cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
726
Views
0
Helpful
27
Replies
Highlighted
Advisor

ADSL modem <-> Cisco 877 <-> internal network problems!

Hi,

I try to ping 192.168.1.254 or anything on the net from the laptop, the router gives me no debugging information.

My bad, sorry. transit traffic is not seen by debug output.

ping sourcing from vlan1 and and post sh ip nat tr output if it is empty then ping again this time with debug ip pack 199

and do debug ip nat

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
Highlighted
Beginner

ADSL modem <-> Cisco 877 <-> internal network problems!

ITTEST#ping 192.168.1.254 source vlan1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.1.254, timeout is 2 seconds:

Packet sent with a source address of 172.30.59.1

02:45:46: IP: s=172.30.59.1 (local), d=192.168.1.254, len 100, local feature, NAT(2), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE

02:45:46: IP: s=172.30.59.1 (local), d=192.168.1.254 (Vlan666), len 100, sending

02:45:46: IP: s=172.30.59.1 (local), d=192.168.1.254 (Vlan666), len 100, output feature, Post-routing NAT Outside(17), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE

02:45:46: IP: s=172.30.59.1 (local), d=192.168.1.254 (Vlan666), len 100, sending full packet.

02:45:48: IP: s=172.30.59.1 (local), d=192.168.1.254, len 100, local feature, NAT(2), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE

02:45:48: IP: s=172.30.59.1 (local), d=192.168.1.254 (Vlan666), len 100, sending

02:45:48: IP: s=172.30.59.1 (local), d=192.168.1.254 (Vlan666), len 100, output feature, Post-routing NAT Outside(17), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE

02:45:48: IP: s=172.30.59.1 (local), d=192.168.1.254 (Vlan666), len 100, sending full packet.

02:45:50: IP: s=172.30.59.1 (local), d=192.168.1.254, len 100, local feature, NAT(2), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE

02:45:50: IP: s=172.30.59.1 (local), d=192.168.1.254 (Vlan666), len 100, sending

02:45:50: IP: s=172.30.59.1 (local), d=192.168.1.254 (Vlan666), len 100, output feature, Post-routing NAT Outside(17), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE

02:45:50: IP: s=172.30.59.1 (local), d=192.168.1.254 (Vlan666), len 100, sending full packet.

02:45:52: IP: s=172.30.59.1 (local), d=192.168.1.254, len 100, local feature, NAT(2), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE

02:45:52: IP: s=172.30.59.1 (local), d=192.168.1.254 (Vlan666), len 100, sending

02:45:52: IP: s=172.30.59.1 (local), d=192.168.1.254 (Vlan666), len 100, output feature, Post-routing NAT Outside(17), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE

02:45:52: IP: s=172.30.59.1 (local), d=192.168.1.254 (Vlan666), len 100, sending full packet.

02:45:54: IP: s=172.30.59.1 (local), d=192.168.1.254, len 100, local feature, NAT(2), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE

02:45:54: IP: s=172.30.59.1 (local), d=192.168.1.254 (Vlan666), len 100, sending

02:45:54: IP: s=172.30.59.1 (local), d=192.168.1.254 (Vlan666), len 100, output feature, Post-routing NAT Outside(17), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE

02:45:54: IP: s=172.30.59.1 (local), d=192.168.1.254 (Vlan666), len 100, sending full packet.

Success rate is 0 percent (0/5)

ITTEST#

ITTEST#

ITTEST#sh ip nat tr output

                    ^

% Invalid input detected at '^' marker.

ITTEST#sh ip nat tr

Highlighted
Advisor

ADSL modem <-> Cisco 877 <-> internal network problems!

Hi,

the command is sh ip nat translation

but it is doing post-nat routing so there should have been a nat translation

can you confirm anyway and turn off debugging: do u all in config mode

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
Highlighted
Beginner

ADSL modem <-> Cisco 877 <-> internal network problems!

Hi Alain,

Thanks for the help, I've turned the debugging off; not quite sure what you want me to try now, it still doesn't work...

Highlighted
Advisor

ADSL modem <-> Cisco 877 <-> internal network problems!

Hi,

ping again and post output of sh ip nat translation to confirm there was natting in action or not

according to result we'll investigate further.

