Solved: destination host unreachable

ZL123 · ‎01-31-2024

Hi i am unable to ping PC 2 to PC 6 from a different network but i am able to reach the layer 3 switch. please help!

Georg Pauwen · ‎02-01-2024

Hello,

if you remove the 'ip nat outside' from the serial 0/2/0 interface on R3, you have connectivity. I have seen this before, it seems to be a limitation of Packet Tracer, NAT on both sides does not seem to work...

EDIT: I liked your original design better (with the redundant routers). I would just keep that, and drop the NAT altogether...

View solution in original post

ZL123 · ‎01-31-2024

OSPF, HSRP all configured

Georg Pauwen · ‎02-01-2024

What are the device passwords ?

ZL123 · ‎02-01-2024

Hi georg it’s cisco123

Georg Pauwen · ‎02-01-2024

Hello,

the HSRP was using wrong IP addresses, and the DHCP pools were misconfigured. Also, the NAT does not work because you have dual connections, but your NAT only works on one of the links. I changed some IP addressing for consistency and removed all NAT configs on the right side. What instructions are you following ?

ZL123 · ‎02-01-2024

no specific insutrctions, i just need to make a network infrastructure that is able to communicate across 2 diff networks. its okay to remove any redundant routers i just need it to be able to ping from one PC to the other

ZL123 · ‎02-01-2024

is it possible to have nat configured on both sides and remove the extra routers for it to wokr?

Georg Pauwen · ‎02-01-2024

Hello,

that would work. You can also just remove NAT on the left side (in the revised file that I sent you). Either way, the rest of your topology looks good !

ZL123 · ‎02-01-2024

I would like to have NAT configured on both side to replicate a realistic topology where 2 different offices are able to ping each other.

I removed the extra routers to mitigate the issue of having dual links and configured the nat this way but still doesnt work

left router NAT

config t
ip nat inside source list 1 int s0/2/0 overload

access-list 1 permit 172.16.1.0 0.0.0.63
access-list 1 permit 172.16.1.64 0.0.0.63
access-list 1 permit 172.16.1.128 0.0.0.63
access-list 1 permit 172.16.1.192 0.0.0.63
access-list 1 permit 172.16.2.0 0.0.0.63

int range g0/0-1
ip nat inside
ex

int s0/2/0
ip nat outside

ex

right router nat

config t
ip nat inside source list 1 int s0/2/0 overload

access-list 1 permit 172.16.2.64 0.0.0.63
access-list 1 permit 172.16.2.128 0.0.0.63
access-list 1 permit 172.16.2.192 0.0.0.63

int range g0/0-1
ip nat inside
ex

int s0/2/0
ip nat outside

ex

Georg Pauwen · ‎02-01-2024

Hello,

the outgoing interface on the right router is wrong. Also, make sure the access list (1) matches all LAN networks...

ZL123 · ‎02-01-2024

what should be the right commands then?

I changed the access lsit to match all VLANS but i dont know what outgoing interface is on the right router

applied to both routers:

config t
ip nat inside source list 1 int s0/2/0 overload

access-list 1 permit 172.16.1.0 0.0.0.63
access-list 1 permit 172.16.1.64 0.0.0.63
access-list 1 permit 172.16.1.128 0.0.0.63
access-list 1 permit 172.16.1.192 0.0.0.63
access-list 1 permit 172.16.2.0 0.0.0.63
access-list 1 permit 172.16.2.64 0.0.0.63
access-list 1 permit 172.16.2.128 0.0.0.63
access-list 1 permit 172.16.2.192 0.0.0.63

int range g0/0-1
ip nat inside
ex

int s0/2/0
ip nat outside

ex

Georg Pauwen · ‎02-01-2024

Hello,

if you remove the 'ip nat outside' from the serial 0/2/0 interface on R3, you have connectivity. I have seen this before, it seems to be a limitation of Packet Tracer, NAT on both sides does not seem to work...

EDIT: I liked your original design better (with the redundant routers). I would just keep that, and drop the NAT altogether...

ZL123 · ‎02-01-2024

alright thanks alot!!!! do you think there are any other things i should implement to make my network more secure?