Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
882
Views
0
Helpful
7
Replies

Cannot ping internal network from PC, but can from router.

DavidGIP
Level 1
Level 1

‎01-14-2025 01:01 PM

Hello!

I am trying to get a router set up (cisco 2821). I will include the config below. What i happening is that I want to be able to ping our internal equipment from the PC connected on the network. I can get out to the internet from said PC, but cannot ping any of our internal equipment. I am certain I am missing something simple, but i've been stuck on this for a bit now. 

(Also just to be sure, I set up a basic Netgear router with the same WAN IP and was able to get out to the internet and access all internet equipment)

 

lock timezone EDT -5 0
clock summer-time EDT recurring
!
dot11 syslog
ip source-route
!
!
ip cef
no ip dhcp conflict logging
ip dhcp excluded-address 192.168.1.1 192.168.1.50
!
ip dhcp pool LAN
network 192.168.1.0 255.255.255.0
domain-name headnet
dns-server 8.8.8.8 8.8.4.4
default-router 192.168.1.1
lease 2
!
!
!
ip domain name network.com
!
multilink bundle-name authenticated
!
!
crypto pki token default removal timeout 0
!
!
!
!
license udi pid CISCO2821 sn FTX0913C1SR
!
redundancy
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/0.2
description MGMT
encapsulation dot1Q 2
ip address 10.1.1.87 255.255.255.0
!
interface GigabitEthernet0/0.11
description WAN
encapsulation dot1Q 11
ip address xxx.xxx.xxx.xxx 255.255.255.240
no ip redirects
ip nat outside
ip nat enable
ip virtual-reassembly in
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/1.600
description LAN
encapsulation dot1Q 600
ip address 192.168.1.1 255.255.255.0
no ip redirects
ip nat inside
ip nat enable
ip virtual-reassembly in
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat pool LAN xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx netmask 255.255.255.240
ip nat inside source list 1 interface GigabitEthernet0/0.11 overload
ip route 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx
ip route 10.1.200.0 255.255.255.0 10.1.1.1
!
access-list 1 permit 192.168.1.0 0.0.0.255
!
!
!
!
!
!
!
control-plane
!
!
banner motd ^CC

******************** W A R N I N G *************************
AUTHORIZED ACCESS ONLY
UNAUTHORIZED ACCESS, MISUSE OR SOLICITATION OF THIS SYSTEM,
AND/OR MODIFICATION TO ITS DATA IS STRICTLY PROHIBITED.
You must have explicit permission to access this
device. All activities performed on this device are
logged and violations of this policy will result in
disciplinary or criminal action.
******************** W A R N I N G *************************

^C
!
line con 0
line aux 0
line vty 0 4
exec-timeout 0 0
logging synchronous
transport input all
line vty 5 15
exec-timeout 0 0
logging synchronous
transport input all

Labels:
0 Helpful
7 Replies 7

Flavio Miranda
VIP
VIP

‎01-14-2025 01:09 PM

@DavidGIP 

 In which interface your internal equipment is connected? 

If you run a tracerouter from the PC, where the traceroute stop?

0 Helpful

DavidGIP
Level 1
Level 1
In response to Flavio Miranda

‎01-15-2025 09:22 AM

traceroute stops right after 1921.168.1.1

0 Helpful

Flavio Miranda
VIP
VIP
In response to DavidGIP

‎01-15-2025 09:59 AM - edited ‎01-15-2025 09:59 AM

@DavidGIP 

  Sounds to me that route is missing on the destination. If your "internal equipment" is connected to a Layer3 devices, you need to tell that Layer3 devices how to reply to 192.168.1.0 255.255.255.0 (considering your hosts is connected in this network)

 

0 Helpful

liviu.gheorghe
VIP
VIP

‎01-14-2025 01:18 PM

Hello @DavidGIP ,

what do you mean by "internal equipment"? Are they hosts on network 192.168.1.0/24 (Vlan 600) or are they host on network 10.1.200.0 accessible through interface GigabitEthernet 0/0.2 (Vlan 2)?

Regards, LG
*** Please Rate All Helpful Responses ***
0 Helpful

DavidGIP
Level 1
Level 1
In response to liviu.gheorghe

‎01-15-2025 06:32 AM

They are on network 10.1.1.1 and 10.1.200.1 through GigabitEthernet 0/0.2. By internal equipment, I mean our core equipment. 

0 Helpful

paul driver
VIP
VIP

‎01-14-2025 02:36 PM

Hello
If you want to access an internal host from the internet via a NAT then it would be applicable  to set a static 121 nat/pat statement, as at present you are just overloading

Also suggest you remove the NVI Nat off your interfaces as they are not being utilized and provide a more definitive non recursive default route

Example:
ip nat inside source static <inside host><outside host>
or
ip nat source static tcp<inside host> <port> <outside host><port>


no ip route 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0.11 xxx.xxx.xxx.xxx

int x/x
no ip nat enable


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

MHM Cisco World
VIP
VIP

‎01-14-2025 10:06 PM

your config is correct except you need to remove "" ip nat enable"" from both interface 
MHM 

0 Helpful
Customers Also Viewed These Support Documents