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
Highlighted
Beginner

ADSL modem <-> Cisco 877 <-> internal network problems!

ITTEST#ping 192.168.1.254 source vlan1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.1.254, timeout is 2 seconds:

Packet sent with a source address of 172.30.59.1

.....

Success rate is 0 percent (0/5)

ITTEST#show ip nat translation

ITTEST#

Highlighted
Advisor

ADSL modem <-> Cisco 877 <-> internal network problems!

Hi,

ok so there is no translation finally.Can you post following:

-sh ip int Vlan1 | i Internet

-sh ip arp 192.168.1.254

- sh access-list 100

-sh ip cef 192.168.1.254

Can you also post a quick sketch of the network.

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
Highlighted
Beginner

ADSL modem <-> Cisco 877 <-> internal network problems!

ITTEST#sh ip int Vlan1 | i Internet

  Internet address is 172.30.59.1/30

ITTEST#sh ip arp 192.168.1.254

Protocol  Address          Age (min)  Hardware Addr   Type   Interface

Internet  192.168.1.254           0   7c03.d847.e488  ARPA   Vlan666

ITTEST#sh access-list 100

Extended IP access list 100

    10 permit ip 172.30.59.0 0.0.0.255 any

ITTEST#sh ip cef 192.168.1.254

192.168.1.254/32

  attached to Vlan666

Network layout would be:

PSTN/ADSL line -------> ISP modem/router ----------> fe0/3 Cisco 877 fe0/0 -----------> laptop

                                    192.168.1.254/24        192.168.1.139/24   172.30.59.1/24      172.30.59.123/24

Would that be enough detail?

Highlighted
Advisor

ADSL modem <-> Cisco 877 <-> internal network problems!

Hi,

You configured Vlan1 as a /30 on the router but your attached host has a /24.

Can you change it to a /24 on the router and also change this:

ip nat source list 100 interface Vlan666 overload like this:

ip nat inside source list 100 interface Vlan666 overload

You should then be able to ping from host in vlan 1 to 192.168.1.254 and beyond

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
Highlighted
Beginner

ADSL modem <-> Cisco 877 <-> internal network problems!

Hi Alain,

Changing the ip nat source list 100 interface vlan666 overload to ip nat inside source list 100 interface vlan666 overload did the trick.

I've left the odd subnet on the vlan 1 address, as I use an IP in the same subnet for the tunnel interface as well, if the subnets of this IPs overlap, it doesn't let you set it. Odd I know, but when I originally made this config (well the predecessor to this one when we still used the atm interface), that was the only way I could get it to work as required, and it only meant losing the first handful of IPs in a subnet where we'd only be using about 50 IPs anyway.

Thanks a million for your help, got this router working as required just in time.

I just need to push the config on to another test router now (this one we were playing with is getting shipped out first thing tomorrow morning) and get the tunnel up, hadn't had the time to configure this on the receiving firewall though, so it may just work.

The one part I've changed initially with the hope that it'll work was the tunnel source:

interface Tunnel0

description --- IPSec Tunnel to KX ---

ip address 172.30.60.1 255.255.255.0

ip ospf mtu-ignore

load-interval 30

tunnel source Vlan1

tunnel destination xxx.xxx.xxx.xxx

tunnel mode ipsec ipv4

tunnel protection ipsec profile IPSEC-VPN

This was previously Dialer0, do you know if this will work?

Thanks!

Highlighted
Advisor

ADSL modem <-> Cisco 877 <-> internal network problems!

Hi,

As long as the other VPN peer knows how to reach vlan1 then the tunnel should be up but you'll have to change the tunnel destination on this peer to vlan 1 ip  address.

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
Highlighted
Beginner

ADSL modem <-> Cisco 877 <-> internal network problems!

Hi Alain,

The VPN peer does not receive any traffic from the Public IP of the 877, so it seems the tunnel is not trying to be established. Any ideas?

Thanks again,

Beginner

ADSL modem <-> Cisco 877 <-> internal network problems!

Hi

I've opened a new discussion for this piece as my original issue (from this discussion) is now solved.

New discussionis https://supportforums.cisco.com/thread/2251447

Thanks!

CreatePlease to create content