Cisco 2921 Metro E Internet

[xTrolx]

Hello all! My first post here. I have used these forums through google many times. On to my question.

I am upgrading from a T1 to a 20mb Metro Ethernet circuit for Internet that is unmanaged. I have a Cisco 2921 that I am using. I am setting up the router now. AT&T gave me three IP address: Serial, AT&T, and Customer IP. I assume the Customer IP is the IP for my interface facing the internet and the AT&T IP will be my default route. I am not sure what the Serial IP is for. They also gave me a block of LanIPs that are /28. So I assume this will be my static IPs (which I requested at least 10). After setting up a test config I could ping to the internet from the router but I could not access the internet from my PC (hooked directly to the router). So I thought maybe I need to set up NAT on the router. My question is, if I set up NAT will I be able to get to the internal addresses from the internet? I have not tested NAT on it yet as I wanted to post this question before disconnecting myself to test. Here is my config:

version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname FMC
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
no aaa new-model
!
!
!
!
no ipv6 cef
ip source-route
ip cef
!
!
!
!
ip domain name yourdomain.com
ip name-server 8.8.8.8
!
multilink bundle-name authenticated
!
!
!
crypto pki trustpoint TP-self-signed-
(cut out all the crypto stuff)
redundancy
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0
description Internet
ip address 12.116.138.90 255.255.255.252
ip nat outside
ip virtual-reassembly
duplex full
speed 100
!
!
interface GigabitEthernet0/1
description EthernetLAN
ip address 12.53.16.65 255.255.255.240
ip nat inside
ip virtual-reassembly
duplex full
speed 100
!
!
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
!
!
ip forward-protocol nd
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip route 0.0.0.0 0.0.0.0 12.116.138.89
!
access-list 23 permit 10.10.10.0 0.0.0.7
!
!
!
!
!
!
control-plane
!
!
!
line con 0
login local
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
login local
transport input telnet ssh
line vty 5 15
access-class 23 in
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 20000 1000
end

 

[unclerico]

do you have a firewall behind this??

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[xTrolx]

I have a firewall (an Astaro) that will be moved over to it once I get it configured. Right now though there is no firewall on it. I am just trying to get connected through the Metro E before I start moving everything off my T1.

My setup with the T1 is the LAN side goes into a switch that a few other things with Public IPs are on, including my firewall which separates our internal network.

 

[unclerico]

take out the nat config. once you have your firewall in place that will be the device that should be performing NAT functions. while you're testing make sure that you are connecting your pc to the router via a x-over cable and assigning the nic an ip in the same range as the g0/1 interface

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[xTrolx]

I tried the xover cable and still couldn't connect from my PC to the internet. I also tried putting the router on a switch with my PC connected to the switch. Still no connection. If I do a tracert from my PC it reports that the destination is unreachable from the ip address of the g0/1. When I ping an internet IP from the CLI (over console cable) on the router it replies instantly.

 

[unclerico]

did you remove the nat config??

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[xTrolx]

I have an AT&T Engineer giving me a call tomorrow morning on it. I am guessing it might have something to do with the LanIPs they gave me.

 

[xTrolx]

Yes, I dropped all the NAT configs.

 

[unclerico]

yep, could be a routing issue.

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[xTrolx]

That was exactly the problem. They hadn't created the routing table for it.