Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2577
Views
0
Helpful
21
Replies

Basic Routing question

ittechk4u1
Level 4
Level 4

‎03-06-2018 07:52 AM - edited ‎03-05-2019 10:02 AM

Hello experts,

I got IP address from ISP to configure point to point connection .

But we requested to use 8 public ip address so ISP gave one point to point IP and rest 8 with complete diff IP range:

PUBLIC1: ISP for point 2 point: 197.36.128.214/30 , 197.36.128.213 is used on ISP device

PUBLIC2: for more 8 public IP address: 197.36.128.160/29

 

and ISP told that he routed PUBLIC2 network over PUBLIC 1

so How I should configure my router to get access to internet ...

 

 

Thanks in advance.

 

 

Labels:
0 Helpful
21 Replies 21

ghostinthenet
Level 7
Level 7
In response to ittechk4u1

‎03-07-2018 04:33 AM

If all of the addresses provided are public, no NAT is required. You have a /30 facing the Internet provider, so if your WAN interface is .214, then your gateway is .213.

 

ip route 0.0.0.0 0.0.0.0 x.x.x.213

0 Helpful

ittechk4u1
Level 4
Level 4
In response to ghostinthenet

‎03-07-2018 04:45 AM

still its not working:

 

here is the config attached..

 

 

Preview file
5 KB
0 Helpful

Jose Lopez
Level 1
Level 1

‎03-07-2018 07:58 AM

You may configure a loopback interface with 197.36.128.161/29 and used as source interface to tunnel, also configure Nat over that interface.

0 Helpful

Jose Lopez
Level 1
Level 1
In response to Jose Lopez

‎03-07-2018 08:19 AM

I didn't read the before posts.
0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to Jose Lopez

‎03-07-2018 08:52 AM

When you configure the tunnel with tunnel protection profile it looks like you are trying to implement VTI which does provide IPsec encryption of the traffic without requiring crypto maps which the traditional IPsec requires. When I have implemented VTI I have also included this command in the tunnel config

tunnel mode IPsec ipv4

 

Here is a link to a forum discussion about VTI which I hope you may find helpful

https://supportforums.cisco.com/t5/vpn/router-vpn-vti-configuration-adding-a-third-site-router/td-p/2829996

 

It is not clear to me which interface on your router is intended to carry the tunnel traffic. G0/0 has a public IP and an ACL for internet traffic. So I thought perhaps it is this one but the interface is shutdown. G0/1 has a public IP and no ACL. But since it is the one not shutdown I guess this is the one being used.

 

The config for the remote router is clear that it is using G0/0 for its tunnel traffic and does have an ACL inbound on the interface. You have not shown that ACL but I am guessing that it is similar to the ACL shown on your router. I believe that your issue may be that when you use the tunnel protection profile that the tunnel traffic is no longer carried as GRE traffic. As a test I suggest that you add a line in the ACL on each router that permits any ip traffic between the tunnel source and destination addresses. Give that a try and let us know if the behavior changes.

 

HTH

 

Rick

HTH

Rick
0 Helpful

ittechk4u1
Level 4
Level 4
In response to Jose Lopez

‎03-07-2018 10:20 PM

Thanks.

could you please check my attached config in above post and provide me the sample config!!!!!

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to ittechk4u1

‎03-08-2018 08:05 AM

I made a suggestion about including the command

tunnel mode IPsec ipv4

under the tunnel configuration. And a suggestion about adding a line to the internet acl. It is not clear whether you have done these or not.

 

HTH

 

Rick

 

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card