02-12-2020 03:19 PM
I mount this scenario before going to production.
The host A is connected to int G 0/0 of Router 1945 but cant ping to internet, from router can ping 8.8.8.8, ping host A, ping ISP modem connected to int G 0/1, so need some help to understand whats wrong (sorry for my english).
Thanks for help
RouterDigitel#sh config
Using 1302 out of 262136 bytes
!
! Last configuration change at 23:13:16 UTC Fri Feb 7 2020 by televen
!
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname RouterDigitel
!
boot-start-marker
boot-end-marker
!
! card type command needed for slot/vwic-slot 0/0
! card type command needed for slot/vwic-slot 0/1
!
no aaa new-model
!
no ipv6 cef
ip source-route
ip cef
!
!
!
!
ip domain name www.xxxx.com
multilink bundle-name authenticated
!
!
!
license udi pid CISCO1941/K9 sn
!
!
username xxxxx privilege 15 secret 5
!
!
!
!
!
!
interface GigabitEthernet0/0
description CONEXION DIGITEL
ip address 192.168.61.6 255.255.255.252
ip nat inside
ip virtual-reassembly
duplex full
speed 100
no mop enabled
!
interface GigabitEthernet0/1
description CONEXION DIGITEL
ip address 186.167.0.210 255.255.255.248
ip nat outside
ip virtual-reassembly
duplex full
speed 100
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 186.167.0.209
!
!
!
snmp-server community
!
control-plane
!
!
line con 0
login local
line aux 0
line vty 0 4
login local
transport input ssh
line vty 5 15
login local
transport input ssh
!
scheduler allocate 20000 1000
end
RouterDigitel#
RouterDigitel#
RouterDigitel#ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/28/32 ms
RouterDigitel#sh int
GigabitEthernet0/0 is up, line protocol is up
Hardware is CN Gigabit Ethernet, address is 4055.3998.30e0 (bia 4055.3998.30e0)
Description: CONEXION DIGITEL
Internet address is 192.168.61.6/30
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, media type is RJ45
output flow-control is unsupported, input flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:02, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 1000 bits/sec, 1 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
3837353 packets input, 356711010 bytes, 0 no buffer
Received 3678000 broadcasts, 0 runts, 0 giants, 0 throttles
6 input errors, 3 CRC, 2 frame, 0 overrun, 0 ignored
0 watchdog, 17263 multicast, 0 pause input
0 input packets with dribble condition detected
41312 packets output, 4418317 bytes, 0 underruns
0 output errors, 0 collisions, 2 interface resets
245586 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
2 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out
GigabitEthernet0/1 is up, line protocol is up
Hardware is CN Gigabit Ethernet, address is 4055.3998.30e1 (bia 4055.3998.30e1)
Description: CONEXION DIGITEL
Internet address is 186.167.0.210/29
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, media type is RJ45
output flow-control is unsupported, input flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:02, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 2
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 2000 bits/sec, 5 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
30617 packets input, 2229054 bytes, 0 no buffer
Received 29524 broadcasts, 0 runts, 0 giants, 0 throttles
2 input errors, 1 CRC, 1 frame, 0 overrun, 0 ignored
0 watchdog, 0 multicast, 0 pause input
0 input packets with dribble condition detected
10890 packets output, 1271196 bytes, 0 underruns
0 output errors, 0 collisions, 2 interface resets
0 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
3 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out
NVI0 is up, line protocol is up
Hardware is NVI
Interface is unnumbered. Using address of GigabitEthernet0/0 (192.168.61.6)
MTU 1514 bytes, BW 56 Kbit/sec, DLY 5000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation UNKNOWN, loopback not set
Keepalive set (10 sec)
Last input never, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
RouterDigitel#
RouterDigitel#
RouterDigitel#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is 186.167.0.209 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 186.167.0.209
186.167.0.0/16 is variably subnetted, 2 subnets, 2 masks
C 186.167.0.208/29 is directly connected, GigabitEthernet0/1
L 186.167.0.210/32 is directly connected, GigabitEthernet0/1
192.168.61.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.61.4/30 is directly connected, GigabitEthernet0/0
L 192.168.61.6/32 is directly connected, GigabitEthernet0/0
RouterDigitel#
Host A:
C:\Documents and Settings\sistemas>ipconfig
Configuración IP de Windows
Adaptador Ethernet Conexiones de red inalámbricas :
Estado de los medios. . . .: medios desconectados
Adaptador Ethernet Conexión de área local 3 :
Sufijo de conexión específica DNS :
Dirección IP. . . . . . . . . . . : 192.168.61.5
Máscara de subred . . . . . . . . : 255.255.255.0
Puerta de enlace predeterminada : 192.168.61.6
C:\Documents and Settings\sistemas>ping 186.167.0.209
Haciendo ping a 186.167.0.209 con 32 bytes de datos:
Tiempo de espera agotado para esta solicitud.
Estad¡sticas de ping para 186.167.0.209:
Paquetes: enviados = 1, recibidos = 0, perdidos = 1
(100% perdidos),
Control-C
^C
C:\Documents and Settings\sistemas>ping 192.168.61.5
Haciendo ping a 192.168.61.5 con 32 bytes de datos:
Respuesta desde 192.168.61.5: bytes=32 tiempo<1m TTL=128
Respuesta desde 192.168.61.5: bytes=32 tiempo<1m TTL=128
Estad¡sticas de ping para 192.168.61.5:
Paquetes: enviados = 2, recibidos = 2, perdidos = 0
(0% perdidos),
Tiempos aproximados de ida y vuelta en milisegundos:
M¡nimo = 0ms, M ximo = 0ms, Media = 0ms
Control-C
^C
C:\Documents and Settings\sistemas>ping 192.168.61.6
Haciendo ping a 192.168.61.6 con 32 bytes de datos:
Respuesta desde 192.168.61.6: bytes=32 tiempo<1m TTL=255
Respuesta desde 192.168.61.6: bytes=32 tiempo<1m TTL=255
Estad¡sticas de ping para 192.168.61.6:
Paquetes: enviados = 2, recibidos = 2, perdidos = 0
(0% perdidos),
Tiempos aproximados de ida y vuelta en milisegundos:
M¡nimo = 0ms, M ximo = 0ms, Media = 0ms
Control-C
^C
Solved! Go to Solution.
02-12-2020 07:20 PM
02-12-2020 07:20 PM
02-13-2020 07:46 AM
Thanks a lot Francesco,
I'll do after work hours.
To understand your lines:
"ip access-list extended NAT"
I thought that I could use NAT without access list because previous configuration dont has and think that if i dont limit any I could use ip nat inside only at the interface.
"permit ip 192.168.61.4 0.0.0.3 any"
What does mean 0.0.0.3 ?
ip nat inside source list NAT interface g0/1 overload
Concerning overload I'm confused because previous configuration dont had but I review this parameter and understand, can use nat without overload?
Well Thanks, I'll give comments after test,
Ricardo
02-13-2020 06:54 PM
02-17-2020 06:04 AM
Hi Francesco,
Works great. Thanks a lot.
But try to understand deeper, why previous configuration dont work (without use ACL):
!
interface GigabitEthernet0/0
description CONEXION DIGITEL
ip address 192.168.61.6 255.255.255.252
ip nat inside
ip virtual-reassembly
duplex full
speed 100
no mop enabled
!
interface GigabitEthernet0/1
description CONEXION DIGITEL
ip address 186.167.0.210 255.255.255.248
ip nat outside
ip virtual-reassembly
duplex full
speed 100
02-17-2020 04:16 PM
02-13-2020 07:54 AM
Hello,
on a side note, in addition to what Francesco wrote, your host A has a different subnet mask than the router. Usually that shouldn't be a problem, but it might render unpredictable results. You might want to change either mask to be the same as the other.
interface GigabitEthernet0/0
description CONEXION DIGITEL
ip address 192.168.61.6 255.255.255.252
Sufijo de conexión específica DNS :
Dirección IP. . . . . . . . . . . : 192.168.61.5
Máscara de subred . . . . . . . . : 255.255.255.0
Puerta de enlace predeterminada : 192.168.61.6
02-14-2020 12:47 AM
The issue is just because of the Private IP being used in the host network .
192.168.61.6/30
Try pinging the internet using source command with IP on the router facing the host it will not work.
use NAT overload as suggested.
If you want to understand the NAT try going thru the video in the link
https://www.youtube.com/watch?v=xkCgYaJXDSk
02-18-2020 12:19 AM
That question was impressive, we are just missing the NAT statement in the configuration.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide