Multiple Networks on Cisco Router and DNS issue

[arell12]

Hello,

I am doing some testing and I have a Firewall (PFSense)whose LAN ip is 192.168.1.1/24 and it acting as my DHCP server and DNS forwarder. Then I have a cisco router which has 2 interfaces e0/0 is 192.168.1.2/24. This network works fine, Computer on that netwrok are getting IP addresses from the Firewall and can get on the internet.

On the cisco router I have e0/1 setup as 192.168.93.1/24 and I also configured a DHCP server on the cisco given out ip addresses from 192.168.93.100 - 150 and clients are getting IP's correctly. From the clients on the 93 network I can ping 192.168.1.2 (e0/0 on Cisco) but I cannot ping 192.168.1.1 (Firewall). The problem is that the clients on the 192.168.93.0/24 network cannot access the internet, dns is not working or reachable?

Here is part of the config from my Cisco, if you need to see more I can include it:

version 12.1
no service single-slot-reload-enable
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
hostname Van-Cisco
!
enable secret 5 $1$E.lJ$G4z3jPPXgB3My47gLnIw30
!
username mis password 7 0503561B291C5B1A4A
username sprint password 7 04481B14062F58
!
!
!
!
clock timezone PST -8
clock summer-time PDT recurring
ip subnet-zero
no ip source-route
ip cef
ip tftp source-interface Loopback100
no ip domain-lookup
ip dhcp excluded-address 192.168.93.1 192.168.93.99
ip dhcp excluded-address 192.168.93.150 192.168.93.254
!
ip dhcp pool 192.168.93.0/24
network 192.168.93.0 255.255.255.0
default-router 192.168.93.1
dns-server 208.67.222.222
I also Tried 192.168.1.1 as the DNS server and it didnt work either
!
no ip bootp server
modemcap entry modemsurf:MSC=&FS0=1&C1&D3&K3\J
!
!
!
!
!
interface Loopback100
no ip address
!
interface Ethernet0/0
ip address 192.168.1.2 255.255.255.0
ip helper-address 192.168.1.1
no ip unreachables
no ip proxy-arp
full-duplex
no cdp enable
!
interface Serial0/0
no ip address
no ip proxy-arp
shutdown
no cdp enable
!
interface Ethernet0/1
ip address 192.168.93.1 255.255.255.0
no ip unreachables
no ip proxy-arp
full-duplex
no cdp enable
!
interface Serial0/1
bandwidth 1536
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
encapsulation frame-relay IETF
no ip mroute-cache
logging event subif-link-status
logging event dlci-status-change
shutdown
priority-group 1
no frame-relay inverse-arp
frame-relay lmi-type ansi
hold-queue 200 in
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.1 150
no ip http server

 

[unclerico]

Does the firewall have a route to the 192.168.93.x/24 network??

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[arell12]

Thanks, it does now and i can ping the firewall and outside sites using IP addresses but DNS is not working. Any idea why?

 

[unclerico]

you can ping the public DNS server??

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[burtsbees]

You don't need the ip-helper address command. That could be screwing you up a bit...can't exactly see why at this point, but you do not need it. Clients are not crossing an L3 boundary.

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!

 

[arell12]

Hey unclerico thanks for the help, the firewall route was the inital problem, other guys thanks for the help with this. I think that the problem was that I had this in the config:

no ip domain-lookup
I removed that and added this:
ip name-server 208.67.222.222
and things started to work. Thanks for your help.

We use the IP helper address command in some offices because DHCP is done over a WAN connection on different subnets.

 

[arell12]

I have one more question that I am going to add to this because there is a good history in this thread already. My Firewall initiates an IPSEC tunnel to another office when needed. The network address of that network is 172.16.236.0 /22

When I ping 172.16.236.14 (for instance) from the 192.168.1.0 network I can get replies but when I try to ping that address from the 192.168.93.0 network I get Responce timed out. Any Ideas why?

 

[unclerico]

chances are your crypto acl doesn't have the 192.168.93.0/24 network listed

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[arell12]

sorry what do you mean by crypto ACL?

 

[burtsbees]

Traffic from the local network to the remote network that gets encrypted by IPSEC.

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!