Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
830
Views
0
Helpful
17
Replies

can`t access the internet

husseinismael
Level 1
Level 1

‎06-13-2022 04:48 AM

i am trying to dedicate some traffic to one ISP connection from 1 source IP (10.200.50.2/248)  and the ISP IP is 45.240.181.2.

I can ping from 10.200.50.2 to 45.240.181.2 but I can`t ping the ISP router 45.240.181.1?

here is the router configuration.

!
!
!
!
!
!
!
interface GigabitEthernet0/0
description connected interface to up-stream SW
mtu 1504
ip address 10.100.129.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip policy route-map CLIENT-ROUTER
duplex auto
speed auto
!
interface GigabitEthernet0/1
description connected interface to Tunnel SW
ip address 10.100.130.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/2/0
description connected to orange line
ip address 41.128.178.238 255.255.255.248
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/3/0
description "connected to ahly bank"
ip address 10.244.243.114 255.255.255.252
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/3/1
description connected to orange dedicated line
ip address 45.240.181.2 255.255.255.248
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
router rip
version 2
network 10.0.0.0
no auto-summary
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 41.128.178.233
ip route 10.200.50.0 255.255.255.248 45.240.181.1
ip http server
no ip http secure-server
!
!
ip nat inside source list 10 interface FastEthernet0/2/0 overload
ip nat inside source list 106 interface FastEthernet0/3/1 overload
!
access-list 10 permit 10.100.33.0 0.0.0.255
access-list 10 permit 10.100.129.0 0.0.0.255
access-list 105 permit ip 10.244.243.132 0.0.0.3 10.244.243.112 0.0.0.3
access-list 105 deny ip any any
access-list 106 permit ip 10.200.50.0 0.0.0.7 45.240.181.0 0.0.0.7
access-list 106 deny ip any any
!
!
!
!
route-map CLIENT-ROUTER permit 10
match ip address 105 106
set default interface FastEthernet0/3/0 FastEthernet0/3/1
!
!
!
control-plane
!
!
!
!
mgcp fax t38 ecm

Labels:
0 Helpful
17 Replies 17

balaji.bandi
Hall of Fame
Hall of Fame

‎06-13-2022 05:03 AM 

ip route 0.0.0.0 0.0.0.0 41.128.178.233

This should be next hop address not the interface IP config.

 

Look at the some example config for guidelines  :

https://community.cisco.com/t5/routing/dual-wan-for-inside-server-by-static-nat-and-pbr/td-p/1610915

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

husseinismael
Level 1
Level 1
In response to balaji.bandi

‎06-13-2022 05:09 AM

41 is another ISP connection, my problem is I cant route dedicated traffic from 10.200.50.2 to 45.240.181.1

0 Helpful

Georg Pauwen
VIP
VIP
In response to husseinismael

‎06-13-2022 05:45 AM

Hello,

 

I am not really clear on the logic of your policy routing. Which source/destination traffic needs to go to 45.240.181.1 (which is I suppose the next hop) ?

 

Either way, try the next-hop option on your route map:

 

route-map CLIENT-ROUTER permit 10
match ip address 105 106
set ip next-hop 45.240.181.1

0 Helpful

husseinismael
Level 1
Level 1
In response to Georg Pauwen

‎06-13-2022 06:25 AM

with the below configuration I can ping 45.240.181.1 from 10.200.50.2 but I cant access the internet 

 

!
!
!
!
!
!
interface GigabitEthernet0/0
description connected interface to up-stream SW
mtu 1504
ip address 10.100.129.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip policy route-map CLIENT-ROUTER
duplex auto
speed auto
!
interface GigabitEthernet0/1
description connected interface to Tunnel SW
ip address 10.100.130.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/2/0
description connected to orange line
ip address 41.128.178.238 255.255.255.248
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/3/0
description "connected to ahly bank"
ip address 10.244.243.114 255.255.255.252
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/3/1
description connected to orange dedicated line
ip address 45.240.181.2 255.255.255.248
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
router rip
version 2
network 10.0.0.0
no auto-summary
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 41.128.178.233
ip http server
no ip http secure-server
!
!
ip nat inside source list 10 interface FastEthernet0/2/0 overload
ip nat inside source list 106 interface FastEthernet0/3/1 overload
!
access-list 10 permit 10.100.33.0 0.0.0.255
access-list 10 permit 10.100.129.0 0.0.0.255
access-list 105 permit ip 10.244.243.132 0.0.0.3 10.244.243.112 0.0.0.3
access-list 105 deny ip any any
access-list 106 permit ip 10.200.50.0 0.0.0.7 45.240.181.0 0.0.0.7
access-list 106 deny ip any any
!
!
!
!
route-map CLIENT-ROUTER permit 10
match ip address 105
set default interface FastEthernet0/3/0
!

0 Helpful

MHM Cisco World
VIP
VIP

‎06-13-2022 05:54 AM

I think you want use some kind of pbr and reachability?

If that what looking for

Use pbr with verify availability feature.

0 Helpful

MHM Cisco World
VIP
VIP

‎06-13-2022 06:44 AM

You need 

NAT with route map

Remember internet use public ip so you need nat your private ip but

Since you have PBR then you need 

Nat with route map,

Route map use as condition if this traffic and if this outlet interface then use this nat otherwise use defualt.

0 Helpful

husseinismael
Level 1
Level 1
In response to MHM Cisco World

‎06-13-2022 06:52 AM

can you advice how to do that 

0 Helpful

husseinismael
Level 1
Level 1
In response to MHM Cisco World

‎06-13-2022 07:19 AM

not solved. the problem is the router is not translating the IP from private to public.

0 Helpful

MHM Cisco World
VIP
VIP
In response to husseinismael

‎06-13-2022 07:22 AM

can I see last config ?

0 Helpful

husseinismael
Level 1
Level 1
In response to MHM Cisco World

‎06-13-2022 07:36 AM

here it is. note that i need the hosts in this network 10.200.50.0/29 to use the internet network 45.240.181.1 as a dedicated.

 

 

!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0
description connected interface to up-stream SW
mtu 1504
ip address 10.100.129.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip policy route-map CLIENT-ROUTER
duplex auto
speed auto
!
interface GigabitEthernet0/1
description connected interface to Tunnel SW
ip address 10.100.130.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/2/0
description connected to orange line
ip address 41.128.178.238 255.255.255.248
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/3/0
description "connected to ahly bank"
ip address 10.244.243.114 255.255.255.252
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/3/1
description connected to orange dedicated line
ip address 45.240.181.2 255.255.255.248
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
router rip
version 2
network 10.0.0.0
no auto-summary
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 41.128.178.233
ip http server
no ip http secure-server
!
!
ip nat inside source list 10 interface FastEthernet0/2/0 overload
ip nat inside source list 106 interface FastEthernet0/3/1 overload
!
access-list 10 permit 10.100.33.0 0.0.0.255
access-list 10 permit 10.100.129.0 0.0.0.255
access-list 105 permit ip 10.244.243.132 0.0.0.3 10.244.243.112 0.0.0.3
access-list 105 deny ip any any
access-list 106 permit ip 10.200.50.0 0.0.0.7 45.240.181.0 0.0.0.7
access-list 106 deny ip any any
!
!
!
!
route-map CLIENT-ROUTER permit 10
match ip address 105
set default interface FastEthernet0/3/0
!
!

0 Helpful

MHM Cisco World
VIP
VIP
In response to husseinismael

‎06-13-2022 07:57 AM

10.200.50.0/29<- this subnet is direct connect ? where is the interface it connect to??
you need static route toward interface connect to this subnet

 

route-map CLIENT-ROUTER permit 10
match ip address 106
set interface FastEthernet0/3/0
!
route-map CLIENT-NAT permit 10
match ip address 106
match interface FastEthernet0/3/0

!

access-list 106 permit ip 10.200.50.0 0.0.0.7 any
access-list 106 deny ip any any

!

ip nat inside source list 10 interface FastEthernet0/2/0 overload
!
access-list 10 deny 10.200.50.0 0.0.0.7 any
access-list 10 permit 10.100.33.0 0.0.0.255
access-list 10 permit 10.100.129.0 0.0.0.255
!

ip nat inside source route-map CLIENT-NAT interface FastEthernet 0/3/0 overload


note:-
all traffic will flow through 0/2/0 expect 10.200.50.0
there is no failover from 0/2/0 to 0/3/0

0 Helpful

husseinismael
Level 1
Level 1
In response to MHM Cisco World

‎06-14-2022 02:26 AM

I did that and still can't access the internet however I can ping from 10.200.50.2 to 45.240.181.1 !

interface GigabitEthernet0/0
description connected interface to up-stream SW
mtu 1504
ip address 10.100.129.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip policy route-map CLIENT-ROUTER
duplex auto
speed auto
!
interface GigabitEthernet0/1
description connected interface to Tunnel SW
ip address 10.100.130.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/2/0
description connected to orange line
ip address 41.128.178.238 255.255.255.248
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/3/0
description "connected to ahly bank"
ip address 10.244.243.114 255.255.255.252
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/3/1
description connected to orange dedicated line
ip address 45.240.181.2 255.255.255.248
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
router rip
version 2
network 10.0.0.0
no auto-summary
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 41.128.178.233
ip http server
no ip http secure-server
!
!
ip nat inside source list 10 interface FastEthernet0/2/0 overload
ip nat inside source route-map CLIENT-NAT interface FastEthernet0/3/1 overload
!
access-list 105 permit ip 10.244.243.132 0.0.0.3 10.244.243.112 0.0.0.3
access-list 105 deny ip any any
access-list 106 permit ip 10.200.50.0 0.0.0.7 any
access-list 106 deny ip any any
!
!
!
!
route-map CLIENT-ROUTER permit 10
match ip address 105
set default interface FastEthernet0/3/0
!
route-map CLIENT-NAT permit 10
match ip address 106
match interface FastEthernet0/3/1
!
!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card