Im Stuck..Help. 2 routers and cant get outside to internet.

Donnelly82Donnelly82 Member Posts: 38 ■■■□□□□□□□
Hi, having problems setting up my CCNA lab. I have 2 2950 switches and 3 2610xm routers. I also have my ISP router, which will be connected to one of the 2610xm routers which will connect me to the internet. So far i have set up 2 routers and one switch, and can ping every device on the network. The 2610 router that is connected to the ISP router, can ping outside on to the internet no problem. The Other router which is connected to my switch, can ping anywhere on the network but not outside on to the internet.

I have set up RIP and NAT, here is a copy of my 2 running configs if anyone can help??

Router 1, which is connected to switch

Building configuration...

Current configuration : 3600 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Router1
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 $1$okdb$jpPGwPE8Ppwo3ZjAJ5NL6/
enable password 7 06150E2F01481B180B
!
no aaa new-model
no network-clock-participate slot 1
no network-clock-participate wic 0
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.10.1 192.168.10.29
ip dhcp excluded-address 192.168.10.61 192.168.10.254
!
ip dhcp pool internal-pool
import all
network 192.168.0.0 255.255.255.0
default-router 192.168.0.13
!
ip dhcp pool switch-1
network 192.168.10.0 255.255.255.0
dns-server 4.2.2.2
default-router 192.168.0.12
lease 3
!
!
ip domain name home.com
ip name-server 192.168.0.1
!
multilink bundle-name authenticated
!
!
crypto pki trustpoint TP-self-signed-1009706395
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1009706395
revocation-check none
rsakeypair TP-self-signed-1009706395
!
!
crypto pki certificate chain TP-self-signed-1009706395
certificate self-signed 01
30820248 308201B1 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31303039 37303633 3935301E 170D3032 30333031 31323337
34325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 30303937
30363339 3530819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
81009C59 AC07DB86 C1FC8B1D 67BD7022 051B03AD 69807771 80B3ABFF 9ED25AB9
D723D9B6 5CF886ED 6A9330C1 136D703F 28553479 2D153B18 97B59D87 D420E39B
64A622D3 3D7AD1CF 45C47398 0DF01357 0DAA1B36 810D6A23 03626D5F 3F033978
25029B06 EE94CEBB 37E7BF1C 198A0B06 D7732590 F4AB811A E30CCD58 53EC8EDB
83890203 010001A3 70306E30 0F060355 1D130101 FF040530 030101FF 301B0603
551D1104 14301282 10526F75 74657231 2E686F6D 652E636F 6D301F06 03551D23
04183016 80140067 5513753C 3F166733 84963184 84FA6197 4B18301D 0603551D
0E041604 14006755 13753C3F 16673384 96318484 FA61974B 18300D06 092A8648
86F70D01 01040500 03818100 71B15354 3DFF5F66 CFAE0CA3 2E1D7B6C 88CC61E1
9BD0A24A F6B900A4 66C7D45F E9D49781 C70B45A7 EC5D1417 0DDC7746 CDB5D3D8
2BDE50B4 0B394F6A 1F57F4CA 8BA7D32A 0ACF17C3 2E34A398 DA9810DA D727E234
4113C7A9 49A27408 367D443C 4E029924 111F2E48 356058ED A31C4000 F497C82B
ED96DA19 23726356 47F1F732
quit
!
!
username admin privilege 15 secret 5 $1$wC1L$5FFz3pkNx50WkNSbyWay51
username James privilege 15 secret 5 $1$whS4$HlaYEX42ROZoakm4eGCKR0
username jamesrouter1 privilege 15 password 7 14141B180F0B
archive
log config
hidekeys
!
!
!
!
!
!
!
interface FastEthernet0/0
description $ETH-LAN$
ip address 192.168.10.254 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface Serial0/0
ip address 192.168.11.1 255.255.255.0
ip nat outside
ip virtual-reassembly
encapsulation ppp
clock rate 56000
!
router rip
version 2
network 192.168.10.0
network 192.168.11.0
no auto-summary
!
ip default-gateway 192.168.0.11
ip forward-protocol nd
!
!
ip http server
ip http authentication local
ip http secure-server
ip nat inside source list 1 interface Serial0/0 overload
!
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.10.0 0.0.0.255
!
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line vty 0 4
password 7 03165E06091B24
login local
transport input all
line vty 5 15
password 7 03165E06091B24
login
!
!
end


Router 2, which is connected to router 1 and fastethernet connection to broadband router.


Building configuration...

Current configuration : 4268 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname James-Main-Router
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 $1$okdb$jpPGwPE8Ppwo3ZjAJ5NL6/
enable password 7 06150E2F01481B180B
!
no aaa new-model
!
resource policy
!
no network-clock-participate slot 1
no network-clock-participate wic 0
ip subnet-zero
ip cef
!
!
no ip dhcp use vrf connected
!
!
no ip ips deny-action ips-interface
ip domain name home.com
ip name-server 192.168.0.1
!
!
!
crypto pki trustpoint TP-self-signed-3710130769
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3710130769
revocation-check none
rsakeypair TP-self-signed-3710130769
!
!
crypto pki certificate chain TP-self-signed-3710130769
certificate self-signed 01
30820252 308201BB A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33373130 31333037 3639301E 170D3032 30333031 31323234
35365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 37313031
33303736 3930819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100BCF3 FBF68991 987C44C7 AA6FAFDF DC949229 56E393B6 180313C7 F8F8FA03
F158A7DA 73121769 15F0D690 1FB4C71D FA7790E6 D6C28361 EBEE7D7B 87FF5C2E
78C613E1 2F47CE44 4538BAAA F137F7C6 FB7CD671 D176D8A1 F252A238 7BACAD0B
DDDA866F 4449A12B 34EB04E5 251AA1AB 9540558F CA5AF4A9 5F676F2C 9AFFE9B0
8D850203 010001A3 7A307830 0F060355 1D130101 FF040530 030101FF 30250603
551D1104 1E301C82 1A4A616D 65732D4D 61696E2D 526F7574 65722E68 6F6D652E
636F6D30 1F060355 1D230418 30168014 2BE15C7A 844BB042 847BE7A5 F91BC0DC
9DCE51CA 301D0603 551D0E04 1604142B E15C7A84 4BB04284 7BE7A5F9 1BC0DC9D
CE51CA30 0D06092A 864886F7 0D010104 05000381 810035AE E0D1582D C0CB5C52
87E19601 F39E5985 9721900A C13FD680 AE202C42 9B1F9A7B 3A57C78D FCF2F420
944BE679 678FF29B E5F5F7AD 2FEFB65C F514F631 C63E44AB 36B888CB DEF883E7
A530632A DF635EAB DE701BC0 1675D970 E66EB2A9 5A0F3882 B604F354 26E1D539
E004366E 9F8B821D 3D2B5ED4 7DD22951 3824BDA5 855F
quit
username admin privilege 15 secret 5 $1$wC1L$5FFz3pkNx50WkNSbyWay51
username jamesmainrouter privilege 15 password 7 01100F175804
!
!
!
!
!
interface FastEthernet0/0
ip address dhcp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface Serial1/0
no ip address
shutdown
!
interface Serial1/1
no ip address
shutdown
!
interface Serial1/2
no ip address
shutdown
!
interface Serial1/3
no ip address
shutdown
!
interface Serial1/4
ip address 192.168.11.2 255.255.255.0
ip nat inside
ip virtual-reassembly
encapsulation ppp
!
interface Serial1/5
no ip address
shutdown
!
interface Serial1/6
no ip address
shutdown
!
interface Serial1/7
no ip address
shutdown
!
router rip
version 2
network 192.168.0.0
network 192.168.11.0
no auto-summary
!
ip classless
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
ip nat inside source list 1 interface FastEthernet0/0 overload
!
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.11.0 0.0.0.255
!
!
control-plane
!
!
!
banner motd ^C
############################################################################
# #
# #
# #
# This is James' Main Router #
# That connects to the world #
# #
# #
###########################################################################^C
!
line con 0
password 7 0307540515002D49
logging synchronous
line aux 0
line vty 0 4
privilege level 15
password 7 120B001A1D1F09
login
line vty 5 15
privilege level 15
password 7 120B001A1D1F09
login
!
!
end

Many thanks

Comments

  • instant000instant000 Member Posts: 1,745
    step 1: remove the passwords from the pasted configs.
    step 2: I didn't see any sort of access-class on the vty lines.
    step 3: I think your problem might be between your routers, give me a moment to look this over right quick.

    I'm trying to picture it.

    router 2 connects via ethernet to ISP
    router 1 connects via serial to router 2

    my first thought is to get rid of the default-gateway on router 1, and make sure that ip routing is turned on

    can you do a "sh ip route" on router 2 and router 1?

    thanks.

    (please don't show your ISP-provided IP in the output).
    Currently Working: CCIE R&S
    LinkedIn: http://www.linkedin.com/in/lewislampkin (Please connect: Just say you're from TechExams.Net!)
  • Donnelly82Donnelly82 Member Posts: 38 ■■■□□□□□□□
    Router 2 is connected to isp via ethernet to isp
    Router 1 is connected to router 2 via serial.

    Router 2

    Gateway of last resort is 192.168.0.1 to network 0.0.0.0

    R 192.168.10.0/24 [120/1] via 192.168.11.1, 00:00:01, Serial1/4
    192.168.11.0/24 is variably subnetted, 2 subnets, 2 masks
    C 192.168.11.1/32 is directly connected, Serial1/4
    C 192.168.11.0/24 is directly connected, Serial1/4
    C 192.168.0.0/24 is directly connected, FastEthernet0/0
    S* 0.0.0.0/0 [254/0] via 192.168.0.1

    Router 1

    Gateway of last resort is not set

    C 192.168.10.0/24 is directly connected, FastEthernet0/0
    192.168.11.0/24 is variably subnetted, 2 subnets, 2 masks
    C 192.168.11.2/32 is directly connected, Serial0/0
    C 192.168.11.0/24 is directly connected, Serial0/0
    R 192.168.0.0/24 [120/1] via 192.168.11.2, 00:00:00, Serial0/0
    Router1#

    ps there was no isp-provided ip

    Many Thanks for the reply
  • DiggsDiggs Member Posts: 97 ■■□□□□□□□□
    Default information originate on Router 1?
  • instant000instant000 Member Posts: 1,745
    router 1 needs a quad 0 route to point to router 2
    Currently Working: CCIE R&S
    LinkedIn: http://www.linkedin.com/in/lewislampkin (Please connect: Just say you're from TechExams.Net!)
  • instant000instant000 Member Posts: 1,745
    Another issue I see: router 1 has stuff in there like 192.168.0.x/24, which conflicts with the IPs between router 2 and the ISP router.
    Currently Working: CCIE R&S
    LinkedIn: http://www.linkedin.com/in/lewislampkin (Please connect: Just say you're from TechExams.Net!)
  • Donnelly82Donnelly82 Member Posts: 38 ■■■□□□□□□□
    instant000 wrote: »
    Another issue I see: router 1 has stuff in there like 192.168.0.x/24, which conflicts with the IPs between router 2 and the ISP router.

    Many thanks for that.


    Gateway of last resort is 192.168.11.2 to network 0.0.0.0

    C 192.168.10.0/24 is directly connected, FastEthernet0/0
    192.168.11.0/24 is variably subnetted, 2 subnets, 2 masks
    C 192.168.11.2/32 is directly connected, Serial0/0
    C 192.168.11.0/24 is directly connected, Serial0/0
    R 192.168.0.0/24 [120/1] via 192.168.11.2, 00:00:09, Serial0/0
    S* 0.0.0.0/0 [1/0] via 192.168.11.2

    Thats it now working. Would that be one of the reasons why my connection from my pc through my switch and routers would be very slow (Painfully slow)??

    Again Many thanks instant000. Just to see it working, although not very well, it gives me a little boost. icon_smile.gif

    Studying In my own time while working 6 days is tough, and this is what i want to do. when i have a couple of days off together will erase the boxes and start from scratch.
  • atorvenatorven Member Posts: 319
    @Diggs-That would be the other way around, on R2 which has the default route.
    @Donnelly82-Good luck with your studies.
  • instant000instant000 Member Posts: 1,745
    Donnelly82 wrote: »
    Thats it now working. Would that be one of the reasons why my connection from my pc through my switch and routers would be very slow (Painfully slow)??


    I'm not sure if the routers are overloaded, or if there are slow interfaces involved, or ... if it's your PC infected. You don't work for the New York Times, do you? (It's a crude joke. If you do work for them, I apologize. -- they recently found out they had been hacked for months, and their A/V (Symantec) didn't detect it.)


    1. You don't want an IP address conflict. Also, if you have 192.168.0.x/24 addresses inside your network, then you will have routing issues, as some of those addresses may think that the internet gateway is on their own subnet, and not be able to reach it. It just looks like issues waiting to happen. You don't want to clash with your ISP-provided private IPs. If you can't change the ISP-provided privates, then you need to change your 192.168.0.x/24 to something different.




    2. What is the bandwidth of those serial interfaces? (do a sh int) They could be slowing you down. [In fact, do a sh int for all your interfaces, and make sure there aren't any types of errors accumulating.] Also, I now start thinking of duplex and bandwidth mismatches, which could cause issues. Check out all of your interfaces, and make sure they match on both ends of either connection. If your serial interfaces are slow enough, they'd be slower than your ISP connection, which could slow you down a little.


    3. I see that you're really natting yourself all over the place, which from my perspective is a bit excessive, as you go from one overload, into another one.


    I think you could just set up your NAT pool on your router 2, and for the source list, just include all your internal subnets:


    Do this on Router 1:
    a. remove all of the NAT stuff. There is no need to do it here, at all. I would say the router's redundant, but I'm guessing you want to test this out. At least for the NAT, leave that for the router at the edge of your network.
    b. Give out DHCP, if you must, just make sure any pools don't conflict with 192.168.0.x/24 or anything else you need.




    Do this on Router 2:


    no ip nat inside source list 1 interface FastEthernet0/0 overload
    no access-list 1 permit 192.168.11.0 0.0.0.255
    no access-list 1 remark SDM_ACL Category=2


    ip nat pool Outside_LAN 192.168.0.128 192.168.0.254 netmask 255.255.255.0


    access-list 1 remark SDM_ACL Category=2
    access-list 1 permit 192.168.10.0 0.0.1.255


    ip nat inside source list 1 pool Outside_LAN




    4. I don't see any reason to advertise 192.168.0.0/24 into RIP. Which also means you're barking RIP towards your ISP router (which probably doesn't like that). What that network statement (network 192.168.0.0) is doing is enabling RIP on the interface that matches that IP string ... not sure you want to be doing that. If you must do that, at least go passive-interface on your FE so it doesn't waste its time talking to the ISP router.


    5. You're using Cisco routers, run EIGRP. It's less chatty :D


    6. Your networks small, and simple. You could use static routes and not worry about any routing protocol traffic.


    7. I'd probably statically assign the IP on the ISP-router-facing interface of Router 2, as I don't think the ISP router is ever going to change from 192.168.0.1, is it? and then just set a default to 192.168.0.1. Now, if there's any chance this changes, then you could potentially have future conflicts, between this IP space, and yours, so I hope it doesn't change too often.




    Hope this helps!
    Currently Working: CCIE R&S
    LinkedIn: http://www.linkedin.com/in/lewislampkin (Please connect: Just say you're from TechExams.Net!)
  • DiggsDiggs Member Posts: 97 ■■□□□□□□□□
    atorven wrote: »
    @Diggs-That would be the other way around, on R2 which has the default route.
    @Donnelly82-Good luck with your studies.

    Yeah, got the two mixed up when reading the configs
  • Donnelly82Donnelly82 Member Posts: 38 ■■■□□□□□□□
    Thanks guys, really appreciate the help. awesome info and help, wont be able to get on it again until 2moro after work. will let you guys know the results.

    appreciate it
    james
  • Donnelly82Donnelly82 Member Posts: 38 ■■■□□□□□□□
    woohoo, running much better now. Took Nat of of one router, and played about with the clock speed on the serial interface, got rid of the 192.168.0.0 route and much faster. icon_smile.gif

    Still a long way to go, but getting connected at a decent speed is awesome, feels like things are starting to click.

    Also, starting to fly round the cisco ios. icon_smile.gif

    cheers guys for the help.
Sign In or Register to comment.