Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
489
Views
0
Helpful
7
Replies

WAN connection

ben_ndivo
Level 1
Level 1

‎03-22-2003 02:10 AM - edited ‎03-02-2019 06:03 AM

I have a remote site connection to my Main site through a 1760 Router and then to the ISP Via a PIX 506 Firewall.The remote router also a 1760 can ping upto the Main site router but not the firewall nor the clients on the Main site.

I've nat'ed Remote clients to a pool of IP's from the Main site and the configuration has previously worked but now seems not to.

Any better configuration that I need utilise guys?

Thanks

Labels:
0 Helpful
7 Replies 7

tepatel
Cisco Employee
Cisco Employee

‎03-22-2003 11:21 AM

We need to take a look on the config of remote and main site's 1760 router. Based on that we can troubleshoot the nat issues if any. so post the config from both the routers here.

0 Helpful

ben_ndivo
Level 1
Level 1
In response to tepatel

‎03-24-2003 12:16 AM

Hi,

The configs for my Remote and Main sites are as follows.I have altered IPs

and Names consistently so that it reflects the exact scenario I have.

192.160.1.1 is the PIX 506.And since it allows internet access

for 192.160.1.0, if I can get my remote nat'ed to this site then the PIX

settings should ideally work fine for the remote site as well or I am wrong?

Mainsite Config:

Router Mainsite#sh config

Using 1709 out of 29688 bytes

!

version 12.2

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname Router Mainsite

!

enable secret !

ip subnet-zero

!

!

no ip domain-lookup

ip name-server A.B.C.D

!

!

interface FastEthernet0/0

description Mainsite LAN

ip address 192.160.1.2 255.255.255.0

no keepalive

speed auto

!

interface Serial0/0

description Leasedline 64Kbps circuit M2305 to Remote site

bandwidth 64

ip unnumbered FastEthernet0/0

encapsulation ppp

ip tcp header-compression iphc-format

fair-queue

ip rtp header-compression iphc-format

ip rtp reserve

router rip

version 2

network 192.160.1.0

no auto-summary

!

ip classless

ip route 0.0.0.0 0.0.0.0 192.160.1.1

no ip http server

!

!

!

password 7

login

line aux 0

password

login

line vty 0 4

password

login

line vty 5 15

login

!

end

Config for Remote Site

Router Remote-Site#sh config

Using 1955 out of 29688 bytes

!

version 12.2

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname Remote-Site

!

enable secret

enable password

!

ip subnet-zero

!

!

no ip domain-lookup

!

!

interface FastEthernet0/0

description Remote-Site LAN

ip address 192.160.2.1 255.255.255.0

ip nat inside

no keepalive

speed auto

!

interface Serial0/0

description Leasedline 64kbps circuit M2305to MainSite

bandwidth 64

ip unnumbered FastEthernet0/0

ip nat outside

encapsulation ppp

ip tcp header-compression iphc-format

random-detect

ip rtp header-compression iphc-format

!

router rip

version 2

network 192.160.2.0

no auto-summary

!

ip nat pool Remotesite-LAN 192.160.1.190 192.160.1.199 netmask 255.255.255.0

ip nat inside source list 3 pool Remotesite-LAN overload

ip nat outside source static 192.160.1.3 192.160.2.2

ip classless

ip route 0.0.0.0 0.0.0.0 192.160.1.2

no ip http server

!

access-list 3 permit 192.160.2.0 0.0.0.200

!

password

login

line vty 0 4

password

login

line vty 5 15

login

!

no scheduler allocate

end

0 Helpful

a.manosca
Level 4
Level 4
In response to ben_ndivo

‎03-24-2003 11:16 PM

The configuration looks fine. You also mentioned it has

worked before but now it's not. Were there any changes made on the routers?

0 Helpful

ben_ndivo
Level 1
Level 1
In response to a.manosca

‎03-24-2003 11:48 PM

The only change I did was on the Remote-LAN Pool IP addresses but I have as well reverted this back to it's original and still it won't work.Any ideas or any other config that I need try out?

0 Helpful

a.manosca
Level 4
Level 4
In response to ben_ndivo

‎03-24-2003 11:58 PM

Right now, are there existing entries in the NAT table? If there are, would it possible to clear them and then do some tests again?

How about the connectivity between hosts, routers, and PIX? Can you still not ping any host at the Main including the PIX?

0 Helpful

ben_ndivo
Level 1
Level 1
In response to a.manosca

‎03-25-2003 03:56 AM

Thought this would be interesting to note .There are no Dynamic entries in the NAT table but only the static translation below.

Pro Inside global Inside local Outside local Outside global

--- --- --- 192.160.2.2 192.160.1.3

I can telnet and ping into my remote Router only from the Main site router and not from any host machine or from the PIX.

Remote hosts are pinging my mainsite router.The connectivity seems to fail only between my Main site router and the PIX for Remote traffic.It's like Remote traffic is still seen as from 192.160.2.0 and not 192.160.1.0 even after nat'ing.

More Ideas ...guys

0 Helpful

a.manosca
Level 4
Level 4
In response to ben_ndivo

‎03-25-2003 06:13 PM

The translation table will surely help. When you do a ping from the Main site router

or hosts or PIX, what Remote site address are you pinging? What is the defined gateway

for the main site hosts? You also mentioned that remote hosts can ping your main site

router. What was the remote host's address? The main site router could probably ping

the remote because it is using the serial interface as the source of the ping.

Have you tried extended ping using FastEthernet0/0's address as the source?

From the NAT table, it did not show translations from hosts on 192.160.2.0,

so I think NAT is not working as expected. I really find your problem very

interesting so I hope you could still post some more info. Thanks.

0 Helpful
Customers Also Viewed These Support Documents