Solved: Cisco 4331 connection issue

GCharette · ‎08-18-2023

Hi,

I'm a student at ECPI university and I'm having issues with a project using Cisco packet Tracer.

The network is setup exactly like they asked, but all my devices on the network cannot ping the virtual internet server

11.1.1.10

Each device on the network can ping each other but any attempt to ping the internet server results in Request Timed Out.
I can ping the Cisco 4331 Router on the IP address I assigned to the

G0/0/1 port 11.0.0.46 255.255.255.0

On any of those devices as well.
If I ping the virtual internet server

11.1.1.10

from the Router it works, also if I ping any device on the network from the router it works which is puzzling. Its like

G0/0/1 and G0/0/0

are not talking to each other but im able to ping

g0/0/1

Assigned IP address.

All the devices are connected through two Cisco 3560's with Vlans setup.

Any help would be appreciated.

attached the cisco packet file into

Proj4ConnectInternet.zip

Kasun Bandara · ‎08-18-2023

@GCharette you need to configure NAT on this case. because your router connected to virtual server dont know about

172.x.x.x

ranges. you can add nat on

 geocha8546-R1

i added below config to test

172.16.46.32/27

subnet. you can add other subnets to nat ACL and test

interface GigabitEthernet0/0/0.20
ip nat inside
!
interface GigabitEthernet0/0/1
ip nat outside

ip nat inside source list 100 interface GigabitEthernet0/0/1 overload

access-list 100 permit ip 172.16.46.32 0.0.0.31 11.0.0.0 0.255.255.255

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB

View solution in original post

Kasun Bandara · ‎08-18-2023

@GCharette share your pkt file here by zipping it

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB

Kasun Bandara · ‎08-18-2023

@GCharette you need to configure NAT on this case. because your router connected to virtual server dont know about

172.x.x.x

ranges. you can add nat on

 geocha8546-R1

i added below config to test

172.16.46.32/27

subnet. you can add other subnets to nat ACL and test

interface GigabitEthernet0/0/0.20
ip nat inside
!
interface GigabitEthernet0/0/1
ip nat outside

ip nat inside source list 100 interface GigabitEthernet0/0/1 overload

access-list 100 permit ip 172.16.46.32 0.0.0.31 11.0.0.0 0.255.255.255

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB

GCharette · ‎08-19-2023

This worked...They haven't taught us this, yet which is a little frustrating.... but I'm going to share with the other students in my class.

So, my question now is, do I have to do the

 ip nat inside

on each of the subnets right?

Also is there a way to cover all subnets with that long

access-list 100 permit statement

on one line or must it be seperate also?

Thankyou KB

GCharette · ‎08-19-2023

never mind i found the answer...looks like i do have to make a separate

access-list

entry for each subnet....but i can use

any instead of 11.0.0.0  0.255.255.255....

Which is how you would normally want it to act in a typical network that has internet access? correct?

Kasun Bandara · ‎08-19-2023

@GCharette i suggest not to use

any

that can be a issue for internal routing.

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB