04-27-2012 08:57 AM - edited 03-04-2019 04:10 PM
I have the following setup where the Cisco ME 3400 provided by the ISP.
My Cisco 2911 is configured as below:
CORE_Router#sh run
Building configuration...
Current configuration : 6075 bytes
!
! No configuration change since last restart
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CORE_Router
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
!
no aaa new-model
!
no ipv6 cef
ip source-route
ip cef
!
!
!
!
!
no ip domain lookup
ip name-server x.x.6.5
ip name-server x.x.57.230
multilink bundle-name authenticated
!
!
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-144954112
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-144954112
revocation-check none
rsakeypair TP-self-signed-144954112
!
!
crypto pki certificate chain TP-self-signed-144954112
certificate self-signed 01
30820229 30820192 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31343439 35343131 32301E17 0D313131 31303931 33303530
365A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3134 34393534
31313230 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
C38A912D 28B9AE50 2C06404B 1EEB4432 26DA3B69 103D3735 4CA8293F 18D6C6AB
183651BD 9239325D C0DB7135 254D1D37 30AAACE5 1E790F33 C2AC17CB A303ABFA
5AB4BB97 730A8E6D 24316CD1 B3B11A60 134FBF0E DDFAA8ED 3CB9CCEE 501A7BF8
F5389DFB DA56CBF2 DF121536 A36F4103 F334765E B7F0B13D BA48D64C 10522737
02030100 01A35330 51300F06 03551D13 0101FF04 05300301 01FF301F 0603551D
23041830 16801410 8B600649 CA9DA530 D9156962 7D57B5F0 A6621A30 1D060355
1D0E0416 0414108B 600649CA 9DA530D9 1569627D 57B5F0A6 621A300D 06092A86
4886F70D 01010505 00038181 00B5290D 23ADB708 4EBBF167 19BF47BC FB395CEA
AB86BFE6 DC3CC6C1 2A225D9A 74EA410C 505CB6FA 3E1DE766 575A1DD0 8A8DFDA2
93D4B206 2C9510E3 8F9A11E5 E91A65AE BCD2715A 352E361F 4963BC78 08DAF006
1B2F910A AB68D182 9A639D77 12E26BAF 1CCD138B F72A019B 596FBB44 A38ED3D0
B5ACFBA0 2EB3CDB5 2A936E6A 40
quit
license udi pid CISCO2911/K9 sn FCZ154670GK
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/0.2400
description $STC_DIA6$
encapsulation dot1Q 2400
ip address x.x.88.5 255.255.255.252
!
interface GigabitEthernet0/1
description $VPN_LAN$
ip address 128.1.0.200 255.255.248.0
duplex auto
speed auto
!
interface GigabitEthernet0/2
ip address 192.168.6.254 255.255.255.0
duplex auto
speed auto
!
ip forward-protocol nd
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip route 0.0.0.0 0.0.0.0 x.x.88.6
!
!
!
!
control-plane
!
!
!
line con 0
logging synchronous
login local
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
access-class 23 in
privilege level 15
login local
transport input telnet ssh
line vty 5 15
access-class 23 in
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 20000 1000
end
However I am not able to ping WAN from LAN
CORE_Router#ping 4.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 92/99/104 ms
CORE_Router#ping 4.2.2.2 source 192.168.6.254
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:
Packet sent with a source address of 192.168.6.254
.....
Success rate is 0 percent (0/5)
CORE_Router#ping 192.168.6.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.6.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
CORE_Router#ping 192.168.6.1 source x.x.88.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.6.1, timeout is 2 seconds:
Packet sent with a source address of x.x.88.5
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
CORE_Router#ping x.x.88.6 source 192.168.6.254
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to x.x.88.6, timeout is 2 seconds:
Packet sent with a source address of 192.168.6.254
.....
Success rate is 0 percent (0/5)
Is there anything yet to be added to the configuration ?
Solved! Go to Solution.
04-27-2012 09:16 AM
The easiest is something like the following:
access-list 10 permit 192.168.6.0 0.0.0.255
ip nat inside source list 10 interface GigabitEthernet0/0.2400 overload
interface GigabitEthernet0/0.2400
ip nat outsi
int g0/2
ip nat insid
HTH,
John
Please rate useful posts...
04-27-2012 09:01 AM
Skimming over the config looks like you can ping wan addresses from the wan, lan addresses from the lan, but if you source from an inside address to the outside you can't? If that's the case, you'll need to configure natting on this router.
HTH,
John
04-27-2012 09:06 AM
Yes John, That's the issue. I did apply ip nat on WAN and LAN interfaces. But still i was unable to, hence revert back to this configuration.
04-27-2012 09:10 AM
This config won't work without natting though. Can you post the natted config so we can see it?
04-27-2012 09:14 AM
Out of work now, but can you specify as to whta changes with natting should i make to this configuration.
04-27-2012 09:16 AM
The easiest is something like the following:
access-list 10 permit 192.168.6.0 0.0.0.255
ip nat inside source list 10 interface GigabitEthernet0/0.2400 overload
interface GigabitEthernet0/0.2400
ip nat outsi
int g0/2
ip nat insid
HTH,
John
Please rate useful posts...
04-28-2012 12:03 AM
Thanks a lot John. Indeed I hat not added
ip nat inside source list 10 interface GigabitEthernet0/0.2400 overload
CORE_Router#sh run
Building configuration...
Current configuration : 6445 bytes
!
! Last configuration change at 06:09:51 UTC Sat Apr 28 2012 by netadmin
! NVRAM config last updated at 06:09:53 UTC Sat Apr 28 2012 by netadmin
! NVRAM config last updated at 06:09:53 UTC Sat Apr 28 2012 by netadmin
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CORE_Router
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
!
no aaa new-model
!
no ipv6 cef
ip source-route
ip cef
!
!
!
!
!
no ip domain lookup
ip name-server x.x.6.5
ip name-server x.x.57.230
multilink bundle-name authenticated
!
!
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-144954112
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-144954112
revocation-check none
rsakeypair TP-self-signed-144954112
!
!
crypto pki certificate chain TP-self-signed-144954112
certificate self-signed 01
30820229 30820192 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31343439 35343131 32301E17 0D313131 31303931 33303530
365A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3134 34393534
31313230 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
C38A912D 28B9AE50 2C06404B 1EEB4432 26DA3B69 103D3735 4CA8293F 18D6C6AB
183651BD 9239325D C0DB7135 254D1D37 30AAACE5 1E790F33 C2AC17CB A303ABFA
5AB4BB97 730A8E6D 24316CD1 B3B11A60 134FBF0E DDFAA8ED 3CB9CCEE 501A7BF8
F5389DFB DA56CBF2 DF121536 A36F4103 F334765E B7F0B13D BA48D64C 10522737
02030100 01A35330 51300F06 03551D13 0101FF04 05300301 01FF301F 0603551D
23041830 16801410 8B600649 CA9DA530 D9156962 7D57B5F0 A6621A30 1D060355
1D0E0416 0414108B 600649CA 9DA530D9 1569627D 57B5F0A6 621A300D 06092A86
4886F70D 01010505 00038181 00B5290D 23ADB708 4EBBF167 19BF47BC FB395CEA
AB86BFE6 DC3CC6C1 2A225D9A 74EA410C 505CB6FA 3E1DE766 575A1DD0 8A8DFDA2
93D4B206 2C9510E3 8F9A11E5 E91A65AE BCD2715A 352E361F 4963BC78 08DAF006
1B2F910A AB68D182 9A639D77 12E26BAF 1CCD138B F72A019B 596FBB44 A38ED3D0
B5ACFBA0 2EB3CDB5 2A936E6A 40
quit
license udi pid CISCO2911/K9 sn FCZ154670GK
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/0.2400
description $STC_DIA6$
encapsulation dot1Q 2400
ip address x.x.88.5 255.255.255.252
ip nat outside
ip virtual-reassembly in
!
interface GigabitEthernet0/1
description $VPN_LAN$
ip address 128.1.0.200 255.255.248.0
duplex auto
speed auto
!
interface GigabitEthernet0/2
description $WAN_LAN$
ip address 192.168.6.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
ip forward-protocol nd
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 10 interface GigabitEthernet0/0.2400 overload
ip route 0.0.0.0 0.0.0.0 x.x.88.6
!
access-list 10 permit 192.168.6.0 0.0.0.255
!
!
!
control-plane
!
!
!
line con 0
logging synchronous
login local
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
access-class 23 in
privilege level 15
login local
transport input telnet ssh
line vty 5 15
access-class 23 in
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 20000 1000
end
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide