Re: Can ping from one side of the router but not the other. - Page 2

gherkin12 · ‎06-06-2020

Good morning all

First post so please be gentle :)

I've been out of the Cisco game for several years now and have just setup a homelab to brush up on my skills (potential job change). Anyways to the problem.

My current setup is as follows:

Netgear C7500 (Cable Modem WiFi enabled) 192.168.0.1 --> 192.168.0.2 Cisco 2921 192.168.2.1--> Cisco 2811 --> Dell R710 192.168.2.3

The 2811 is effectively being used as a switch as currently I don't have any fibre connections for the fibre switch I have. So basically I have the 2921 setup so that the Dell can connect to the outside world - no problems whatsoever. The problem comes the other direction. I cannot ping from the 192.168.0.x to the other side of the 2921 (192.168.2.1). I don't believe there is anything I can do on the Netgear, so was wondering if there is anything I can do the Cisco side of things.

Current config is that I have NAT setup inside and outside on the g0/0 and g0/1 interfaces but if i turn NAT off the Netgear it appears to disable my WiFi and all my other devices drop off the .0.x network.

I know I could put the Cisco side on the same network range as the Netgear but was wanting something challenging t see if it could be done - although if it can't then I'll revert everything back.

TIA

gherkin12 · ‎06-08-2020

so removed the dhcp pool from 2921 along with the NAT entries. Should I now put the interfaces (f0/0/0-3) into a vlan?

paul driver · ‎06-09-2020

Hello

If you adding a subnet to that interface then you need to add nat and dhcp again but to the 2811.

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

gherkin12 · ‎06-09-2020

so basically what I had on the 2921 but on the f0/0 (connection coming in from the 2921) interface on the 2811

paul driver · ‎06-10-2020

Hello

@gherkin12 wrote:
so basically what I had on the 2921 but on the f0/0 (connection coming in from the 2921) interface on the 2811

Yes - correct.

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Richard Burts · ‎06-10-2020

Perhaps my understanding of the issue in the original post is somewhat different from that of my colleagues who have responded so far. There are important details that we do not know, but here is my understanding of the important details that we do know:

- the netgear provides access to Internet and uses 192.168.0.1 on its inside interface.

- the 2921 uses 192.168.0.2 on its outside Ethernet interface.

- the 2921 uses 192.168.2.1 on its inside Ethernet interface.

- the 2811 is acting like a switch (I hope that this means that ip routing has been disabled and the both of its ethernet interfaces are assigned to a bridge group)

- the dell uses IP 192.168.2.3 on its interface.

- nat is set up inside and outside (I assume this is on the 2921).

- "the Dell can connect to the outside world - no problems whatsoever". This is extremely important.

- outside can not ping to inside.

My understanding is that this is the expected behavior when implementing dynamic nat: inside can initiate traffic to outside but outside can not initiate traffic to inside. If it is important for outside to initiate traffic to inside then there needs to be a static nat for the dell address (or whatever other inside address may be involved).

If there is something where my understanding is not correct then please provide clarification.

HTH

Rick

gherkin12 · ‎06-10-2020

Good afternoon Richard.

That is correct and as you mention trying to connect from the outside (192.168.0.x) in (192,168.2.x) is the issue and due to the limitations on the Netgear I was hoping (perhaps optimistically - and thats no criticism of the help that I have currently received whatsoever) that I might have been able to configure the Cisco's to help in the matter.

I've attached a PT file showing the setup - caveat is that the cable modem and WRT300N are replicating the Netgear C7500 and also I can't get bridging to work on the 2921.

currently I'm at a state now where the dell is on a VLAN (192.168.2.1) and the 2811 has an IP of 192.168.0.3. I can ping 192.168.0.3 from the Dell (192.168.2.2) but can't go any further.

I've attached the 3 files - the packet tracer file showing the setup (I've had to put that in a zip file as it wouldn't let me attach it) along with the 2 current configs of the routers.

Richard Burts · ‎06-10-2020

Thanks for the update and for the clarification. I have several things to say. First I would say that some look at the issue initiating traffic from outside to inside and try to find some thing that is broken that can be changed so that it is fixed. Others look at the issue and say that is the expected behavior of dynamic nat. Probably it is your perspective that even if it is the expected behavior that you would like to find a way to fix it. And I believe that a static nat for the address used by the Dell would fix the issue.

Next I would say that I am not clear why the 2811 is being used. But it makes an interesting configuration exercise to try to implement it and if this is mostly a learning experience this this is a fine thing to do. I am not so clear about suggestions to do bridging on the 2921. If the Dell is going to use an IP in a subnet different from the netgear then it seems to me that the 2921 needs to be routing between its interfaces.

HTH

Rick

gherkin12 · ‎06-11-2020

@Richard Burts wrote:
Next I would say that I am not clear why the 2811 is being used. But it makes an interesting configuration exercise to try to implement it and if this is mostly a learning experience this this is a fine thing to do. I am not so clear about suggestions to do bridging on the 2921. If the Dell is going to use an IP in a subnet different from the netgear then it seems to me that the 2921 needs to be routing between its interfaces.

Yeah defo for exercise purposes. Certainly not in the work place as i appreciate that this is the wrong way to go about things, i would just get rid of the 2811 router and stick with the 2921.

@paul driver thanks again for the config, dhcp pool works fine and i've connected a wireless AP which pulls the ip addresses nicely. I still can't ping 192.168.0.2 or 0.1 from 192.168.2.2 (the Dell Server - i can ping 192.168.0.3 fa0/0 on the 2811)