IPV4 Routing Issue

JasonTurnbull9467 · ‎10-31-2019

Hello,

I've got an issue that's been haunting me for awhile now. I had originally posted about it on another thread earlier in the month. Since it's separate from my original issue I figured I'd start a new discussion.

I've got a router with two public IP addresses configured. One of these is on a sub-interface. I've got a static nat setup for a single local IP that is supposed to route all traffic out over the sub-interface to the internet. As configured, I can only ping the LAN. No outside access for the static-nat host at all. Any pings to the internet hang.

So, at some point, I tried to add a route to the router, going from the host to the sub-interface. If I do this and then ping the local gateway, it hangs...but if I then remove that route I just added, everything works. I can access both the lan and the internet over that sub-interface. This lasts for a few hours. I can even reboot the server and reload the router and it STILL works. But after a few hours it stops working.

The command I issue on the router is: ip route 10.0.0.24 255.255.255.255 GigabitEthernet0/0/0.1

Issue that, ping 10.0.0.1 from the host...watch it hang. Issue no ip route 10.0.0.24 255.255.255.255 GigabitEthernet0/0/0.1 and ping instantly starts responding and the net is reachable.

I'm stumped. I'm going to post my router config below. I'm sure it's something stupid/obvious but I haven't worked on this stuff since 03. It's slowly coming back.

The end result I'm looking for is to have 10.0.0.24's traffic all come and go over sub-interface g0/0/0.1 with a public IP of 216.115.150.34

Config:

Current configuration : 6025 bytes
!
! Last configuration change at 19:09:18 UTC Thu Oct 31 2019
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
no platform punt-keepalive disable-kernel-core
!
hostname Cerberus
!
boot-start-marker
boot-end-marker
!
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
enable secret 5 xxxxxxxxxxxxxxxxx
enable password xxxxxxxx
!
no aaa new-model
!
!
!
!
!
!
!
!
!

no ip domain lookup

no ip dhcp conflict logging
ip dhcp excluded-address 10.0.0.1
!
ip dhcp pool LanPool
network 10.0.0.0 255.255.255.0
default-router 10.0.0.1
domain-name Cerberus.Local
dns-server 8.8.8.8 8.8.4.4
!
ip dhcp pool SERVER
host 10.0.0.24 255.255.255.0
hardware-address e03f.49b1.a81e
default-router 10.0.0.1
domain-name Cerberus.Local
dns-server 8.8.8.8 8.8.4.4
!
!
!
ipv6 unicast-routing
ipv6 dhcp pool Proxy1001
dns-server 2001:4860:4860::8888
domain-name cerberus.local
!
ipv6 dhcp pool 32Block
dns-server 2001:4860:4860::8888
domain-name Cerberus
!
!
!
!
!
!
!
!
subscriber templating
multilink bundle-name authenticated
!
!
!
crypto pki trustpoint TP-self-signed-4242028752
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-4242028752
revocation-check none
rsakeypair TP-self-signed-4242028752
!
!
crypto pki certificate chain TP-self-signed-4242028752
certificate self-signed 01
xxxxxxxx
quit
license udi pid ISR4331/K9 sn FDO19321C50
spanning-tree extend system-id
!
!
redundancy
mode none
!
!
vlan internal allocation policy ascending
!
!
!
!
!
!
interface Loopback1
ip address 192.59.31.1 255.255.255.0
!
interface Tunnel0
description Hurricane Electric IPv6 Tunnel Broker
no ip address
ipv6 address 2001:472:1F0C:BF::2/64
ipv6 enable
tunnel source 216.115.150.175
tunnel mode ipv6ip
tunnel destination 209.51.163.34
!
interface GigabitEthernet0/0/0
ip address 216.115.150.175 255.255.255.192
ip nat outside
negotiation auto
ipv6 enable
!
interface GigabitEthernet0/0/0.1
encapsulation dot1Q 2
ip address 216.115.150.34 255.255.255.192
ip nat inside
!
interface GigabitEthernet0/0/1
ip address 10.0.0.1 255.255.255.0
ip nat inside
negotiation auto
ipv6 address 2602:56C0::1/35
ipv6 enable
ipv6 traffic-filter fromswitch in
ipv6 traffic-filter fromswitch out
!
interface GigabitEthernet0/0/1.2
encapsulation dot1Q 2
ipv6 address 2602:56C0:2000::1/35
ipv6 enable
!
interface GigabitEthernet0/0/1.3
encapsulation dot1Q 3
ipv6 address 2602:56C0:4000::1/35
ipv6 enable
!
interface GigabitEthernet0/0/1.4
encapsulation dot1Q 4
ipv6 address 2602:56C0:6000::1/35
ipv6 enable
!
interface GigabitEthernet0/0/1.5
encapsulation dot1Q 5
ipv6 address 2602:56C0:8000::1/35
ipv6 enable
!
interface GigabitEthernet0/0/1.6
encapsulation dot1Q 6
ipv6 address 2602:56C0:A000::1/35
ipv6 enable
!
interface GigabitEthernet0/0/1.7
encapsulation dot1Q 7
ipv6 address 2602:56C0:C000::1/35
ipv6 enable
!
interface GigabitEthernet0/0/1.8
encapsulation dot1Q 8
ipv6 address 2602:56C0:E000::1/35
ipv6 enable
!
interface GigabitEthernet0/0/2
ip address 144.176.124.242 255.255.255.252
negotiation auto
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
no ip address
shutdown
negotiation auto
!
interface Vlan1
no ip address
!
router bgp 397759
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 2001:472:1F0C:BF::1 remote-as 6939
neighbor 2001:472:1F0C:BF::1 update-source Tunnel0
!
address-family ipv4
exit-address-family
!
address-family ipv6
network 2602:56C0::/32
neighbor 2001:472:1F0C:BF::1 activate
exit-address-family
!
ip nat inside source list 1 interface GigabitEthernet0/0/0 overload
ip nat inside source static 10.0.0.24 216.115.150.34 extendable
ip forward-protocol nd
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 216.115.150.129
!
!
ip access-list extended BaseACL
permit icmp any any
ip access-list extended Manage-SSH
ip access-list extended NOSPOOF
permit icmp any any
permit ip any any
!
access-list 1 permit 10.0.0.0 0.0.255.255
access-list 101 permit icmp any any
access-list 105 permit ip 0.0.0.24 255.255.255.0 any
access-list 105 permit ip any any
ipv6 route 2602:56C0::/32 Tunnel0
ipv6 route ::/0 Tunnel0
!
snmp-server community public RO
!
!
ipv6 access-list fromswitch
permit ipv6 any any
!
control-plane
!
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
access-class 1 in
password xxxxxxxxxx
login
line vty 5 15
access-class 1 in
login
!
!
end

Jaderson Pessoa · ‎10-31-2019

Hello,
try it
access-list 1 deny 10.0.0.24 0.0.0.0
access-list 1 permit 10.0.0.0 0.0.255.255

Jaderson Pessoa
*** Rate All Helpful Responses ***

Georg Pauwen · ‎10-31-2019

Hello,

not sure if this is a typo, but your interface needs to be an outside NAT interface. Change 'ip nat inside' to 'ip nat outside'.

interface GigabitEthernet0/0/0.1
encapsulation dot1Q 2
ip address 216.115.150.34 255.255.255.192
-> ip nat inside --> needs to be ip nat outside

JasonTurnbull9467 · ‎11-01-2019

I gave the suggestions from both replies a try. I tried each alone and a combination of the two. No luck. I'm stumped.

JasonTurnbull9467 · ‎11-03-2019

I tried putting that host on a separate LAN, 11.0.0.24 instead of 10.0.0.24....set everything else up that was required. Same deal...hangs until I add and remove a route to g0/0/0.1 from 11.0.024 on the router.

I'm completely stumped.....once I add and remove the route it works for awhile. I'm not seeing anything in the routing table that explains it. Does anyone know what adding and removing that route could be creating behind the scenes? Somewhere else I can look?

Georg Pauwen · ‎11-03-2019

Hello,

what if you use the actual IP address of the corresponding gateway instead of the subinterface ?

ip route 10.0.0.24 255.255.255.255 216.115.150.1 <-- I assume this is the gateway

JasonTurnbull9467 · ‎11-03-2019

I'll give it a go and report back. My biggest frustration is that while playing with adding/removing routes, if it suddenly comes alive, it takes hours to fail again so that I can test something different. Even if I reload the router, switch and reboot the host, the temporary fix survives. It will then fail arbitrarily in 4 to 8 hours. Which means I can't determine if a fix works unless I wait for it to fail again and then try something new. Any idea how I could make that happen faster?

JasonTurnbull9467 · ‎11-03-2019

Failed again so I added the route to the gateway. No dice. Now it's working again because I added and removed that other route...the one that always fixes it for awhile. Expecting it will be out again in the morning. So frustrating. I just wish there was something I could do to break it again so I could test fixes quickly.

Richard Burts · ‎11-03-2019

When I read the original post (on Friday) and the initial responses, I spent quite a while looking at the config in hope of finding some flaw. Today I read it again and paid more attention to the statement that if a static route were configured and then removed that connectivity worked. If it works some times and not works some times I have trouble thinking it is a flaw in the config and believe that it is more likely something in the operational environment, perhaps some table entry that is created and then times out? As a starting point can I request that in a time when it is not working that you get the output of the command show ip nat translations, then configure the static route and then remove it verifying that connectivity then works and get the output of the command again. And for good measure perhaps wait till it stops working and gather the output again. Then post the outputs so that we can compare the content of the translations comparing what is there when it works and what is there (or not there) when it does not work?

HTH

Rick

HTH

Rick

JasonTurnbull9467 · ‎11-03-2019

Sure thing. The output is huge...do you want me to narrow it down some? Or do you just need a few lines showing NAT for the .34 address? Also, and I'm probably wrong here, but if it was something to do with NAT wouldn't clearing the tables cause my connection to fail instantly? I mean after I add and remove the route and have temporarily fixed the issue.

Last Edit. Connection is up and working right now. So here is the output while it's working. In the morning I'll get the others up:

Pro Inside global Inside local Outside local Outside global
--- 216.115.150.34 10.0.0.24 --- ---
tcp 216.115.150.34:22 10.0.0.24:22 35.158.151.206:64227 35.158.151.206:64227
tcp 216.115.150.34:22 10.0.0.24:22 35.158.151.206:56181 35.158.151.206:56181
tcp 216.115.150.34:22 10.0.0.24:22 52.58.75.133:49060 52.58.75.133:49060
udp 216.115.150.175:4687 10.0.0.10:63355 8.8.8.8:53 8.8.8.8:53
tcp 216.115.150.34:22 10.0.0.24:22 35.158.151.206:47379 35.158.151.206:47379
tcp 216.115.150.175:4128 10.0.0.10:64288 31.13.80.8:443 31.13.80.8:443
tcp 216.115.150.175:4355 10.0.0.2:49713 151.101.20.246:443 151.101.20.246:443
tcp 216.115.150.34:22 10.0.0.24:22 52.57.70.66:50108 52.57.70.66:50108
tcp 216.115.150.175:4150 10.0.0.10:64291 31.13.80.8:443 31.13.80.8:443
udp 216.115.150.175:4673 10.0.0.10:51986 40.119.7.171:65444 40.119.7.171:65444
tcp 216.115.150.34:22 10.0.0.24:22 35.158.151.206:62107 35.158.151.206:62107
tcp 216.115.150.175:4358 10.0.0.10:64312 31.13.80.8:443 31.13.80.8:443
tcp 216.115.150.175:4149 10.0.0.10:49713 54.218.109.91:443 54.218.109.91:443
tcp 216.115.150.34:22 10.0.0.24:22 185.56.252.57:47674 185.56.252.57:47674
tcp 216.115.150.34:22 10.0.0.24:22 185.56.252.57:52415 185.56.252.57:52415
tcp 216.115.150.175:4370 10.0.0.10:49647 23.32.38.200:443 23.32.38.200:443
udp 216.115.150.175:4688 10.0.0.10:54936 8.8.4.4:53 8.8.4.4:53
tcp 216.115.150.175:4357 10.0.0.10:49721 104.116.246.117:443 104.116.246.117:443
tcp 216.115.150.175:4154 10.0.0.10:64294 31.13.80.8:443 31.13.80.8:443
tcp 216.115.150.175:4158 10.0.0.2:53541 104.154.127.245:4070 104.154.127.245:4070
tcp 216.115.150.34:22 10.0.0.24:22 185.56.252.57:39806 185.56.252.57:39806
udp 216.115.150.175:4673 10.0.0.10:51986 40.119.7.170:3544 40.119.7.170:3544
tcp 216.115.150.175:4354 10.0.0.10:64224 23.36.36.100:443 23.36.36.100:443
udp 216.115.150.175:4673 10.0.0.10:51986 40.119.7.171:3544 40.119.7.171:3544
udp 216.115.150.175:4679 10.0.0.2:43404 8.8.8.8:53 8.8.8.8:53
tcp 216.115.150.175:4136 10.0.0.10:49712 3.88.79.252:443 3.88.79.252:443
tcp 216.115.150.34:22 10.0.0.24:22 52.57.70.66:57319 52.57.70.66:57319
icmp 216.115.150.34:3802 10.0.0.24:3802 8.8.8.8:3802 8.8.8.8:3802
udp 216.115.150.175:4676 10.0.0.10:60408 216.58.206.195:443 216.58.206.195:443
tcp 216.115.150.175:4141 10.0.0.10:49434 204.79.197.200:443 204.79.197.200:443
tcp 216.115.150.34:22 10.0.0.24:22 35.158.151.206:49955 35.158.151.206:49955
tcp 216.115.150.175:4135 10.0.0.10:64307 34.230.156.158:443 34.230.156.158:443
tcp 216.115.150.175:4133 10.0.0.10:64256 34.230.156.158:443 34.230.156.158:443
udp 216.115.150.175:4672 10.0.0.10:62381 8.8.8.8:53 8.8.8.8:53
udp 216.115.150.175:4683 10.0.0.10:62821 172.217.165.3:443 172.217.165.3:443
tcp 216.115.150.34:22 10.0.0.24:22 52.58.75.133:63249 52.58.75.133:63249
tcp 216.115.150.34:22 10.0.0.24:22 52.57.70.66:53279 52.57.70.66:53279
tcp 216.115.150.34:22 10.0.0.24:22 52.58.75.133:46309 52.58.75.133:46309
udp 216.115.150.175:4686 10.0.0.10:52689 8.8.4.4:53 8.8.4.4:53
tcp 216.115.150.34:3006 10.0.0.24:3006 78.128.112.14:44950 78.128.112.14:44950
udp 216.115.150.175:4675 10.0.0.10:51081 8.8.4.4:53 8.8.4.4:53
tcp 216.115.150.34:22 10.0.0.24:22 35.158.151.206:39660 35.158.151.206:39660
tcp 216.115.150.34:22 10.0.0.24:22 52.57.70.66:38594 52.57.70.66:38594
tcp 216.115.150.175:4140 10.0.0.10:49437 23.212.177.20:443 23.212.177.20:443
tcp 216.115.150.175:4144 10.0.0.10:49444 142.0.160.13:443 142.0.160.13:443
tcp 216.115.150.175:4365 10.0.0.10:49392 104.102.254.10:443 104.102.254.10:443
tcp 216.115.150.34:22 10.0.0.24:22 35.158.151.206:36395 35.158.151.206:36395
tcp 216.115.150.34:22 10.0.0.24:22 35.158.151.206:60473 35.158.151.206:60473
tcp 216.115.150.34:22 10.0.0.24:22 52.57.70.66:57037 52.57.70.66:57037
tcp 216.115.150.34:22 10.0.0.24:22 35.158.151.206:63236 35.158.151.206:63236
tcp 216.115.150.34:22 10.0.0.24:22 52.57.70.66:57039 52.57.70.66:57039
tcp 216.115.150.175:4367 10.0.0.10:65251 40.90.10.66:443 40.90.10.66:443
udp 216.115.150.175:4681 10.0.0.10:60990 8.8.8.8:53 8.8.8.8:53
tcp 216.115.150.175:4363 10.0.0.10:49726 31.13.80.8:443 31.13.80.8:443
udp 216.115.150.175:4689 10.0.0.10:50713 8.8.8.8:53 8.8.8.8:53
tcp 216.115.150.34:22 10.0.0.24:22 185.56.252.57:59468 185.56.252.57:59468
tcp 216.115.150.175:4138 10.0.0.10:49419 72.163.10.105:443 72.163.10.105:443
tcp 216.115.150.34:22 10.0.0.24:22 185.56.252.57:55006 185.56.252.57:55006
tcp 216.115.150.34:22 10.0.0.24:22 52.57.70.66:51503 52.57.70.66:51503
tcp 216.115.150.175:4362 10.0.0.10:49725 31.13.80.8:443 31.13.80.8:443
tcp 216.115.150.175:4147 10.0.0.10:49406 3.208.14.195:443 3.208.14.195:443
tcp 216.115.150.175:4134 10.0.0.10:49711 34.199.200.25:443 34.199.200.25:443
tcp 216.115.150.34:22 10.0.0.24:22 35.158.151.206:38459 35.158.151.206:38459
tcp 216.115.150.175:4360 10.0.0.10:49723 31.13.80.8:443 31.13.80.8:443
tcp 216.115.150.175:4152 10.0.0.10:49686 40.91.72.120:443 40.91.72.120:443
udp 216.115.150.34:43611 10.0.0.24:43611 8.8.8.8:53 8.8.8.8:53
tcp 216.115.150.34:22 10.0.0.24:22 35.158.151.206:58505 35.158.151.206:58505
tcp 216.115.150.34:22 10.0.0.24:22 185.56.252.57:34381 185.56.252.57:34381
tcp 216.115.150.34:22 10.0.0.24:22 52.58.75.133:48475 52.58.75.133:48475
tcp 216.115.150.175:4159 10.0.0.10:49720 31.13.80.8:443 31.13.80.8:443
tcp 216.115.150.34:22 10.0.0.24:22 52.57.70.66:48015 52.57.70.66:48015
tcp 216.115.150.34:22 10.0.0.24:22 52.57.70.66:63499 52.57.70.66:63499
tcp 216.115.150.175:4156 10.0.0.10:49719 31.13.80.8:443 31.13.80.8:443
tcp 216.115.150.175:4356 10.0.0.10:64282 162.247.242.19:443 162.247.242.19:443
tcp 216.115.150.175:4368 10.0.0.10:49730 31.13.80.8:443 31.13.80.8:443
tcp 216.115.150.34:8080 10.0.0.24:8080 114.35.15.126:43055 114.35.15.126:43055
udp 216.115.150.175:4686 10.0.0.10:52689 8.8.8.8:53 8.8.8.8:53
tcp 216.115.150.175:4155 10.0.0.10:49718 31.13.80.8:443 31.13.80.8:443
udp 216.115.150.175:4672 10.0.0.10:62381 8.8.4.4:53 8.8.4.4:53
tcp 216.115.150.34:22 10.0.0.24:22 35.158.151.206:38143 35.158.151.206:38143
tcp 216.115.150.34:22 10.0.0.24:22 52.57.70.66:46458 52.57.70.66:46458
tcp 216.115.150.34:22 10.0.0.24:22 52.57.70.66:61786 52.57.70.66:61786
tcp 216.115.150.175:4366 10.0.0.10:49729 31.13.80.8:443 31.13.80.8:443
tcp 216.115.150.175:4359 10.0.0.10:49722 31.13.80.8:443 31.13.80.8:443
tcp 216.115.150.34:22 10.0.0.24:22 35.158.151.206:55515 35.158.151.206:55515
udp 216.115.150.175:4677 10.0.0.2:33686 8.8.8.8:53 8.8.8.8:53
tcp 216.115.150.175:4148 10.0.0.10:49415 52.70.246.218:443 52.70.246.218:443
tcp 216.115.150.175:4361 10.0.0.10:49724 31.13.80.8:443 31.13.80.8:443
tcp 216.115.150.34:1433 10.0.0.24:1433 216.83.52.82:58000 216.83.52.82:58000
tcp 216.115.150.34:22 10.0.0.24:22 52.58.75.133:37422 52.58.75.133:37422
tcp 216.115.150.175:4369 10.0.0.10:49540 173.37.149.105:443 173.37.149.105:443
tcp 216.115.150.175:4364 10.0.0.10:49727 31.13.80.8:443 31.13.80.8:443
tcp 216.115.150.34:22 10.0.0.24:22 35.158.151.206:47835 35.158.151.206:47835
udp 216.115.150.175:4684 10.0.0.10:62822 172.217.164.227:443 172.217.164.227:443
tcp 216.115.150.175:4157 10.0.0.2:37626 104.154.126.60:4070 104.154.126.60:4070
tcp 216.115.150.34:22 10.0.0.24:22 52.57.70.66:55440 52.57.70.66:55440
tcp 216.115.150.34:22 10.0.0.24:22 52.58.75.133:48162 52.58.75.133:48162
tcp 216.115.150.34:22 10.0.0.24:22 52.57.70.66:60739 52.57.70.66:60739
udp 216.115.150.175:4688 10.0.0.10:54936 8.8.8.8:53 8.8.8.8:53
tcp 216.115.150.34:22 10.0.0.24:22 52.57.70.66:49977 52.57.70.66:49977
tcp 216.115.150.34:22 10.0.0.24:22 35.158.151.206:49345 35.158.151.206:49345
udp 216.115.150.175:4682 10.0.0.10:62819 172.217.164.194:443 172.217.164.194:443
tcp 216.115.150.34:22 10.0.0.24:22 185.56.252.57:56562 185.56.252.57:56562
tcp 216.115.150.175:4143 10.0.0.10:49448 104.18.98.194:443 104.18.98.194:443
tcp 216.115.150.34:22 10.0.0.24:22 52.58.75.133:58351 52.58.75.133:58351
tcp 216.115.150.175:4146 10.0.0.10:49445 142.0.160.13:443 142.0.160.13:443
tcp 216.115.150.175:4131 10.0.0.10:64299 34.197.250.209:443 34.197.250.209:443
tcp 216.115.150.175:4129 10.0.0.10:49648 54.71.168.117:443 54.71.168.117:443
udp 216.115.150.175:4674 10.0.0.10:50505 8.8.8.8:53 8.8.8.8:53
udp 216.115.150.175:4687 10.0.0.10:63355 8.8.4.4:53 8.8.4.4:53
tcp 216.115.150.34:22 10.0.0.24:22 185.56.252.57:63819 185.56.252.57:63819
tcp 216.115.150.34:22 10.0.0.24:22 52.57.70.66:35049 52.57.70.66:35049
tcp 216.115.150.175:4137 10.0.0.10:49420 72.163.10.124:443 72.163.10.124:443
tcp 216.115.150.34:22 10.0.0.24:22 35.158.151.206:50678 35.158.151.206:50678
udp 216.115.150.175:4690 10.0.0.5:35539 8.8.8.8:53 8.8.8.8:53
tcp 216.115.150.34:22 10.0.0.24:22 52.58.75.133:61924 52.58.75.133:61924
tcp 216.115.150.175:4142 10.0.0.10:49544 108.174.10.14:443 108.174.10.14:443
tcp 216.115.150.175:4132 10.0.0.10:64308 34.230.156.158:443 34.230.156.158:443
udp 216.115.150.175:4680 10.0.0.2:1140 8.8.8.8:53 8.8.8.8:53
tcp 216.115.150.175:4130 10.0.0.10:49531 72.163.4.70:443 72.163.4.70:443
udp 216.115.150.175:4685 10.0.0.10:62818 172.217.165.2:443 172.217.165.2:443
tcp 216.115.150.34:22 10.0.0.24:22 52.57.70.66:35440 52.57.70.66:35440
tcp 216.115.150.34:22 10.0.0.24:22 35.158.151.206:35371 35.158.151.206:35371
tcp 216.115.150.34:22 10.0.0.24:22 52.58.75.133:40941 52.58.75.133:40941
tcp 216.115.150.34:22 10.0.0.24:22 35.158.151.206:62270 35.158.151.206:62270
udp 216.115.150.175:4689 10.0.0.10:50713 8.8.4.4:53 8.8.4.4:53
tcp 216.115.150.34:22 10.0.0.24:22 35.158.151.206:53583 35.158.151.206:53583
tcp 216.115.150.34:22 10.0.0.24:22 35.158.151.206:57557 35.158.151.206:57557
tcp 216.115.150.175:4139 10.0.0.10:64296 31.13.80.8:443 31.13.80.8:443
tcp 216.115.150.175:4145 10.0.0.10:49446 209.167.231.17:443 209.167.231.17:443
tcp 216.115.150.175:4151 10.0.0.10:64295 31.13.80.8:443 31.13.80.8:443
udp 216.115.150.175:4678 10.0.0.2:52028 8.8.8.8:53 8.8.8.8:53
tcp 216.115.150.175:4353 10.0.0.10:64285 31.13.80.8:443 31.13.80.8:443
udp 216.115.150.175:4681 10.0.0.10:60990 8.8.4.4:53 8.8.4.4:53
tcp 216.115.150.34:22 10.0.0.24:22 185.56.252.57:36225 185.56.252.57:36225
tcp 216.115.150.34:22 10.0.0.24:22 52.58.75.133:57891 52.58.75.133:57891
tcp 216.115.150.34:22 10.0.0.24:22 52.57.70.66:38336 52.57.70.66:38336
tcp 216.115.150.34:22 10.0.0.24:22 185.56.252.57:60434 185.56.252.57:60434
tcp 216.115.150.34:8080 10.0.0.24:8080 114.35.15.126:46717 114.35.15.126:46717
tcp 216.115.150.34:22 10.0.0.24:22 35.158.151.206:44922 35.158.151.206:44922
tcp 216.115.150.34:22 10.0.0.24:22 52.57.70.66:33412 52.57.70.66:33412
udp 216.115.150.175:4675 10.0.0.10:51081 8.8.8.8:53 8.8.8.8:53
tcp 216.115.150.175:4352 10.0.0.2:38111 151.101.20.246:443 151.101.20.246:443
tcp 216.115.150.175:4153 10.0.0.10:64283 31.13.80.8:443 31.13.80.8:443
tcp 216.115.150.34:22 10.0.0.24:22 185.56.252.57:51637 185.56.252.57:51637

Georg Pauwen · ‎11-04-2019

Hello,

just in case you haven't already done that: did you check with your ISP to make sure that what they route back to you is correct ?

Richard Burts · ‎11-04-2019

Thank you for the output of the show command. It is fairly large and yes I believe that we are especially interested in entries for the .34 address. It will be interesting to see if anything significant changes when it is not working.

HTH

Rick

HTH

Rick

JasonTurnbull9467 · ‎11-05-2019

Sorry for the late reply. After George mentioned checking with my ISP I decided to phone them and ask them to verify my static IP addresses, masks and gateways. I was told both addresses were masked 255.255.255.192 and both used the same gateway, ending in 150.1. That seemed weird to me because my old router was using a .150.129 address for my original static address. The second ip, ending in 34, was one I recently requested.

Long story short, I left the static nat from 10.0.0.24 the way it was. I removed the sub-interface with the .34 address on it (g0/0/0.1) entirely and I changed the subnet mask on on my g0/0/0 interface to 250.250.250.0 so that it could route both the .175 and the .34 address out the 150.1 gateway. At that point it all came to life and is working fine.

As I suspected everything was caused by me. Lol. Thanks for the assistance everyone. I really appreciate the help.

Georg Pauwen · ‎11-05-2019

Hello,

just for my understanding, you removed the subinterface altogether ? What is the final, working configuration ?

Either way, glad you got it resolved. It often comes down to small mistakes...

Richard Burts · ‎11-05-2019

Thanks for the update explaining that the issue is resolved and what was the real issue. It is good to know when this kind of issue is discussed and then is resolved. A well deserved +5 for the explanation.

HTH

Rick

HTH

Rick