cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Join Customer Connection to register!
596
Views
0
Helpful
3
Replies
Highlighted
Beginner

Cannot Ping External IP

Can anybody help me for my configuration. I cannot Ping External IP,
I used a method of tftp for ip addresses because I can't save on my nvram method. 
The version of 16.03.09 fuji for ISR 4431 series.


Please check my config :

version 16.9
service timestamps debug datetime msec
service timestamps log datetime msec
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
!
hostname Router
!
boot-start-marker
boot system flash bootflash:isr4400-universalk9.16.09.03.SPA.bin
boot-end-marker
!
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
enable secret 5 $1$wjwO$jp7pAoGdo3Ta1cGsfj3Ts.
enable password xxx
!
no aaa new-model
!
!
!
!
!
!
!
ip name-server x.x.x.x x.x.x.1 8.8.8.8 192.168.3.1 x.x.x.5 x.x.x.5
ip dhcp excluded-address 192.168.3.1 192.168.3.100
ip dhcp excluded-address 192.168.3.150
ip dhcp excluded-address 192.168.3.249
!
ip dhcp pool Cisco
network 192.168.3.0 255.255.255.0
default-router 192.168.3.1
dns-server x.x.x.x x.x.x.1 8.8.8.8 192.168.3.1 x.x.x.5 x.x.x.5
lease infinite
!
!
!
login on-success log
!
!
!
!
!
!
!
subscriber templating
!
!
!
!

!
!
!
username x privilege 15 password 0 x
username admin privilege 15 password 0 x
!
redundancy
mode none
!
!
!
!
!
vlan internal allocation policy ascending
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0/0
ip address x.x.x.x 255.255.255.248
ip nat outside
negotiation auto
spanning-tree portfast
!
interface GigabitEthernet0/0/1
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0/0/2
ip address 192.168.3.1 255.255.255.0
ip nat inside
negotiation auto
spanning-tree portfast
!
interface GigabitEthernet0/0/3
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
ip address 10.10.10.1 255.0.0.0
negotiation auto
no mop enabled
!
interface Vlan1
no ip address
shutdown
!
!
!
ip nat inside source static tcp 192.168.3.5 8080 x.x.x.x 8080 extendable
ip nat inside source static tcp 192.168.3.5 8080 x.x.x.x 8080 extendable
ip nat inside source route-map track-primary-if interface GigabitEthernet0/0/0 overload
ip nat inside source list 197 interface GigabitEthernet0/0/0 overload
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip tftp source-interface GigabitEthernet0
ip dns server
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0
!
!
access-list 197 permit ip 192.168.3.0 0.0.0.255 any
access-list 197 permit ip any any
!
!
route-map track-primary-if permit 1
match ip address 197
match interface GigabitEthernet0/0/0
set interface GigabitEthernet0/0/0
!
!
!
control-plane
!
!
line con 0
transport input none
stopbits 1
line aux 0
stopbits 1
line vty 0 4
password xxx
login local
length 0
transport input ssh
!
!
!
!
!
!
end

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
VIP Expert

Hello,

 

from where to wher are you trying to ping (what is the source and destination) ?

 

Try the simplified configuration below (changes marked in bold):

 

version 16.9
service timestamps debug datetime msec
service timestamps log datetime msec
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
!
hostname Router
!
boot-start-marker
boot system flash bootflash:isr4400-universalk9.16.09.03.SPA.bin
boot-end-marker
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
enable secret 5 $1$wjwO$jp7pAoGdo3Ta1cGsfj3Ts.
enable password xxx
!
no aaa new-model
!
ip name-server x.x.x.x x.x.x.1 8.8.8.8 192.168.3.1 x.x.x.5 x.x.x.5
ip dhcp excluded-address 192.168.3.1 192.168.3.100
ip dhcp excluded-address 192.168.3.150
ip dhcp excluded-address 192.168.3.249
!
ip dhcp pool Cisco
network 192.168.3.0 255.255.255.0
default-router 192.168.3.1
dns-server x.x.x.x x.x.x.1 8.8.8.8 192.168.3.1 x.x.x.5 x.x.x.5
lease infinite
!
login on-success log
!
subscriber templating
!
username x privilege 15 password 0 x
username admin privilege 15 password 0 x
!
redundancy
mode none
!
vlan internal allocation policy ascending
!
interface GigabitEthernet0/0/0
ip address x.x.x.x 255.255.255.248
ip nat outside
negotiation auto
spanning-tree portfast
!
interface GigabitEthernet0/0/1
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0/0/2
ip address 192.168.3.1 255.255.255.0
ip nat inside
negotiation auto
spanning-tree portfast
!
interface GigabitEthernet0/0/3
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
ip address 10.10.10.1 255.0.0.0
negotiation auto
no mop enabled
!
interface Vlan1
no ip address
shutdown
!
ip nat inside source static tcp 192.168.3.5 8080 x.x.x.x 8080 extendable
ip nat inside source static tcp 192.168.3.5 8080 x.x.x.x 8080 extendable
--> no ip nat inside source route-map track-primary-if interface GigabitEthernet0/0/0 overload
ip nat inside source list 1 interface GigabitEthernet0/0/0 overload
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip tftp source-interface GigabitEthernet0
ip dns server
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0
!
access-list 1 permit 192.168.3.0
!
--> no route-map track-primary-if permit 1
match ip address 197
match interface GigabitEthernet0/0/0
set interface GigabitEthernet0/0/0
!
control-plane
!
line con 0
transport input none
stopbits 1
line aux 0
stopbits 1
line vty 0 4
password xxx
login local
length 0
transport input ssh
!
end

View solution in original post

3 REPLIES 3
Highlighted
Beginner

Hi,

 

Could you please share the output of the show ip nat translation command ?

 

 

Highlighted
VIP Expert

Hello,

 

from where to wher are you trying to ping (what is the source and destination) ?

 

Try the simplified configuration below (changes marked in bold):

 

version 16.9
service timestamps debug datetime msec
service timestamps log datetime msec
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
!
hostname Router
!
boot-start-marker
boot system flash bootflash:isr4400-universalk9.16.09.03.SPA.bin
boot-end-marker
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
enable secret 5 $1$wjwO$jp7pAoGdo3Ta1cGsfj3Ts.
enable password xxx
!
no aaa new-model
!
ip name-server x.x.x.x x.x.x.1 8.8.8.8 192.168.3.1 x.x.x.5 x.x.x.5
ip dhcp excluded-address 192.168.3.1 192.168.3.100
ip dhcp excluded-address 192.168.3.150
ip dhcp excluded-address 192.168.3.249
!
ip dhcp pool Cisco
network 192.168.3.0 255.255.255.0
default-router 192.168.3.1
dns-server x.x.x.x x.x.x.1 8.8.8.8 192.168.3.1 x.x.x.5 x.x.x.5
lease infinite
!
login on-success log
!
subscriber templating
!
username x privilege 15 password 0 x
username admin privilege 15 password 0 x
!
redundancy
mode none
!
vlan internal allocation policy ascending
!
interface GigabitEthernet0/0/0
ip address x.x.x.x 255.255.255.248
ip nat outside
negotiation auto
spanning-tree portfast
!
interface GigabitEthernet0/0/1
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0/0/2
ip address 192.168.3.1 255.255.255.0
ip nat inside
negotiation auto
spanning-tree portfast
!
interface GigabitEthernet0/0/3
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
ip address 10.10.10.1 255.0.0.0
negotiation auto
no mop enabled
!
interface Vlan1
no ip address
shutdown
!
ip nat inside source static tcp 192.168.3.5 8080 x.x.x.x 8080 extendable
ip nat inside source static tcp 192.168.3.5 8080 x.x.x.x 8080 extendable
--> no ip nat inside source route-map track-primary-if interface GigabitEthernet0/0/0 overload
ip nat inside source list 1 interface GigabitEthernet0/0/0 overload
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip tftp source-interface GigabitEthernet0
ip dns server
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0
!
access-list 1 permit 192.168.3.0
!
--> no route-map track-primary-if permit 1
match ip address 197
match interface GigabitEthernet0/0/0
set interface GigabitEthernet0/0/0
!
control-plane
!
line con 0
transport input none
stopbits 1
line aux 0
stopbits 1
line vty 0 4
password xxx
login local
length 0
transport input ssh
!
end

View solution in original post

Highlighted


@Georg Pauwen wrote:

Hello,

 

from where to wher are you trying to ping (what is the source and destination) ?

 

Try the simplified configuration below (changes marked in bold):

 

version 16.9
service timestamps debug datetime msec
service timestamps log datetime msec
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
!
hostname Router
!
boot-start-marker
boot system flash bootflash:isr4400-universalk9.16.09.03.SPA.bin
boot-end-marker
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
enable secret 5 $1$wjwO$jp7pAoGdo3Ta1cGsfj3Ts.
enable password xxx
!
no aaa new-model
!
ip name-server x.x.x.x x.x.x.1 8.8.8.8 192.168.3.1 x.x.x.5 x.x.x.5
ip dhcp excluded-address 192.168.3.1 192.168.3.100
ip dhcp excluded-address 192.168.3.150
ip dhcp excluded-address 192.168.3.249
!
ip dhcp pool Cisco
network 192.168.3.0 255.255.255.0
default-router 192.168.3.1
dns-server x.x.x.x x.x.x.1 8.8.8.8 192.168.3.1 x.x.x.5 x.x.x.5
lease infinite
!
login on-success log
!
subscriber templating
!
username x privilege 15 password 0 x
username admin privilege 15 password 0 x
!
redundancy
mode none
!
vlan internal allocation policy ascending
!
interface GigabitEthernet0/0/0
ip address x.x.x.x 255.255.255.248
ip nat outside
negotiation auto
spanning-tree portfast
!
interface GigabitEthernet0/0/1
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0/0/2
ip address 192.168.3.1 255.255.255.0
ip nat inside
negotiation auto
spanning-tree portfast
!
interface GigabitEthernet0/0/3
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
ip address 10.10.10.1 255.0.0.0
negotiation auto
no mop enabled
!
interface Vlan1
no ip address
shutdown
!
ip nat inside source static tcp 192.168.3.5 8080 x.x.x.x 8080 extendable
ip nat inside source static tcp 192.168.3.5 8080 x.x.x.x 8080 extendable
--> no ip nat inside source route-map track-primary-if interface GigabitEthernet0/0/0 overload
ip nat inside source list 1 interface GigabitEthernet0/0/0 overload
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip tftp source-interface GigabitEthernet0
ip dns server
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0
!
access-list 1 permit 192.168.3.0
!
--> no route-map track-primary-if permit 1
match ip address 197
match interface GigabitEthernet0/0/0
set interface GigabitEthernet0/0/0
!
control-plane
!
line con 0
transport input none
stopbits 1
line aux 0
stopbits 1
line vty 0 4
password xxx
login local
length 0
transport input ssh
!
end