Solved: Device with Public IP Address cannot access the Internet

jeffrey.melendez1 · ‎02-22-2017

My organization recently had a service provider install an Ethernet Dedicated Internet service. I received the IP address for the point-to-point connection with their equipment (50.XX.XX.180/30) where 50.XX.XX.182 is on my 3925 router. I was also given a block of public IPs to use 50.XX.XX.64/28. Gi0/0 (WAN interface) configured with 50.XX.XX.182/30. Gi0/1 has several sub-interfaces (192.168.XX.XX). I have configured the router to NAT all of the 192.168.XX.XX traffic to one of the public IPs received (50.XX.XX.66). All of this is working without problems. Now, when I configure Gi0/2 with one of the public IP addresses (50.XX.XX.65) and connect a 3850 switch to it, none of the devices that I then connect to that switch have access outside. The switch also has a 50.XX.XX.67/28 configured and can successfully ping the gateway (50.XX.XX.65) and Gi0/0 of the router. Beyond that, it cannot ping anything else. Keep in mind that the devices I have connected to the switch have static IPs configured. The router has only the default route of 0.0.0.0 0.0.0.0 50.XX.XX.181. Gi0/0 has the ip nat outside statement and Gi0/1 has the ip nat inside. Gi0/2 does not have any statements on it. Can anyone provide recommendations as to what to look for? Thanks in advance!

Sam Smiley · ‎02-22-2017

Hi Jeffrey,

The issue really isn't an issue as you see it; your service provider has given you two subnets; 50.XX.XX.180/30 and 50.XX.XX.64/28. Their device is configured to send all traffic for 50.XX.XX.64/28 to 50.XX.XX.182. When you add another interface within to connect to the service provider all the routes for 50.XX.XX.64/28 are still being sent back to 50.XX.XX.182. In order to do what you want your service provider would have to assign a 3rd IP address to send the route.

There are a couple of ways you can configure this, I have a similar config in my own network. Assign gi0/0 on your 3925 as you have it to 50.XX.XX.182 with a gateway of 50.XX.XX.181. Then use NAT pools to distribute the 50.XX.XX.64/28 as needed. Here is an outline of what the config should look like:

https://supportforums.cisco.com/discussion/11738651/multiple-wan-ip-addresses-and-multiple-inside-hosts

Cheers,
Sam

View solution in original post

Georg Pauwen · ‎02-22-2017

Jeffrey,

post the configs of the switch and the router...

Sam Smiley · ‎02-22-2017

Hi Jeffrey,

The issue really isn't an issue as you see it; your service provider has given you two subnets; 50.XX.XX.180/30 and 50.XX.XX.64/28. Their device is configured to send all traffic for 50.XX.XX.64/28 to 50.XX.XX.182. When you add another interface within to connect to the service provider all the routes for 50.XX.XX.64/28 are still being sent back to 50.XX.XX.182. In order to do what you want your service provider would have to assign a 3rd IP address to send the route.

There are a couple of ways you can configure this, I have a similar config in my own network. Assign gi0/0 on your 3925 as you have it to 50.XX.XX.182 with a gateway of 50.XX.XX.181. Then use NAT pools to distribute the 50.XX.XX.64/28 as needed. Here is an outline of what the config should look like:

https://supportforums.cisco.com/discussion/11738651/multiple-wan-ip-addresses-and-multiple-inside-hosts

Cheers,
Sam

jeffrey.melendez1 · ‎02-23-2017

Well, apparently there was nothing wrong with my configuration. I called up the service provider to verify my assigned block of IPs and it so happens that the ones I was given during the install were incorrect. Once I reconfigured my interfaces with the correct ones everything began working. Thank you all for your responses in this matter.