05-05-2021 03:01 PM
Hello mates,
I spend a lot of time of troubleshooting and cant understand, why ICMP doesnt work in my project between PC called "LOGISTIKA" and PC called "KLIENTU_APTARNAVIMAS". In general traffic doesn't go between center site and remote site. Maybe you could help me. Here is a project:
Centrinis (main site) Router:
hostname CENTRINIS ! ! ! ! ip dhcp excluded-address 192.168.10.1 ip dhcp excluded-address 192.168.10.63 ip dhcp excluded-address 192.168.10.65 ip dhcp excluded-address 192.168.10.127 ip dhcp excluded-address 192.168.20.1 ip dhcp excluded-address 192.168.20.31 ip dhcp excluded-address 192.168.20.33 ip dhcp excluded-address 192.168.20.63 ip dhcp excluded-address 192.168.30.1 ip dhcp excluded-address 192.168.30.15 ip dhcp excluded-address 192.168.50.1 ip dhcp excluded-address 192.168.50.15 ! ip dhcp pool LOGISTIKA network 192.168.10.0 255.255.255.192 default-router 192.168.10.1 dns-server 8.8.8.8 ip dhcp pool PERVEZIMU_PLANAVIMAS network 192.168.10.64 255.255.255.192 default-router 192.168.10.65 dns-server 8.8.8.8 ip dhcp pool ADMINISTRACIJA network 192.168.20.0 255.255.255.224 default-router 192.168.20.1 dns-server 8.8.8.8 ip dhcp pool BUHALTERIJA network 192.168.20.32 255.255.255.224 default-router 192.168.20.33 dns-server 8.8.8.8 ip dhcp pool IT network 192.168.30.0 255.255.255.240 default-router 192.168.30.1 dns-server 8.8.8.8 ip dhcp pool DARBUOTOJU_WIFI network 192.168.50.0 255.255.255.240 default-router 192.168.50.1 dns-server 8.8.8.8 ! ! ! no ip cef no ipv6 cef ! ! ! ! license udi pid CISCO2911/K9 sn FTX15240566- ! ! ! ! ! ! ! ! ! ! ! spanning-tree mode pvst ! ! ! ! ! ! interface GigabitEthernet0/0 no ip address duplex auto speed auto ! interface GigabitEthernet0/0.10 encapsulation dot1Q 10 ip address 192.168.10.1 255.255.255.192 ip nat inside ! interface GigabitEthernet0/0.20 encapsulation dot1Q 20 ip address 192.168.10.65 255.255.255.192 ip nat inside ! interface GigabitEthernet0/0.30 encapsulation dot1Q 30 ip address 192.168.20.1 255.255.255.224 ip nat inside ! interface GigabitEthernet0/0.40 encapsulation dot1Q 40 ip address 192.168.20.33 255.255.255.224 ip nat inside ! interface GigabitEthernet0/0.50 encapsulation dot1Q 50 ip address 192.168.30.1 255.255.255.240 ip nat inside ! interface GigabitEthernet0/0.60 encapsulation dot1Q 60 ip address 192.168.50.1 255.255.255.240 ip nat inside ! interface GigabitEthernet0/1 no ip address duplex auto speed auto shutdown ! interface GigabitEthernet0/2 no ip address duplex auto speed auto shutdown ! interface Serial0/0/0 ip address 209.200.20.2 255.255.255.248 ip nat outside clock rate 2000000 ! interface Serial0/0/1 no ip address clock rate 2000000 shutdown ! interface Vlan1 no ip address shutdown ! router ospf 1 log-adjacency-changes network 192.168.10.0 0.0.0.63 area 0 network 192.168.10.64 0.0.0.63 area 0 network 192.168.20.0 0.0.0.31 area 0 network 192.168.20.32 0.0.0.31 area 0 network 192.168.30.0 0.0.0.15 area 0 network 192.168.50.0 0.0.0.15 area 0 network 209.200.20.0 0.0.0.7 area 0 ! ip nat inside source list NAT interface Serial0/0/0 overload ip classless ip route 0.0.0.0 0.0.0.0 Serial0/0/0 ! ip flow-export version 9 ! ! ip access-list standard NAT permit any ! ! ! ! ! ! line con 0 ! line aux 0 ! line vty 0 4 login ! ! ! end
ISP Router:
hostname Internetas ! ! ! ! ! ! ! ! no ip cef no ipv6 cef ! ! ! ! license udi pid CISCO2911/K9 sn FTX1524XX6X- ! ! ! ! ! ! ! ! ! ! ! spanning-tree mode pvst ! ! ! ! ! ! interface GigabitEthernet0/0 no ip address duplex auto speed auto shutdown ! interface GigabitEthernet0/1 no ip address duplex auto speed auto shutdown ! interface GigabitEthernet0/2 no ip address duplex auto speed auto shutdown ! interface Serial0/0/0 ip address 209.200.20.1 255.255.255.248 ! interface Serial0/0/1 ip address 209.200.20.9 255.255.255.248 clock rate 2000000 ! interface Vlan1 no ip address shutdown ! router ospf 1 log-adjacency-changes network 209.200.20.0 0.0.0.7 area 0 network 209.200.20.8 0.0.0.7 area 0 ! ip classless ! ip flow-export version 9 ! ! ! ! ! ! ! ! line con 0 ! line aux 0 ! line vty 0 4 login ! ! ! end
Remote site Router:
hostname PADALINYS ! ! ! ! ip dhcp excluded-address 192.168.70.1 ip dhcp excluded-address 192.168.70.15 ip dhcp excluded-address 192.168.70.17 ip dhcp excluded-address 192.168.70.31 ! ip dhcp pool KLIENTU_APTARNAVIMAS network 192.168.70.0 255.255.255.240 default-router 192.168.70.1 dns-server 8.8.8.8 ip dhcp pool ZALU_ADMINISTRAVIMAS network 192.168.70.16 255.255.255.240 default-router 192.168.70.17 dns-server 8.8.8.8 ! ! ! no ip cef no ipv6 cef ! ! ! ! license udi pid CISCO2911/K9 sn FTX15241C4X- ! ! ! ! ! ! ! ! ! ! ! spanning-tree mode pvst ! ! ! ! ! ! interface GigabitEthernet0/0 no ip address duplex auto speed auto ! interface GigabitEthernet0/0.70 encapsulation dot1Q 70 ip address 192.168.70.1 255.255.255.240 ip nat inside ! interface GigabitEthernet0/0.80 encapsulation dot1Q 80 ip address 192.168.70.17 255.255.255.240 ip nat inside ! interface GigabitEthernet0/1 no ip address duplex auto speed auto shutdown ! interface GigabitEthernet0/2 no ip address duplex auto speed auto shutdown ! interface Serial0/0/0 ip address 209.200.20.10 255.255.255.248 ip nat outside ! interface Serial0/0/1 no ip address clock rate 2000000 shutdown ! interface Vlan1 no ip address shutdown ! router ospf 1 log-adjacency-changes network 192.168.70.0 0.0.0.15 area 0 network 192.168.70.16 0.0.0.15 area 0 network 209.200.20.8 0.0.0.7 area 0 ! ip nat inside source list NAT interface Serial0/0/0 overload ip classless ip route 0.0.0.0 0.0.0.0 Serial0/0/0 ! ip flow-export version 9 ! ! ip access-list standard NAT permit any ! ! ! ! ! ! line con 0 ! line aux 0 ! line vty 0 4 login ! ! ! end
Solved! Go to Solution.
05-06-2021 06:59 AM
Hi,
I opened the file you posted (Prijektas_new.pkt) and did not see the static NAT configuration I suggested on PADALINYS. I added the static NAT configuration and it worked. Please apply the configuration change I suggested and try pinging again.
PADALINYS#config t
Enter configuration commands, one per line. End with CNTL/Z.
PADALINYS(config)#ip nat inside source static 192.168.70.2 209.200.20.11
PADALINYS(config)#end
PADALINYS#
%SYS-5-CONFIG_I: Configured from console by console
PADALINYS#sh runn | incl nat
ip nat inside
ip nat inside
ip nat outside
ip nat inside source list NAT interface Serial0/0/0 overload
ip nat inside source static 192.168.70.2 209.200.20.11
PADALINYS#
PADALINYS#sh ip nat tr
Pro Inside global Inside local Outside local Outside global
icmp 209.200.20.11:29 192.168.70.2:29 209.200.20.2:29 209.200.20.2:29
icmp 209.200.20.11:30 192.168.70.2:30 209.200.20.2:30 209.200.20.2:30
icmp 209.200.20.11:31 192.168.70.2:31 209.200.20.2:31 209.200.20.2:31
icmp 209.200.20.11:32 192.168.70.2:32 209.200.20.2:32 209.200.20.2:32
--- 209.200.20.11 192.168.70.2 --- ---
PADALINYS#
C:\>ping 209.200.20.11
Pinging 209.200.20.11 with 32 bytes of data:
Reply from 209.200.20.11: bytes=32 time=96ms TTL=125
Reply from 209.200.20.11: bytes=32 time=97ms TTL=125
Reply from 209.200.20.11: bytes=32 time=4ms TTL=125
Reply from 209.200.20.11: bytes=32 time=65ms TTL=125
Ping statistics for 209.200.20.11:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 4ms, Maximum = 97ms, Average = 65ms
C:\>
Regards,
05-05-2021 09:11 PM - edited 05-05-2021 09:16 PM
The issue is that you are doing dynamic source NAT on both side. From PC1 (LOGISTIKA) to PC2 (KLIENTU_APTARNAVIMAS) the address you should be pinging is the global address (209.200.20.10), not the local address (192.168.70.2), but the problem is that when packets get to RTR3 (PADALINYS), there is not NAT translation entry from global (209.200.20.10) to local (192.168.70.2) because you are using dynamic source NAT, so ping fails.
Try adding the following static NAT configuration on RTR3 and see if you can ping PC2 global address (209.200.20.11) from PC1.
ip nat inside source static 192.168.70.2 209.200.20.11
Regards,
05-05-2021 11:00 PM - edited 05-05-2021 11:07 PM
Thank you for you answer so much!
Seems, that your given static source nat didint helped.
For me is a strange, because is simulation mode packet goes to the destination and fails on the returning path on the main router, like this:
Can it be somehow because of VLAN's?
Attaching .pkt in .zip. Maybe it will help..
I have a similar project with nat inside source list overload on both sides and there packets are communicating correctly, so basically strange, why there are no communication here. I will attach the old project also where communication is good, maybe it will help (in the old project ACL's are bad, so ignore them).
05-06-2021 06:59 AM
Hi,
I opened the file you posted (Prijektas_new.pkt) and did not see the static NAT configuration I suggested on PADALINYS. I added the static NAT configuration and it worked. Please apply the configuration change I suggested and try pinging again.
PADALINYS#config t
Enter configuration commands, one per line. End with CNTL/Z.
PADALINYS(config)#ip nat inside source static 192.168.70.2 209.200.20.11
PADALINYS(config)#end
PADALINYS#
%SYS-5-CONFIG_I: Configured from console by console
PADALINYS#sh runn | incl nat
ip nat inside
ip nat inside
ip nat outside
ip nat inside source list NAT interface Serial0/0/0 overload
ip nat inside source static 192.168.70.2 209.200.20.11
PADALINYS#
PADALINYS#sh ip nat tr
Pro Inside global Inside local Outside local Outside global
icmp 209.200.20.11:29 192.168.70.2:29 209.200.20.2:29 209.200.20.2:29
icmp 209.200.20.11:30 192.168.70.2:30 209.200.20.2:30 209.200.20.2:30
icmp 209.200.20.11:31 192.168.70.2:31 209.200.20.2:31 209.200.20.2:31
icmp 209.200.20.11:32 192.168.70.2:32 209.200.20.2:32 209.200.20.2:32
--- 209.200.20.11 192.168.70.2 --- ---
PADALINYS#
C:\>ping 209.200.20.11
Pinging 209.200.20.11 with 32 bytes of data:
Reply from 209.200.20.11: bytes=32 time=96ms TTL=125
Reply from 209.200.20.11: bytes=32 time=97ms TTL=125
Reply from 209.200.20.11: bytes=32 time=4ms TTL=125
Reply from 209.200.20.11: bytes=32 time=65ms TTL=125
Ping statistics for 209.200.20.11:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 4ms, Maximum = 97ms, Average = 65ms
C:\>
Regards,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide