Cisco – Can’t Ping INTERNET from clients but I CAN from Internal Routers

ciscopingtroubleshootingwan

I have a gateway rv320 cisco(lets name it BR) and inter router Cisco 1921 (lets name it RTR)

i was having trouble pinging the lan port on the BR from my hosts, but someone helped me fix that issue.

However, my hosts cannot ping the internet (google.com).
My RTR can ping the INTERNET.

for some reason it gets dropped at the PC's default gateway.
Tracert only goes up to the default gateway (172.16.10.1) and does not seem to go past that.

Here is my config from my RTR

    service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname T-RTR
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $1$g2ly$xT6VHT1gXBTLuXp6uJlp./
!
no aaa new-model
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip cef
no ipv6 cef
multilink bundle-name authenticated
!
cts logging verbose
!
!
license udi pid CISCO1921/K9 sn FGL1943200R
!
!
!
redundancy
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
 no ip address
 shutdown
!
interface GigabitEthernet0/0
 ip address dhcp
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 no ip address
 duplex auto
 speed auto
!
interface GigabitEthernet0/1.10
 encapsulation dot1Q 10
 ip address 172.16.10.1 255.255.255.0
!
interface GigabitEthernet0/1.20
 encapsulation dot1Q 20
 ip address 172.16.20.1 255.255.255.0
!
interface GigabitEthernet0/1.30
 encapsulation dot1Q 30
 ip address 172.16.30.1 255.255.255.0
!
router rip
 version 2
 passive-interface GigabitEthernet0/1
 network 172.16.0.0
 network 192.168.1.0
 no auto-summary
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
!
!
!
!
control-plane
!
!
banner motd ^C Unauthorized Access is prohibited!^C
!
line con 0
 password Group1
 login
line aux 0
line 2
 no activation-character
 no exec
 transport preferred none
 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line vty 0 4
 login
 transport input none
!
scheduler allocate 20000 1000
!
end

My routing table:

Gateway of last resort is 192.168.1.1 to network 0.0.0.0

S*    0.0.0.0/0 [254/0] via 192.168.1.1
      172.16.0.0/16 is variably subnetted, 6 subnets, 2 masks
C        172.16.10.0/24 is directly connected, GigabitEthernet0/1.10
L        172.16.10.1/32 is directly connected, GigabitEthernet0/1.10
C        172.16.20.0/24 is directly connected, GigabitEthernet0/1.20
L        172.16.20.1/32 is directly connected, GigabitEthernet0/1.20
C        172.16.30.0/24 is directly connected, GigabitEthernet0/1.30
L        172.16.30.1/32 is directly connected, GigabitEthernet0/1.30
      172.17.0.0/24 is subnetted, 3 subnets
R        172.17.10.0 [120/1] via 192.168.1.3, 00:00:18, GigabitEthernet0/0
R        172.17.20.0 [120/1] via 192.168.1.3, 00:00:18, GigabitEthernet0/0
R        172.17.30.0 [120/1] via 192.168.1.3, 00:00:18, GigabitEthernet0/0
      192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.1.0/24 is directly connected, GigabitEthernet0/0
L        192.168.1.2/32 is directly connected, GigabitEthernet0/0
R     192.168.13.0/24 [120/1] via 192.168.1.1, 00:00:15, GigabitEthernet0/0

Best Answer

Well, my problem is solved. It looks like RIPv2 was working fine on both BR and RTR. I went to Firewall > Block WAN requests [x] (in my br) and unchecked it. It was checked by default. I also went to ACL and allowed any traffic from any lan and now i can go out the internet with my clients and servers.. I will be modifying the ACL to secure my network once im done with the rest of the project. THANKS TO EVERYONE! for helping!

Your ASA configuration:

route outside 0.0.0.0 0.0.0.0 172.16.1.1 1

This will provide a default route via the outside interface, but how will the ASA know how to reach subnets residing behind the Layer 3 Distribution Switch?

You'll need to add routes to the internal subnets via the inside interface using the Layer 3 Distribution Switch as the next-hop IP address.

ASA static routing example:

route inside 172.19.12.0 255.255.255.240 172.16.2.2
route inside 172.19.3.0 255.255.255.0 172.16.2.2
route inside 172.20.100.0 255.255.255.224 172.16.2.2

Your Cisco Router's configuration:

ip route 0.0.0.0 0.0.0.0 200.200.200.200

Additionally, how will your border router know how to reach subnets other than it's connected routes, and the catch all default route via the outside interface's next-hop address 200.200.200.200?

Router static routing example:

ip route 172.19.12.0 255.255.255.240 172.16.1.10
ip route 172.19.3.0 255.255.255.0 172.16.1.10
ip route 172.19.100.0 255.255.255.224 172.16.1.10
ip route 172.16.2.0 255.255.255.224 172.16.1.10

Cisco – Configure Cisco Aironet 1600 AP with RADIUS and multiple VLANs

One way to solve this problem is to change the AP connection to a layer 2 trunk with both VLANs on the trunk. You can have two different SSIDs (one for users, one for guests) and each SSID is associated with a VLAN. When a client connects to the Guest SSID, her data goes on VL 200; a regular user's data goes on VL 100.

You will need separate DHCP scopes for each VLAN, either on the AP or a central DHCP server.

Best Answer

Related Solutions

Cisco ASA Routing Issue

Your ASA configuration:

ASA static routing example:

Your Cisco Router's configuration:

Router static routing example:

Cisco – Configure Cisco Aironet 1600 AP with RADIUS and multiple VLANs

Related Topic