Cisco 1721 - Unable to ping outside network

[djscottman]

I am sure it is something stupid I am overlooking, but been at it a full day now, and the numbers are all starting to look the same. Need to have this thing running in the next day or two, all and any help appreciated.

Here is the deal...have a Cisco 1721. Will be used to connect to a DSL modem. ISP uses a static IP, with the default gateway listed in the same subnet (more in a second). On the internal side, will be supporting an enterprise of about 50 users.

After initial configurations, the DHCP function is working, port forwarding from the outside to an internal webserver/ftp server is working. But I am unable to ping the default gateway supplied by the ISP and am unable to access the Internet from within the internal network.
Info provided by the ISP:

Availabe IPs:
156.X.X.186 to 156.X.X.190
Subnet Mask: 255.255.255.248
Default Gateway: 156.X.X.85

I only need to utilize one of the available IPs provided, in this case the 156.X.X.186

Below is my current configuration....what am I missing?

Thanks
Scott

Current configuration : 1511 bytes
!
! Last configuration change at 15:48:58 UTC Wed Nov 17 2004
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname XXX
!
enable secret 5 $1XXXXXX
enable password XXXXX
!
no aaa new-model
ip subnet-zero
!
!
ip dhcp excluded-address 192.168.0.1 192.168.0.24
ip dhcp excluded-address 192.168.0.100 192.168.0.254
!
ip dhcp pool internal
network 192.168.0.0 255.255.255.0
default-router 192.168.0.1
dns-server 198.X.X.2 198.X.X.2
!
!
no ftp-server write-enable
!
!
!
!
interface FastEthernet0
ip address 156.X.X.186 255.255.255.248
ip nat outside
speed auto
full-duplex
!
interface FastEthernet1
no ip address
shutdown
!
interface FastEthernet2
no ip address
shutdown
!
interface FastEthernet3
no ip address
shutdown
!
interface FastEthernet4
no ip address
shutdown
!
interface Vlan1
ip address 192.168.0.1 255.255.255.0
ip nat inside
!
ip default-gateway 156.X.X.185
ip nat pool ovrld 156.X.X.186 156.X.X.186 prefix-length 29
ip nat inside source list 1 pool ovrld overload
ip nat inside source static tcp 192.168.0.X 80 156.X.X.186 80 extendable
ip nat inside source static tcp 192.168.0.X 21 156.X.X.186 21 extendable
ip classless
!
no ip http server
!
access-list 1 permit 192.168.0.0 0.0.0.255
dialer-list 1 protocol ip permit
!
line con 0
line aux 0
line vty 0 4
password xxx
login
!
no scheduler allocate
!
end

 

[stevensavage]

You don't have an ip route specified.

ip route 0.0.0.0 0.0.0.0 gateway address

Steve

 

[djscottman]

Thanks for the ideas guys.

Bill, the router is in a test environment waiting to be configured to go live. So able to ping the real world, but not a solution as to why packets from the inside of the router are not being passed to the outside Gateway.

Steven...tried that suggestion. Still no go. Any other ideas?

It is as if the external interface can't find the gateway, doesn't know where to send the packets. Yet from the outside can get into the internal network with the port forwarding we have set up.

 

[djscottman]

Tried the Route thing again, but this time using SDM. Came back as an "Ambigious Address". Apparently it doesn't like the fact I would be forwarding a route to a rouyter on the same sub-net. Now what? Should I change the hop count to 0...I am running out of ideas, and can't find any online documentation to help....grrrrr, darn Cisco

 

[rudeboy]

Cisco says only use the ip default gateway when IP routing has been disabled on the router. I suggest this:

remove this "ip default-gateway 156.X.X.185"
and replace with this "ip route 0.0.0.0 0.0.0.0 156.x.x.185

 

[nerdmedic]

I'm curious why you are routing to the VLAN1 interface rather than using another one of the Ethernet interfaces for your internal network. That may not be the problem but conceptually, I think the idea of separate physical interfaces for the inside and outside is more logical.

But beyond that, if you could post an "sh ip route" and "sh ip nat translations", I think that would tell the story.

 

[gaveeve]

You are making the Static and Dynamic ip (156.X.X.186) the same thing. I've had trouble with this myself. Try changing one since you do have a range of addresses to use. I also don't see any routing.

 

[djscottman]

Thanks to all for your advise and guidance. I got the devise working. Was tired of playing with it in the test environment and decided to take my chances and try it in the "real world" environment it was configured for.

Took rudeboy's advise, got rid of the default gateway line and addred the routing line (o.o.o.o o.o.o.o 156.x.x.186).

Guess what, worked beautifully!! Appears this series of Router (1721) determined automatically that because the gateway and the external interface were in the same subnet, that PPPoE was in play. (It was). So was unable to ping in the test environment from inside out, as the outside gateway was a computer and not a PPPoE enabled gateway.

Course, might be making to large a conclusion on that one, but not questioning it, as it worked in the real world.

Also discovered I had set the port forwarding incorrectly...had them going in the wrong direction and had not enabled PAT.

Got that figured out and all is well.

Again, thanks for the input. Helped in trying new ideas!!

One last...had to use a crossover cable from the WAN port to the DSL modem.....have never run intot hat before. Normally should eb a straight through. Strange...but again, it's working.

Scott

 

[djscottman]

nerdmedic,

Used VLAN1 and enabled it on one of the Fastethernet ports beacuse a layer 2 devise (which the WIC ports for fastethernet 1, 2, 3 and 4 are) can not be directly assigned an IP address.

I tried, honest but found I had to utilize a VLAN, and then enable a FastEthernet port to use it.