Solved: Can't ping the WAN interface when NAT and DHCP are both cofigured

YacineBEKHECHI91 · ‎12-03-2018

Hello,

My topology :

My configuration :

R1 :

BOX1#sh run
Building configuration...

Current configuration : 2022 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname BOX1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
no ip dhcp use vrf connected
!
ip dhcp pool BOX
network 192.168.0.0 255.255.255.0
default-router 192.168.0.20
!
!
no ip domain lookup
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
!
interface FastEthernet0/0
ip address 223.0.1.2 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface Serial0/0
no ip address
shutdown
clock rate 2000000
!
interface FastEthernet0/1
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface Serial0/1
no ip address
shutdown
clock rate 2000000
!
interface FastEthernet1/0
!
interface FastEthernet1/1
!
interface FastEthernet1/2
!
interface FastEthernet1/3
!
interface FastEthernet1/4
!
interface FastEthernet1/5
!
interface FastEthernet1/6
!
interface FastEthernet1/7
!
interface FastEthernet1/8
!
interface FastEthernet1/9
!
interface FastEthernet1/10
!
interface FastEthernet1/11
!
interface FastEthernet1/12
!
interface FastEthernet1/13
!
interface FastEthernet1/14
!
interface FastEthernet1/15
!
interface Vlan1
no ip address
!
router ospf 1
log-adjacency-changes
network 223.0.1.0 0.0.0.255 area 0
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 dhcp
!
!
no ip http server
no ip http secure-server
ip nat inside source list BOX1 interface FastEthernet0/0 overload
ip nat inside source static tcp 192.168.0.2 80 223.0.1.2 80 extendable
!
ip access-list standard BOX1
permit 192.168.0.0 0.0.0.255
!
no cdp log mismatch duplex
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
!
end

-----------------------------------------------

R2 :

BOX2#sh run
Building configuration...

Current configuration : 1951 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname BOX2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
no ip dhcp use vrf connected
!
ip dhcp pool BOX
network 192.168.0.0 255.255.255.0
default-router 192.168.0.25
!
!
no ip domain lookup
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
!
interface FastEthernet0/0
ip address 223.0.0.2 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface Serial0/0
no ip address
shutdown
clock rate 2000000
!
interface FastEthernet0/1
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface Serial0/1
no ip address
shutdown
clock rate 2000000
!
interface FastEthernet1/0
!
interface FastEthernet1/1
!
interface FastEthernet1/2
!
interface FastEthernet1/3
!
interface FastEthernet1/4
!
interface FastEthernet1/5
!
interface FastEthernet1/6
!
interface FastEthernet1/7
!
interface FastEthernet1/8
!
interface FastEthernet1/9
!
interface FastEthernet1/10
!
interface FastEthernet1/11
!
interface FastEthernet1/12
!
interface FastEthernet1/13
!
interface FastEthernet1/14
!
interface FastEthernet1/15
!
interface Vlan1
no ip address
!
router ospf 1
log-adjacency-changes
network 223.0.0.0 0.0.0.255 area 0
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 dhcp
!
!
no ip http server
no ip http secure-server
ip nat inside source list BOX2 interface FastEthernet0/0 overload
!
ip access-list standard BOX2
permit 192.168.0.0 0.0.0.255
!
no cdp log mismatch duplex
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
!
end

----------------------------------------------------

R3 :

BORDER_ROUTER#sh run
Building configuration...

Current configuration : 1643 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname BORDER_ROUTER
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
!
interface FastEthernet0/0
ip address 223.0.1.1 255.255.255.0
duplex auto
speed auto
!
interface Serial0/0
no ip address
shutdown
clock rate 2000000
!
interface FastEthernet0/1
ip address 223.0.0.1 255.255.255.0
duplex auto
speed auto
!
interface Serial0/1
no ip address
shutdown
clock rate 2000000
!
interface FastEthernet1/0
!
interface FastEthernet1/1
!
interface FastEthernet1/2
!
interface FastEthernet1/3
!
interface FastEthernet1/4
!
interface FastEthernet1/5
!
interface FastEthernet1/6
!
interface FastEthernet1/7
!
interface FastEthernet1/8
!
interface FastEthernet1/9
!
interface FastEthernet1/10
!
interface FastEthernet1/11
!
interface FastEthernet1/12
!
interface FastEthernet1/13
!
interface FastEthernet1/14
!
interface FastEthernet1/15
!
interface Vlan1
no ip address
!
router ospf 1
log-adjacency-changes
network 223.0.0.0 0.0.0.255 area 0
network 223.0.1.0 0.0.0.255 area 0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
no cdp log mismatch duplex
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
!
end

-------------------------------------------------

WEBTERM config auto eth0TOOLBOX config au eth0

I use the OSPF for routing and all ping between the routers is succed.

Thank's for help :)

YacineBEKHECHI91 · ‎12-03-2018

@Georg Pauwen wrote:
Hello,

what are you trying to accomplish ? On both R1 and R2, you need to make sure that at the very least the DHCP clients get the correct default router. It needs to look like below:

R1

ip dhcp excluded-address 192.168.0.1
!
ip dhcp pool BOX
network 192.168.0.0 255.255.255.0
default-router 192.168.0.1
!
interface FastEthernet0/1
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto

R2

ip dhcp excluded-address 192.168.0.25
!
ip dhcp pool BOX
network 192.168.0.0 255.255.255.0
default-router 192.168.0.25
!
interface FastEthernet0/1
ip address 192.168.0.25 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto

Hi :)

thank you for the reply.

So, on my configuration I must just add the line command : ip dhcp excluded-adress for router 1 and 2

the objectif is to have an access on the WEBSERVER (toolbox) from Client (WEBTERM)

View solution in original post

Georg Pauwen · ‎12-03-2018

Hello,

what are you trying to accomplish ? On both R1 and R2, you need to make sure that at the very least the DHCP clients get the correct default router. It needs to look like below:

R1

ip dhcp excluded-address 192.168.0.1
!
ip dhcp pool BOX
network 192.168.0.0 255.255.255.0
default-router 192.168.0.1
!
interface FastEthernet0/1
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto

R2

ip dhcp excluded-address 192.168.0.25
!
ip dhcp pool BOX
network 192.168.0.0 255.255.255.0
default-router 192.168.0.25
!
interface FastEthernet0/1
ip address 192.168.0.25 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto

YacineBEKHECHI91 · ‎12-03-2018

Hi :)

thank you for the reply.

So, on my configuration I must just add the line command : ip dhcp excluded-adress for router 1 and 2

the objectif is to have an access on the WEBSERVER (toolbox) from Client (WEBTERM)

Georg Pauwen · ‎12-03-2018

Hello,

in addition to excluding the addresses from the pools, you also need to make sure that the default routers assigned match the actual IP addresses of the interfaces. So basically, the IP addresses marked in bold need to be the same:

R1

ip dhcp excluded-address 192.168.0.1
!
ip dhcp pool BOX
network 192.168.0.0 255.255.255.0
default-router 192.168.0.1
!
interface FastEthernet0/1
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto

R2

ip dhcp excluded-address 192.168.0.25
!
ip dhcp pool BOX
network 192.168.0.0 255.255.255.0
default-router 192.168.0.25
!
interface FastEthernet0/1
ip address 192.168.0.25 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto

YacineBEKHECHI91 · ‎12-03-2018

@Georg Pauwen wrote:
Hello,

what are you trying to accomplish ? On both R1 and R2, you need to make sure that at the very least the DHCP clients get the correct default router. It needs to look like below:

R1

ip dhcp excluded-address 192.168.0.1
!
ip dhcp pool BOX
network 192.168.0.0 255.255.255.0
default-router 192.168.0.1
!
interface FastEthernet0/1
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto

R2

ip dhcp excluded-address 192.168.0.25
!
ip dhcp pool BOX
network 192.168.0.0 255.255.255.0
default-router 192.168.0.25
!
interface FastEthernet0/1
ip address 192.168.0.25 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto

Hi :)

thank you for the reply.

So, on my configuration I must just add the line command : ip dhcp excluded-adress for router 1 and 2

the objectif is to have an access on the WEBSERVER (toolbox) from Client (WEBTERM)

YacineBEKHECHI91 · ‎12-03-2018

unfortunetly it's didn't work for my :(

YacineBEKHECHI91 · ‎12-03-2018

@Georg Pauwen thank you very much, it's worked ! another thank's to you my friend and if you come in Algeria don't forget to contact me hahaa :)

Thank's a lot !