Cisco 2621XM InterVLAN Routing and T1 Internet Connectivity

[Wargamer777]

I need some help on troubleshooting my T1 Internet connectivity for my remote users.

Using a 2621XM Router to do InterVLAN routing for 192.168.1.0 and 192.168.5.0 networks. I also have 3 static routes pointing out to 3 networks (.3, .8, .9) over a frame relay cloud.

Currently any user from any network can get to the other networks and their resources fine. (For example .1 can ping .3, .5, .8 and .9 and vice versa, etc.)

My T1 router to the internet is sitting on my .1 network as 192.168.1.254.

Any user from the 192.168.1.0 network can get to the internet. No one from the .3, .5, .8, and .9 can get out!

What's the problem? Here's my 2621XM Router Config:


!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname DeltaHQ
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$nDfE$oPxZ07V6WclKIgZtzUY5p0
!
username XXXXXXXXXXXX password 0 XXXXXXX
no network-clock-participate slot 1
no network-clock-participate wic 0
no aaa new-model
ip subnet-zero
ip cef
!
!
!
ip flow-cache timeout active 5
ip domain name deltamills
ip name-server 192.168.1.3
ip name-server 192.168.1.4
no ftp-server write-enable
!
!
!
!
interface FastEthernet0/0
no ip address
ip route-cache flow
speed 100
full-duplex
!
interface FastEthernet0/0.1
encapsulation dot1Q 1 native
ip address 192.168.1.100 255.255.255.0
ip helper-address 192.168.1.255
ip directed-broadcast
!
interface FastEthernet0/0.2
encapsulation dot1Q 2
ip address 192.168.5.100 255.255.255.0
ip helper-address 192.168.1.255
ip directed-broadcast
!
interface FastEthernet0/1
no ip address
ip route-cache flow
duplex auto
speed auto
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.254 permanent
ip route 192.168.3.0 255.255.255.0 192.168.1.253
ip route 192.168.8.0 255.255.255.0 192.168.1.253
ip route 192.168.9.0 255.255.255.0 192.168.1.253
ip flow-export source FastEthernet0/0
ip flow-export version 5
ip flow-export destination 192.168.1.175 9996
ip http server
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 192.168.5.0 0.0.0.255
access-list 1 permit 192.168.9.0 0.0.0.255
access-list 1 permit 192.168.8.0 0.0.0.255
access-list 1 permit 192.168.3.0 0.0.0.255
snmp-server ifindex persist
snmp-server enable traps tty
!
line con 0
password
login
line aux 0
line vty 0 4
password
login
!
!
!
end


Thanks for the help! I really need to get my remote users up!

 

[Wargamer777]

As a follow-up.... trace routes from a PC in the .5 network stops at my router at its default-gateway of 192.168.5.100.

The PC can't ping 192.168.1.254 (The T1 router to the internet)

Here's the T1 Router's config as well.... note it does have the ip permit statements for all my remote networks.

Using 1815 out of 29688 bytes
!
version 12.2
no service single-slot-reload-enable
service timestamps debug datetime
service timestamps log datetime
service password-encryption
!
hostname deltami
!
logging rate-limit console 10 except errors
enable secret 5 $1$To/N$hJOXdIGwhyOaoKgyaJfhm.
!
memory-size iomem 20
ip subnet-zero
no ip source-route
no ip finger
ip domain-name newsouth.net
ip name-server 64.90.1.22
ip name-server 64.90.1.14
!
no ip dhcp-client network-discovery
!
!
!
interface FastEthernet0
ip address 192.168.1.254 255.255.255.0
ip nat inside
speed auto
!
interface Serial0
bandwidth 1536
no ip address
encapsulation frame-relay IETF
no fair-queue
service-module t1 timeslots 1-24
frame-relay lmi-type ansi
!
interface Serial0.1 point-to-point
ip address 64.16.163.158 255.255.255.252
ip nat outside
no cdp enable
frame-relay interface-dlci 497
!
ip nat inside source list 1 interface Serial0.1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 64.16.163.157
no ip http server
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 192.168.3.0 0.0.0.255
access-list 1 permit 192.168.5.0 0.0.0.255
access-list 1 permit 192.168.8.0 0.0.0.255
access-list 1 permit 192.168.9.0 0.0.0.255
access-list 2 permit 64.89.70.114
access-list 2 permit 64.90.12.192 0.0.0.63
access-list 2 permit 64.90.1.64 0.0.0.63
access-list 2 permit 209.177.200.128 0.0.0.63
access-list 2 permit 216.176.226.0 0.0.0.127
access-list 2 permit 216.116.190.0 0.0.0.255
snmp-server community 3Z8pbXn3 view v1default RO 2
snmp-server community Cb5FenvA RW 2
banner motd ^C
**** This is a secure host! ****
**** Unauthorized access is prohibited! ****


Thanks