Can't Ping ISP Router from Private Network

ringmasterjdp1983 · ‎02-22-2023

Hello,

I am in Lab and I have to build a network from ground up and connect to our "ISP". I am starting simple before I add another Router and Switches, and more PCs. I have a Cisco Router 4321, a PC, and our "ISP". The following is the commands I used:

enable
config t
no ip domain-lookup
ip nat inside source static 10.35.4.1 172.16.160.10
ip nat outside source static 172.16.160.1 172.16.160.1
ip route 0.0.0.0 0.0.0.0 g0/0/0
int g0/0/0

description connection to ISP
ip address 172.16.161.10 255.255.240.0
ip nat outside
no shut
exit
int g0/0/1

description connection to PC
ip address 10.35.4.1 255.255.255.128
ip nat inside
no shut
exit

pc 10.35.4.2 255.255.255.128 D.G.: 10.35.4.1 DNS: 8.8.8.8

I can ping all the interfaces and PC from the Router and from the PC I can ping all the interfaces. I, however, can not ping the ISP default gateway, 172.16.160.1.

I think I might have something messed up in my NAT translations but wanted your opinion.

Edit: Edited PC Default Gateway. Also I don't have access to ISP router. I just have a port to connect to for internet.

Thanks for any help.

David Ruess · ‎02-22-2023

Hello,

A few things:

Your DG of the PC looks wrong. Is that a typo? You have 10.35.5.1 when the PC is in the 10.35.4.X range.

Secondly, your outside NAT statement is the same address (ip nat outside source static 172.16.160.1 172.16.160.1) - should that be 172.16.160.10

Lastly, you have a default route on your router but does the ISP have a route back to your network to get to the PC?

-David

ringmasterjdp1983 · ‎02-22-2023

Sorry. PC was set at 10.35.5.2 I didn't update my notes. My apologies. I will try that suggestion for outside source static when I am in the lab next week. The only thing I have for the ISP is an Ethernet port. My instructor has it wired up to somewhere else but the port is my "ISP" so I don't have access to a router for it to set a route back unless I am supposed to put a second route on the Router. Thank you.

MHM Cisco World · ‎02-22-2023

Add another router

Here you must config static route in isp for return back traffic

ringmasterjdp1983 · ‎02-22-2023

So for our lab the ISP is just a port. Our instructor has it rigged somehow but we don't have access to the ISP router. He said one router should be fine for now just to get internet access.

MHM Cisco World · ‎02-22-2023

Your config need one of two

Either add static route in isp

Or

Add dynamic pat' here you use static and only one ip will NATing which is interface ip' what you need is

Ip nat inside source list 1 interface x overload

Ip access-list 1

Permit x.x.x.x <<- this must be you pc subnetl

ringmasterjdp1983 · ‎02-22-2023

Awesome thank you. We aren't doing ACL so is that part required as part of the Dynamic PAT? I appreciate your answer. Ill apply this next week when I am back in the lab.

MHM Cisco World · ‎02-22-2023

Yes you need acl of dynamic pat.

ringmasterjdp1983 · ‎02-22-2023

Awesome. Hopefully I reply next week around this time with some good news haha.

David Ruess · ‎02-22-2023

Make sure you understand the requirements of the lab. If you haven't learned ACLs but you need an ACL to configure the solution then double check.

You don't need NAT/PAT to establish connection. You can just have IPs on the interface with routes. I would check connectivity without NAT/PAT to see if it works that way. If you don't have connectivity it doesn't make sense to add more layers of complexity before basic configurations.

Unless of course you know the ISP is specifically routing to a NAt'd address.

Hope that helps