the same hostname ...
Replies
0
Views
71
mrdom
mrdom
Tariq Habaybeh
  • Locked
  • Question
Cisco 881WD-E-K9 router configuration
Replies
1
Views
97
burtsbees
burtsbees
Baze72
  • Locked
  • Question
Cisco 2800 Series can't login
Replies
7
Views
149
burtsbees
burtsbees

Part and Inventory Search

Sponsor

Back
Top