Re: Basic Routing question

ittechk4u1 · ‎03-06-2018

Hello experts,

I got IP address from ISP to configure point to point connection .

But we requested to use 8 public ip address so ISP gave one point to point IP and rest 8 with complete diff IP range:

PUBLIC1: ISP for point 2 point: 197.36.128.214/30 , 197.36.128.213 is used on ISP device

PUBLIC2: for more 8 public IP address: 197.36.128.160/29

and ISP told that he routed PUBLIC2 network over PUBLIC 1

so How I should configure my router to get access to internet ...

Thanks in advance.

Georg Pauwen · ‎03-06-2018

Hello,

the below should do it:

interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
ip nat inside
!
interface GigabitEthernet0/0
ip address 197.36.128.214 255.255.255.252
ip nat outside
!
ip nat pool NAT_POOL_1 197.36.128.161 197.36.128.166 prefix-length 29
ip nat inside source list 1 pool NAT_POOL_1
!
access-list 1 permit 192.168.1.0

ittechk4u1 · ‎03-06-2018

I tried this but still not working!!!!

i confgured exactly as you said...

then configured a GRE tunnel with IP :197.36.128.165 but tunnel is not coming up

Georg Pauwen · ‎03-06-2018

Hello,

post the full configuration you have so far...

ittechk4u1 · ‎03-07-2018

...

Georg Pauwen · ‎03-07-2018

Hello,

there is no isakmp in your output. Post the full running configuration (sh run) of both sides, BRRCVPN4 and BRRCVPN3.

ittechk4u1 · ‎03-07-2018

Hi, Let me start with scratch:

I got two ISP range from ISP:

Public 1: 196.36.220.212/30

196.36.220.213 - ISP Device

196.36.220.214 - Our VPN router

Public 2: 197.96.128.160/29

Here is the provider router config:

--------------------------------------------------------

interface GigabitEthernet0/0/0/15.437

description l| VLAN437 | CEL12-11-0429

bandwidth 10240

service-policy input 1to3-10240K-INPUT

service-policy output 1to3-10240K-10240K-OUTPUT

vrf INTERNET

ipv4 address 196.36.220.213 255.255.255.252

ipv4 verify unicast source reachable-via rx

ipv4 unreachables disable

flow ipv4 monitor IPv4-MON-MAP sampler FNF_SAMPLER_MAP ingress

flow ipv4 monitor IPv4-MON-MAP sampler FNF_SAMPLER_MAP egress

encapsulation dot1q 437

interface GigabitEthernet0/0/0/15.437

197.96.128.160/29 GigabitEthernet0/0/0/15.437 196.36.220.214

Questions:

1. Now i cant ping 196.36.220.213 from 196.36.220.214 , why ?

2. I need to access via SSH to 196.36.220.214 from ouside (internet), not possible why ?

once these two point works then i will create a GRE tunnel with router via PUBLIC 2 netwrok!!

Thanks

Georg Pauwen · ‎03-07-2018

Hello,

do you have SSH access set up on your router ? Post the full running configuration of your router (sh run) not just snippets.

I cannot ping your router either, I can ping the ISP router. ICMP might be blocked on the provider end, so that doesn't necessarily mean anything.

ittechk4u1 · ‎03-07-2018

see the attached conifg..

ghostinthenet · ‎03-06-2018

It depends on how you want things set up. Your WAN interface will hold the /30 subnet and will be your NAT outside interface. The /29 can be assigned to an interface if you actually want to assign the addresses to other devices directly, or if you're just using the network as a NAT pool, you can just reference the addresses in your NAT statements. (This will actually let you use all eight addresses in the /29 as there's no real network in play.) Traffic destined for the /29 will be routed by the ISP to your router's WAN interface and your router will take care of it from there.

How exactly do you want this /29 to be used? If you let me know, I can probably give more specific advice.

ittechk4u1 · ‎03-06-2018

Thanks.

i want to have GRE IPsec tunnel from /29 IP address to our HQ.

Could you please provide me a sample conifg, how should i can configure these.

Thanks again.

ghostinthenet · ‎03-07-2018

That's fairly easy to accomplish. Just attach the /29 to a loopback interface and source the tunnel off of that.

interface Loopback0

ip address x.x.x.x 255.255.255.248

!

interface Tunnel0

tunnel source Loopback0

ittechk4u1 · ‎03-07-2018

what about the PUBLIC 1 IP address (.212/30) ?

Thanks

ghostinthenet · ‎03-07-2018

That should already be attached to your WAN interface.

ittechk4u1 · ‎03-07-2018

so you mean it should be like this:

int gig0/1

IP address PUBLIC1 (.214/30)

!

int loop1

ip add PUBLIC2 (.162/29)

and then we should create a GRE tunnels with source address loop1 ?

No NATing required ?

could you please provide a sample config!!!!!

then what will be gateway to prvode a default root ?

0.0.0.0 0.0.0.0 Gateway ?

Thanks