08-03-2023 09:53 AM
Hi
I can be able to ping IP address 192.168.29.180 from host-VCP 18 to R5, but unable to ping the gateway of the internet or google DNS.
There is no issue with inside and outside FW policy (even I can't be able to ping Google DNS from the firewall as well)
VPCS> ping 192.168.29.180
84 bytes from 192.168.29.180 icmp_seq=1 ttl=253 time=4.735 ms
84 bytes from 192.168.29.180 icmp_seq=2 ttl=253 time=3.412 ms
84 bytes from 192.168.29.180 icmp_seq=3 ttl=253 time=3.687 ms
84 bytes from 192.168.29.180 icmp_seq=4 ttl=253 time=3.219 ms
84 bytes from 192.168.29.180 icmp_seq=5 ttl=253 time=3.415 ms
VPCS> ping 8.8.8.8
*192.168.10.1 icmp_seq=1 ttl=255 time=1.009 ms (ICMP type:3, code:1, Destination host unreachable)
*192.168.10.1 icmp_seq=2 ttl=255 time=1.099 ms (ICMP type:3, code:1, Destination host unreachable)
*192.168.10.1 icmp_seq=3 ttl=255 time=0.954 ms (ICMP type:3, code:1, Destination host unreachable)
*192.168.10.1 icmp_seq=4 ttl=255 time=1.151 ms (ICMP type:3, code:1, Destination host unreachable)
*192.168.10.1 icmp_seq=5 ttl=255 time=0.972 ms (ICMP type:3, code:1, Destination host unreachable)
Router-5
Edge-Core-1#ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 10/10/11 ms
Edge-Core-1#
Edge-Core-1#sh ip rou
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is 192.168.29.1 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 192.168.29.1
10.0.0.0/8 is variably subnetted, 5 subnets, 3 masks
O IA 10.10.10.0/29 [110/20] via 10.10.30.1, 00:31:31, Ethernet0/0
C 10.10.30.0/29 is directly connected, Ethernet0/0
L 10.10.30.2/32 is directly connected, Ethernet0/0
C 10.10.40.0/30 is directly connected, Ethernet0/2
L 10.10.40.1/32 is directly connected, Ethernet0/2
O IA 192.168.10.0/24 [110/21] via 10.10.30.1, 00:31:31, Ethernet0/0
O IA 192.168.20.0/24 [110/21] via 10.10.30.1, 00:31:31, Ethernet0/0
192.168.29.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.29.0/24 is directly connected, Ethernet0/3
L 192.168.29.180/32 is directly connected, Ethernet0/3
O IA 192.168.30.0/24 [110/21] via 10.10.30.1, 00:31:31, Ethernet0/0
O IA 192.168.40.0/24 [110/21] via 10.10.30.1, 00:31:31, Ethernet0/0
O IA 192.168.50.0/24 [110/21] via 10.10.30.1, 00:31:31, Ethernet0/0
O IA 192.168.60.0/24 [110/21] via 10.10.30.1, 00:31:31, Ethernet0/0
interface Ethernet0/0
ip address 10.10.30.2 255.255.255.248
duplex auto
!
interface Ethernet0/1
no ip address
duplex auto
!
interface Ethernet0/2
ip address 10.10.40.1 255.255.255.252
duplex auto
!
interface Ethernet0/3
ip address 192.168.29.180 255.255.255.0
duplex auto
!
router ospf 1
router-id 2.2.2.2
redistribute connected subnets
redistribute static subnets
network 10.10.30.0 0.0.0.7 area 0.0.0.1
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 192.168.29.
08-03-2023 09:58 AM
Run trace route from the VPCS and see where it is stops. Then, check that device routing table.
08-03-2023 10:09 AM
It's stopping from the R5 router when I trace router from SW11 and from the VPCS gateway of the SVI interface of the S11 switch
PCS> trace 8.8.8.8
trace to 8.8.8.8, 8 hops max, press Ctrl+C to stop
1 192.168.10.1 0.907 ms 0.847 ms 0.755 ms
2 * * *
3 * * *
DSW-1#trace
DSW-1#traceroute 8.8.8.8
Type escape sequence to abort.
Tracing the route to dns.google (8.8.8.8)
VRF info: (vrf in name/id, vrf out name/id)
1 10.10.10.1 2 msec 1 msec 1 msec
2 10.10.30.2 2 msec 4 msec 2 msec
3 * * *
4 * * *
5 * * *
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
DSW-1#sh ip rou
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is 10.10.10.1 to network 0.0.0.0
O*E2 0.0.0.0/0 [110/1] via 10.10.10.1, 00:05:20, Ethernet0/1
10.0.0.0/8 is variably subnetted, 4 subnets, 3 masks
C 10.10.10.0/29 is directly connected, Ethernet0/1
L 10.10.10.2/32 is directly connected, Ethernet0/1
O IA 10.10.30.0/29 [110/20] via 10.10.10.1, 00:51:59, Ethernet0/1
O E2 10.10.40.0/30 [110/20] via 10.10.10.1, 00:50:14, Ethernet0/1
192.168.10.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.10.0/24 is directly connected, Vlan10
L 192.168.10.1/32 is directly connected, Vlan10
192.168.20.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.20.0/24 is directly connected, Vlan20
L 192.168.20.1/32 is directly connected, Vlan20
O E2 192.168.29.0/24 [110/20] via 10.10.10.1, 00:41:47, Ethernet0/1
192.168.30.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.30.0/24 is directly connected, Vlan30
L 192.168.30.1/32 is directly connected, Vlan30
192.168.40.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.40.0/24 is directly connected, Vlan40
L 192.168.40.1/32 is directly connected, Vlan40
192.168.50.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.50.0/24 is directly connected, Vlan50
L 192.168.50.1/32 is directly connected, Vlan50
192.168.60.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.60.0/24 is directly connected, Vlan60
L 192.168.60.1/32 is directly connected, Vlan60
08-03-2023 10:26 AM
It stops at R5? But where is 8.8.8.8 connected to? And the what is 10.10.10.1 ?
R5 is DSW?
08-04-2023 01:02 AM
8.8.8.8 is connected to my home WIFI network and 10.10.10.1 is FW inside interface IP address.
R5 is edge routers towards internet facing.
08-03-2023 02:14 PM
Hello
You need to enable NAT/PAT on R5/R6 so it dynamically translates your private addressing traffic in to a public routed ip address,
Can you share the run cfg of both wan rtrs
08-04-2023 12:58 AM
Yes. I tried NAT Option as well.
Is this because the WIFI internet router doesn't have a default route towards the R5 router?
Router 5
Edge-Core-1#sh
Aug 4 07:50:27.000: %SYS-5-CONFIG_I: Configured from console by console
Edge-Core-1#sh run
Building configuration...
Current configuration : 1772 bytes
!
! Last configuration change at 07:50:27 UTC Fri Aug 4 2023
! NVRAM config last updated at 07:50:25 UTC Fri Aug 4 2023
!
version 15.7
service config
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Edge-Core-1
interface Ethernet0/0
ip address 10.10.30.2 255.255.255.248
ip nat inside
ip virtual-reassembly in
duplex auto
!
interface Ethernet0/1
no ip address
shutdown
duplex auto
!
interface Ethernet0/2
ip address 10.10.40.1 255.255.255.252
duplex auto
!
interface Ethernet0/3
no ip address
duplex auto
!
interface Ethernet1/0
ip address 192.168.29.75 255.255.255.0
ip nat outside
no ip virtual-reassembly in
duplex auto
!
!
router ospf 1
router-id 2.2.2.2
redistribute connected subnets
redistribute static subnets
network 10.10.30.0 0.0.0.7 area 0.0.0.1
default-information originate
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip nat source list 1 interface Ethernet1/0 overload
ip route 0.0.0.0 0.0.0.0 192.168.29.1
!
access-list 1 permit any
!
control-plane
!
con 0
logging synchronous
line aux 0
line vty 0 4
login
transport input none
!
ntp server 34.208.249.133
ntp server pool.ntp.org
!
end
08-04-2023 01:17 AM
Hello,
not sure if this has already been mentioned, but a NAT access list with 'permit any' is usually not a good idea. Change the ACL from:
access-list 1 permit any
to
access-list 1 permit 10.10.30.0 0.0.0.7
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide