cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
788
Views
0
Helpful
7
Replies

Cannot ping internal network from PC, but can from router.

DavidGIP
Level 1
Level 1

Hello!

I am trying to get a router set up (cisco 2821). I will include the config below. What i happening is that I want to be able to ping our internal equipment from the PC connected on the network. I can get out to the internet from said PC, but cannot ping any of our internal equipment. I am certain I am missing something simple, but i've been stuck on this for a bit now. 

(Also just to be sure, I set up a basic Netgear router with the same WAN IP and was able to get out to the internet and access all internet equipment)

 

lock timezone EDT -5 0
clock summer-time EDT recurring
!
dot11 syslog
ip source-route
!
!
ip cef
no ip dhcp conflict logging
ip dhcp excluded-address 192.168.1.1 192.168.1.50
!
ip dhcp pool LAN
network 192.168.1.0 255.255.255.0
domain-name headnet
dns-server 8.8.8.8 8.8.4.4
default-router 192.168.1.1
lease 2
!
!
!
ip domain name network.com
!
multilink bundle-name authenticated
!
!
crypto pki token default removal timeout 0
!
!
!
!
license udi pid CISCO2821 sn FTX0913C1SR
!
redundancy
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/0.2
description MGMT
encapsulation dot1Q 2
ip address 10.1.1.87 255.255.255.0
!
interface GigabitEthernet0/0.11
description WAN
encapsulation dot1Q 11
ip address xxx.xxx.xxx.xxx 255.255.255.240
no ip redirects
ip nat outside
ip nat enable
ip virtual-reassembly in
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/1.600
description LAN
encapsulation dot1Q 600
ip address 192.168.1.1 255.255.255.0
no ip redirects
ip nat inside
ip nat enable
ip virtual-reassembly in
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat pool LAN xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx netmask 255.255.255.240
ip nat inside source list 1 interface GigabitEthernet0/0.11 overload
ip route 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx
ip route 10.1.200.0 255.255.255.0 10.1.1.1
!
access-list 1 permit 192.168.1.0 0.0.0.255
!
!
!
!
!
!
!
control-plane
!
!
banner motd ^CC

******************** W A R N I N G *************************
AUTHORIZED ACCESS ONLY
UNAUTHORIZED ACCESS, MISUSE OR SOLICITATION OF THIS SYSTEM,
AND/OR MODIFICATION TO ITS DATA IS STRICTLY PROHIBITED.
You must have explicit permission to access this
device. All activities performed on this device are
logged and violations of this policy will result in
disciplinary or criminal action.
******************** W A R N I N G *************************

^C
!
line con 0
line aux 0
line vty 0 4
exec-timeout 0 0
logging synchronous
transport input all
line vty 5 15
exec-timeout 0 0
logging synchronous
transport input all

7 Replies 7

@DavidGIP 

 In which interface your internal equipment is connected? 

If you run a tracerouter from the PC, where the traceroute stop?

traceroute stops right after 1921.168.1.1

@DavidGIP 

  Sounds to me that route is missing on the destination. If your "internal equipment" is connected to a Layer3 devices, you need to tell that Layer3 devices how to reply to 192.168.1.0 255.255.255.0 (considering your hosts is connected in this network)

 

Hello @DavidGIP ,

what do you mean by "internal equipment"? Are they hosts on network 192.168.1.0/24 (Vlan 600) or are they host on network 10.1.200.0 accessible through interface GigabitEthernet 0/0.2 (Vlan 2)?

Regards, LG
*** Please Rate All Helpful Responses ***

They are on network 10.1.1.1 and 10.1.200.1 through GigabitEthernet 0/0.2. By internal equipment, I mean our core equipment. 

Hello
If you want to access an internal host from the internet via a NAT then it would be applicable  to set a static 121 nat/pat statement, as at present you are just overloading

Also suggest you remove the NVI Nat off your interfaces as they are not being utilized and provide a more definitive non recursive default route

Example:
ip nat inside source static <inside host><outside host>
or
ip nat source static tcp<inside host> <port> <outside host><port>


no ip route 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx

ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0.11 xxx.xxx.xxx.xxx

int x/x
no ip nat enable


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

your config is correct except you need to remove "" ip nat enable"" from both interface 
MHM