External IP not pingable from outside

Vignesh Ekanathan · ‎04-21-2013

Hi guys,

We have a cisco 2811 router with 2 ADSL interfaces. One dialer interface is used for internet and another dialer interface is used for VPN.

The dialer interface that is used for internet purpose is "Dialer 1" and the VPN is "Dialer 2".

The route looks like this:

ip route 0.0.0.0 0.0.0.0 dialer 1

Basically, I am able to the ping the external IP address associated with the Dialer 1 interface, however, I cannot ping the external IP address associated with Dialer 2.

Any thoughts? I am stuck with this for quite some time now.

Kind Regards,
Vignesh.

Kind Regards, Vignesh.

Richard Burts · ‎04-21-2013

Vignesh

My guess is that you get an assymetric path when the router is responding to ping to dialer 2. The packet arrived on dialer 2 but the default route is sending the response out dialer 1.

My suggestion of how to fix this would start with configuring Local Policy Based Routing. This is similar to Policy Based Routing but where PBR is for traffic that is transit going through the router the Local version is for traffic that is originated by the router. Local PBR uses the same kind of route map to identify the traffic and a set ip next-hop to send the traffic out a specified interface. But rather than being assigned to an interface it is configured in global configuration mode using this command

ip local policy route-map map-tag

You can check this link for more information

http://www.cisco.com/en/US/docs/ios/12_2/qos/configuration/guide/qcfpbr_ps1835_TSD_Products_Configuration_Guide_Chapter.html#wp1001002

HTH

Rick

HTH

Rick

Leo Laohoo · ‎05-27-2013

Duplicate posts.

Vignesh Ekanathan · ‎05-27-2013

Hi Leo,

Well.. The local PBR did not work. Here is the config:

interface ATM0/0/0

no ip address

no atm ilmi-keepalive

!

interface ATM0/0/0.1 point-to-point

pvc 8/35

pppoe-client dial-pool-number 4

!

interface ATM0/1/0

no ip address

no atm ilmi-keepalive

!

interface ATM0/1/0.1 point-to-point

pvc 8/35

pppoe-client dial-pool-number 3

!

interface Dialer0

no ip address

!

interface Dialer3

description "Telstra connection"

ip address negotiated

ip mtu 1452

ip nat outside

ip virtual-reassembly in

encapsulation ppp

dialer pool 3

dialer-group 3

ppp authentication pap callin

ppp pap sent-username xxx@direct.telstra.net password 7 xxx

!

interface Dialer4

description "iiNET connection"

bandwidth 1319

ip address negotiated

ip mtu 1452

ip nbar protocol-discovery

ip flow ingress

ip nat outside

ip virtual-reassembly in

encapsulation ppp

dialer pool 4

dialer-group 4

ppp authentication pap callin

ppp pap sent-username xxx@iinet.net.au password 7 xxx

!

interface BVI1

ip address 192.168.1.254 255.255.255.0

ip nat inside

ip virtual-reassembly in

no ip route-cache cef

ip tcp adjust-mss 1412

!

ip forward-protocol nd

ip http server

ip http authentication local

ip http secure-server

!

ip nat inside source route-map nonat interface Dialer3 overload

ip route 0.0.0.0 0.0.0.0 Dialer3

!

access-list 120 permit ip 192.168.1.0 0.0.0.255 any

!

route-map nonat permit 10

match ip address 120

Kind Regards,
Vignesh.

Kind Regards, Vignesh.

Richard Burts · ‎05-27-2013

I do not see any local PBR configuration. And the only nat that I see is for dialer 3. What would happen if you try to send data out dialer 4? There is not any translation configured for that traffic.

HTH

Rick

HTH

Rick

Vignesh Ekanathan · ‎05-29-2013

Hi Richard,

I have enabled local pbr on the router. The configuration for PBR:

ip local policy route-map LocalPBR

route-map LocalPBR permit 10

set interface Dialer4 Dialer3

I haven't enabled NAT on the Dialer 4 interface as it doesn't send out any traffic. This line is used to just receive email.

Kind Regards,
Vignesh.

Kind Regards, Vignesh.