cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1100
Views
5
Helpful
3
Replies

ICMP doesnt work from center site to remote site via ISP

Steroidas
Level 1
Level 1

Hello mates,

 

I spend a lot of time of troubleshooting and cant understand, why ICMP doesnt work in my project between PC called "LOGISTIKA" and PC called "KLIENTU_APTARNAVIMAS". In general traffic doesn't go between center site and remote site. Maybe you could help me. Here is a project:

 
 

screenshot.jpg

Centrinis (main site) Router:

hostname CENTRINIS
!
!
!
!
ip dhcp excluded-address 192.168.10.1
ip dhcp excluded-address 192.168.10.63
ip dhcp excluded-address 192.168.10.65
ip dhcp excluded-address 192.168.10.127
ip dhcp excluded-address 192.168.20.1
ip dhcp excluded-address 192.168.20.31
ip dhcp excluded-address 192.168.20.33
ip dhcp excluded-address 192.168.20.63
ip dhcp excluded-address 192.168.30.1
ip dhcp excluded-address 192.168.30.15
ip dhcp excluded-address 192.168.50.1
ip dhcp excluded-address 192.168.50.15
!
ip dhcp pool LOGISTIKA
 network 192.168.10.0 255.255.255.192
 default-router 192.168.10.1
 dns-server 8.8.8.8
ip dhcp pool PERVEZIMU_PLANAVIMAS
 network 192.168.10.64 255.255.255.192
 default-router 192.168.10.65
 dns-server 8.8.8.8
ip dhcp pool ADMINISTRACIJA
 network 192.168.20.0 255.255.255.224
 default-router 192.168.20.1
 dns-server 8.8.8.8
ip dhcp pool BUHALTERIJA
 network 192.168.20.32 255.255.255.224
 default-router 192.168.20.33
 dns-server 8.8.8.8
ip dhcp pool IT
 network 192.168.30.0 255.255.255.240
 default-router 192.168.30.1
 dns-server 8.8.8.8
ip dhcp pool DARBUOTOJU_WIFI
 network 192.168.50.0 255.255.255.240
 default-router 192.168.50.1
 dns-server 8.8.8.8
!
!
!
no ip cef
no ipv6 cef
!
!
!
!
license udi pid CISCO2911/K9 sn FTX15240566-
!
!
!
!
!
!
!
!
!
!
!
spanning-tree mode pvst
!
!
!
!
!
!
interface GigabitEthernet0/0
 no ip address
 duplex auto
 speed auto
!
interface GigabitEthernet0/0.10
 encapsulation dot1Q 10
 ip address 192.168.10.1 255.255.255.192
 ip nat inside
!
interface GigabitEthernet0/0.20
 encapsulation dot1Q 20
 ip address 192.168.10.65 255.255.255.192
 ip nat inside
!
interface GigabitEthernet0/0.30
 encapsulation dot1Q 30
 ip address 192.168.20.1 255.255.255.224
 ip nat inside
!
interface GigabitEthernet0/0.40
 encapsulation dot1Q 40
 ip address 192.168.20.33 255.255.255.224
 ip nat inside
!
interface GigabitEthernet0/0.50
 encapsulation dot1Q 50
 ip address 192.168.30.1 255.255.255.240
 ip nat inside
!
interface GigabitEthernet0/0.60
 encapsulation dot1Q 60
 ip address 192.168.50.1 255.255.255.240
 ip nat inside
!
interface GigabitEthernet0/1
 no ip address
 duplex auto
 speed auto
 shutdown
!
interface GigabitEthernet0/2
 no ip address
 duplex auto
 speed auto
 shutdown
!
interface Serial0/0/0
 ip address 209.200.20.2 255.255.255.248
 ip nat outside
 clock rate 2000000
!
interface Serial0/0/1
 no ip address
 clock rate 2000000
 shutdown
!
interface Vlan1
 no ip address
 shutdown
!
router ospf 1
 log-adjacency-changes
 network 192.168.10.0 0.0.0.63 area 0
 network 192.168.10.64 0.0.0.63 area 0
 network 192.168.20.0 0.0.0.31 area 0
 network 192.168.20.32 0.0.0.31 area 0
 network 192.168.30.0 0.0.0.15 area 0
 network 192.168.50.0 0.0.0.15 area 0
 network 209.200.20.0 0.0.0.7 area 0
!
ip nat inside source list NAT interface Serial0/0/0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0/0 
!
ip flow-export version 9
!
!
ip access-list standard NAT
 permit any
!
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
 login
!
!
!
end

ISP Router:

hostname Internetas
!
!
!
!
!
!
!
!
no ip cef
no ipv6 cef
!
!
!
!
license udi pid CISCO2911/K9 sn FTX1524XX6X-
!
!
!
!
!
!
!
!
!
!
!
spanning-tree mode pvst
!
!
!
!
!
!
interface GigabitEthernet0/0
 no ip address
 duplex auto
 speed auto
 shutdown
!
interface GigabitEthernet0/1
 no ip address
 duplex auto
 speed auto
 shutdown
!
interface GigabitEthernet0/2
 no ip address
 duplex auto
 speed auto
 shutdown
!
interface Serial0/0/0
 ip address 209.200.20.1 255.255.255.248
!
interface Serial0/0/1
 ip address 209.200.20.9 255.255.255.248
 clock rate 2000000
!
interface Vlan1
 no ip address
 shutdown
!
router ospf 1
 log-adjacency-changes
 network 209.200.20.0 0.0.0.7 area 0
 network 209.200.20.8 0.0.0.7 area 0
!
ip classless
!
ip flow-export version 9
!
!
!
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
 login
!
!
!
end


Remote site Router:

hostname PADALINYS
!
!
!
!
ip dhcp excluded-address 192.168.70.1
ip dhcp excluded-address 192.168.70.15
ip dhcp excluded-address 192.168.70.17
ip dhcp excluded-address 192.168.70.31
!
ip dhcp pool KLIENTU_APTARNAVIMAS
 network 192.168.70.0 255.255.255.240
 default-router 192.168.70.1
 dns-server 8.8.8.8
ip dhcp pool ZALU_ADMINISTRAVIMAS
 network 192.168.70.16 255.255.255.240
 default-router 192.168.70.17
 dns-server 8.8.8.8
!
!
!
no ip cef
no ipv6 cef
!
!
!
!
license udi pid CISCO2911/K9 sn FTX15241C4X-
!
!
!
!
!
!
!
!
!
!
!
spanning-tree mode pvst
!
!
!
!
!
!
interface GigabitEthernet0/0
 no ip address
 duplex auto
 speed auto
!
interface GigabitEthernet0/0.70
 encapsulation dot1Q 70
 ip address 192.168.70.1 255.255.255.240
 ip nat inside
!
interface GigabitEthernet0/0.80
 encapsulation dot1Q 80
 ip address 192.168.70.17 255.255.255.240
 ip nat inside
!
interface GigabitEthernet0/1
 no ip address
 duplex auto
 speed auto
 shutdown
!
interface GigabitEthernet0/2
 no ip address
 duplex auto
 speed auto
 shutdown
!
interface Serial0/0/0
 ip address 209.200.20.10 255.255.255.248
 ip nat outside
!
interface Serial0/0/1
 no ip address
 clock rate 2000000
 shutdown
!
interface Vlan1
 no ip address
 shutdown
!
router ospf 1
 log-adjacency-changes
 network 192.168.70.0 0.0.0.15 area 0
 network 192.168.70.16 0.0.0.15 area 0
 network 209.200.20.8 0.0.0.7 area 0
!
ip nat inside source list NAT interface Serial0/0/0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0/0 
!
ip flow-export version 9
!
!
ip access-list standard NAT
 permit any
!
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
 login
!
!
!
end
1 Accepted Solution

Accepted Solutions

Hi,

 

I opened the file you posted (Prijektas_new.pkt) and did not see the static NAT configuration I suggested on PADALINYS. I added the static NAT configuration and it worked. Please apply the configuration change I suggested and try pinging again.

 

PADALINYS#config t

Enter configuration commands, one per line. End with CNTL/Z.

PADALINYS(config)#ip nat inside source static 192.168.70.2 209.200.20.11

PADALINYS(config)#end

PADALINYS#

%SYS-5-CONFIG_I: Configured from console by console

PADALINYS#sh runn | incl nat

ip nat inside

ip nat inside

ip nat outside

ip nat inside source list NAT interface Serial0/0/0 overload

ip nat inside source static 192.168.70.2 209.200.20.11

PADALINYS#

PADALINYS#sh ip nat tr

Pro Inside global Inside local Outside local Outside global

icmp 209.200.20.11:29 192.168.70.2:29 209.200.20.2:29 209.200.20.2:29

icmp 209.200.20.11:30 192.168.70.2:30 209.200.20.2:30 209.200.20.2:30

icmp 209.200.20.11:31 192.168.70.2:31 209.200.20.2:31 209.200.20.2:31

icmp 209.200.20.11:32 192.168.70.2:32 209.200.20.2:32 209.200.20.2:32

--- 209.200.20.11 192.168.70.2 --- ---

 

PADALINYS#

 

C:\>ping 209.200.20.11

 

Pinging 209.200.20.11 with 32 bytes of data:

 

Reply from 209.200.20.11: bytes=32 time=96ms TTL=125

Reply from 209.200.20.11: bytes=32 time=97ms TTL=125

Reply from 209.200.20.11: bytes=32 time=4ms TTL=125

Reply from 209.200.20.11: bytes=32 time=65ms TTL=125

 

Ping statistics for 209.200.20.11:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 4ms, Maximum = 97ms, Average = 65ms

 

C:\>

 

Regards,

 

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

View solution in original post

3 Replies 3

Harold Ritter
Spotlight
Spotlight

The issue is that you are doing dynamic source NAT on both side. From PC1 (LOGISTIKA) to PC2 (KLIENTU_APTARNAVIMAS) the address you should be pinging is the global address (209.200.20.10), not the local address (192.168.70.2), but the problem is that when packets get to RTR3 (PADALINYS), there is not NAT translation entry from global (209.200.20.10) to local (192.168.70.2) because you are using dynamic source NAT, so ping fails.

 

Try adding the following static NAT configuration on RTR3 and see if you can ping PC2 global address (209.200.20.11) from PC1.

 

ip nat inside source static 192.168.70.2 209.200.20.11

 

Regards,

 

 

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

Steroidas
Level 1
Level 1

Thank you for you answer so much!

Seems, that your given static source nat didint helped.

For me is a strange, because is simulation mode packet goes to the destination and fails on the returning path on the main router, like this:
Screenshot_1.jpg

Can it be somehow because of VLAN's?

Attaching .pkt in .zip. Maybe it will help..

 

I have a similar project with nat inside source list overload on both sides and there packets are communicating correctly, so basically strange, why there are no communication here. I will attach the old project also where communication is good, maybe it will help (in the old project ACL's are bad, so ignore them).

Hi,

 

I opened the file you posted (Prijektas_new.pkt) and did not see the static NAT configuration I suggested on PADALINYS. I added the static NAT configuration and it worked. Please apply the configuration change I suggested and try pinging again.

 

PADALINYS#config t

Enter configuration commands, one per line. End with CNTL/Z.

PADALINYS(config)#ip nat inside source static 192.168.70.2 209.200.20.11

PADALINYS(config)#end

PADALINYS#

%SYS-5-CONFIG_I: Configured from console by console

PADALINYS#sh runn | incl nat

ip nat inside

ip nat inside

ip nat outside

ip nat inside source list NAT interface Serial0/0/0 overload

ip nat inside source static 192.168.70.2 209.200.20.11

PADALINYS#

PADALINYS#sh ip nat tr

Pro Inside global Inside local Outside local Outside global

icmp 209.200.20.11:29 192.168.70.2:29 209.200.20.2:29 209.200.20.2:29

icmp 209.200.20.11:30 192.168.70.2:30 209.200.20.2:30 209.200.20.2:30

icmp 209.200.20.11:31 192.168.70.2:31 209.200.20.2:31 209.200.20.2:31

icmp 209.200.20.11:32 192.168.70.2:32 209.200.20.2:32 209.200.20.2:32

--- 209.200.20.11 192.168.70.2 --- ---

 

PADALINYS#

 

C:\>ping 209.200.20.11

 

Pinging 209.200.20.11 with 32 bytes of data:

 

Reply from 209.200.20.11: bytes=32 time=96ms TTL=125

Reply from 209.200.20.11: bytes=32 time=97ms TTL=125

Reply from 209.200.20.11: bytes=32 time=4ms TTL=125

Reply from 209.200.20.11: bytes=32 time=65ms TTL=125

 

Ping statistics for 209.200.20.11:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 4ms, Maximum = 97ms, Average = 65ms

 

C:\>

 

Regards,

 

Regards,
Harold Ritter, CCIE #4168 (EI, SP)