cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
720
Views
15
Helpful
8
Replies

can ping internet from Router1945K but can not ping from host connected to G0/0

rsardinha
Level 1
Level 1

I mount this scenario before going to production.

The host A is connected to int G 0/0 of Router 1945 but cant ping to internet, from router can ping 8.8.8.8, ping host A, ping ISP modem connected to int G 0/1, so need some help to understand whats wrong (sorry for my english).

Thanks for help

 

RouterDigitel#sh config
Using 1302 out of 262136 bytes
!
! Last configuration change at 23:13:16 UTC Fri Feb 7 2020 by televen
!
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname RouterDigitel
!
boot-start-marker
boot-end-marker
!
! card type command needed for slot/vwic-slot 0/0
! card type command needed for slot/vwic-slot 0/1
!
no aaa new-model
!
no ipv6 cef
ip source-route
ip cef
!
!
!
!
ip domain name www.xxxx.com
multilink bundle-name authenticated
!
!
!
license udi pid CISCO1941/K9 sn
!
!
username xxxxx privilege 15 secret 5 
!
!
!
!
!
!
interface GigabitEthernet0/0
description CONEXION DIGITEL
ip address 192.168.61.6 255.255.255.252
ip nat inside
ip virtual-reassembly
duplex full
speed 100
no mop enabled
!
interface GigabitEthernet0/1
description CONEXION DIGITEL
ip address 186.167.0.210 255.255.255.248
ip nat outside
ip virtual-reassembly
duplex full
speed 100
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 186.167.0.209
!
!
!
snmp-server community
!
control-plane
!
!
line con 0
login local
line aux 0
line vty 0 4
login local
transport input ssh
line vty 5 15
login local
transport input ssh
!
scheduler allocate 20000 1000
end

RouterDigitel#
RouterDigitel#
RouterDigitel#ping 8.8.8.8

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/28/32 ms

 

RouterDigitel#sh int
GigabitEthernet0/0 is up, line protocol is up
Hardware is CN Gigabit Ethernet, address is 4055.3998.30e0 (bia 4055.3998.30e0)
Description: CONEXION DIGITEL
Internet address is 192.168.61.6/30
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, media type is RJ45
output flow-control is unsupported, input flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:02, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 1000 bits/sec, 1 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
3837353 packets input, 356711010 bytes, 0 no buffer
Received 3678000 broadcasts, 0 runts, 0 giants, 0 throttles
6 input errors, 3 CRC, 2 frame, 0 overrun, 0 ignored
0 watchdog, 17263 multicast, 0 pause input
0 input packets with dribble condition detected
41312 packets output, 4418317 bytes, 0 underruns
0 output errors, 0 collisions, 2 interface resets
245586 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
2 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out
GigabitEthernet0/1 is up, line protocol is up
Hardware is CN Gigabit Ethernet, address is 4055.3998.30e1 (bia 4055.3998.30e1)
Description: CONEXION DIGITEL
Internet address is 186.167.0.210/29
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, media type is RJ45
output flow-control is unsupported, input flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:02, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 2
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 2000 bits/sec, 5 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
30617 packets input, 2229054 bytes, 0 no buffer
Received 29524 broadcasts, 0 runts, 0 giants, 0 throttles
2 input errors, 1 CRC, 1 frame, 0 overrun, 0 ignored
0 watchdog, 0 multicast, 0 pause input
0 input packets with dribble condition detected
10890 packets output, 1271196 bytes, 0 underruns
0 output errors, 0 collisions, 2 interface resets
0 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
3 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out
NVI0 is up, line protocol is up
Hardware is NVI
Interface is unnumbered. Using address of GigabitEthernet0/0 (192.168.61.6)
MTU 1514 bytes, BW 56 Kbit/sec, DLY 5000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation UNKNOWN, loopback not set
Keepalive set (10 sec)
Last input never, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
RouterDigitel#
RouterDigitel#
RouterDigitel#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route

Gateway of last resort is 186.167.0.209 to network 0.0.0.0

S* 0.0.0.0/0 [1/0] via 186.167.0.209
186.167.0.0/16 is variably subnetted, 2 subnets, 2 masks
C 186.167.0.208/29 is directly connected, GigabitEthernet0/1
L 186.167.0.210/32 is directly connected, GigabitEthernet0/1
192.168.61.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.61.4/30 is directly connected, GigabitEthernet0/0
L 192.168.61.6/32 is directly connected, GigabitEthernet0/0
RouterDigitel#

 

Host A:

C:\Documents and Settings\sistemas>ipconfig

Configuración IP de Windows


Adaptador Ethernet Conexiones de red inalámbricas :

Estado de los medios. . . .: medios desconectados

Adaptador Ethernet Conexión de área local 3 :

Sufijo de conexión específica DNS :
Dirección IP. . . . . . . . . . . : 192.168.61.5
Máscara de subred . . . . . . . . : 255.255.255.0
Puerta de enlace predeterminada : 192.168.61.6

C:\Documents and Settings\sistemas>ping 186.167.0.209

Haciendo ping a 186.167.0.209 con 32 bytes de datos:

Tiempo de espera agotado para esta solicitud.

Estad¡sticas de ping para 186.167.0.209:
Paquetes: enviados = 1, recibidos = 0, perdidos = 1
(100% perdidos),
Control-C
^C
C:\Documents and Settings\sistemas>ping 192.168.61.5

Haciendo ping a 192.168.61.5 con 32 bytes de datos:

Respuesta desde 192.168.61.5: bytes=32 tiempo<1m TTL=128
Respuesta desde 192.168.61.5: bytes=32 tiempo<1m TTL=128

Estad¡sticas de ping para 192.168.61.5:
Paquetes: enviados = 2, recibidos = 2, perdidos = 0
(0% perdidos),
Tiempos aproximados de ida y vuelta en milisegundos:
M¡nimo = 0ms, M ximo = 0ms, Media = 0ms
Control-C
^C
C:\Documents and Settings\sistemas>ping 192.168.61.6

Haciendo ping a 192.168.61.6 con 32 bytes de datos:

Respuesta desde 192.168.61.6: bytes=32 tiempo<1m TTL=255
Respuesta desde 192.168.61.6: bytes=32 tiempo<1m TTL=255

Estad¡sticas de ping para 192.168.61.6:
Paquetes: enviados = 2, recibidos = 2, perdidos = 0
(0% perdidos),
Tiempos aproximados de ida y vuelta en milisegundos:
M¡nimo = 0ms, M ximo = 0ms, Media = 0ms
Control-C
^C

1 Accepted Solution

Accepted Solutions

Francesco Molino
VIP Alumni
VIP Alumni
Hi

You're missing the nat statement and acl going with it.

Add this config:
ip access-list extended NAT
permit ip 192.168.61.4 0.0.0.3 any
ip nat inside source list NAT interface g0/1 overload

Then you'll be able to ping internet from your g0/0 and the host sitting in the same subnet.
If you have other subnets behind this g0/0, add them to the acl and you'll be good to go

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

8 Replies 8

Francesco Molino
VIP Alumni
VIP Alumni
Hi

You're missing the nat statement and acl going with it.

Add this config:
ip access-list extended NAT
permit ip 192.168.61.4 0.0.0.3 any
ip nat inside source list NAT interface g0/1 overload

Then you'll be able to ping internet from your g0/0 and the host sitting in the same subnet.
If you have other subnets behind this g0/0, add them to the acl and you'll be good to go

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Thanks a lot Francesco,

 

I'll do after work hours.

To understand your lines:

"ip access-list extended NAT"

I thought that I could use NAT without access list because previous configuration dont has and think that if i dont limit any I could use  ip nat inside  only at the interface.

 

"permit ip 192.168.61.4 0.0.0.3 any" 

What does mean 0.0.0.3 ?


ip nat inside source list NAT interface g0/1 overload

Concerning overload I'm confused because previous configuration dont had but I review this parameter and understand, can use nat without overload?

 

Well Thanks,  I'll give comments after test,

Ricardo 

You have either nat based on acl or static nat.
Can you share the previous config to see what kind of nat you had?

0.0.0.3 is the wildcard mask corresponding to your mask 255.255.255.252.

Good catch from @georg. I answered by looking at your config but didn't look precisely at your host output.
You need to change your router interface mask to 255.255.255.0
Also in the acl the wildcard mask will change from 0.0.0.3 to 0.0.0.255

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Hi Francesco,

 

Works great. Thanks a lot.

But try to understand deeper, why previous configuration dont work (without use ACL):

!
interface GigabitEthernet0/0
description CONEXION DIGITEL
ip address 192.168.61.6 255.255.255.252
ip nat inside
ip virtual-reassembly
duplex full
speed 100
no mop enabled
!
interface GigabitEthernet0/1
description CONEXION DIGITEL
ip address 186.167.0.210 255.255.255.248
ip nat outside
ip virtual-reassembly
duplex full
speed 100

It wasn't working because you didn't have any nat statement. You applied nat zone info on interfaces but no nat statement which can be based on an acl or a static nat 1:1

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Hello,

 

on a side note, in addition to what Francesco wrote, your host A has a different subnet mask than the router. Usually that shouldn't be a problem, but it might render unpredictable results. You might want to change either mask to be the same as the other.

 

interface GigabitEthernet0/0
description CONEXION DIGITEL
ip address 192.168.61.6 255.255.255.252

 

Sufijo de conexión específica DNS :
Dirección IP. . . . . . . . . . . : 192.168.61.5
Máscara de subred . . . . . . . . : 255.255.255.0
Puerta de enlace predeterminada : 192.168.61.6

The issue is just because of the Private IP being used in the host network .

 

 192.168.61.6/30

 

Try pinging the internet using source command with IP on the router facing the host it will not work. 

 

use NAT overload as suggested. 

If you want to understand the NAT try going thru the video in the link  

https://www.youtube.com/watch?v=xkCgYaJXDSk

 

Please do not hesitate to click the STAR button if you are satisfied with my answer.

That question was impressive, we are just missing the NAT statement in the configuration.

Please do not hesitate to click the STAR button if you are satisfied with my answer.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: