Nat and cisco routing

lakhwaraa · ‎12-13-2022

I have following configuation.

I dont have any access list or any thing. simple router configuration

Tunnel connection with my hub (ipsec)

crypto isakmp policy 100
encr aes
authentication pre-share
group 2
crypto isakmp key sams@ng address 0.0.0.0
crypto ipsec transform-set CR-TS-statement esp-aes esp-sha-hmac
mode transport
crypto ipsec profile CR-PR-statement
set transform-set CR-TS-statement

interface Tunnel2
ip address 20.2.2.134 255.255.255.0
no ip redirects
ip mtu 1390
ip nhrp authentication statement2
ip nhrp map multicast dynamic
ip nhrp map multicast 109.51.22.31
ip nhrp map 20.2.2.134 109.51.22.31
ip nhrp network-id 222
ip nhrp holdtime 60
ip nhrp nhs 20.2.2.254
ip nhrp registration no-unique
tunnel source FastEthernet8
tunnel mode gre multipoint
tunnel key 222
tunnel protection ipsec profile CR-PR-statement

interface FastEthernet8
ip address 192.168.18.12 255.255.255.0
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface Vlan1
ip address 172.20.134.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
!
!
router eigrp 2
network 20.2.2.0 0.0.0.255
network 172.20.134.0 0.0.0.255
passive-interface Vlan1
eigrp stub connected
!
no ip forward-protocol nd
ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip dns server
ip nat inside source list NAT interface FastEthernet8 overload
ip route 0.0.0.0 0.0.0.0 192.168.18.12
!
ip access-list extended NAT
permit ip 172.20.134.0 0.0.0.255 any

The problem is i can ping every computer or hub from this (branch) router but i can not ping it from computers connected to (branch) router. what i am doing wrong ?????.

ping 20.2.2.11 (this is from router to hub computer)
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 20.2.2.11, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms

balaji.bandi · ‎12-14-2022

but i can not ping it from computers connected to (branch) router. what i am doing wrong ?????.

network inside Lan ? 172.20.134.X network you mean ?

how is your show ip route looks like.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

lakhwaraa · ‎12-14-2022

IP routes

S* 0.0.0.0/0 [5/0] via 103.69.111.1
8.0.0.0/32 is subnetted, 1 subnets
S 8.8.4.4 [1/0] via 192.168.18.1
10.0.0.0/8 is variably subnetted, 8 subnets, 2 masks
C 20.2.2.0/24 is directly connected, Tunnel1
L 20.2.2.10/32 is directly connected, Tunnel1
C 10.2.2.0/24 is directly connected, Tunnel2
L 10.2.2.10/32 is directly connected, Tunnel2
D 20.2.2.0/24 [90/26882560] via 20.2.2.254, 07:23:22, Tunnel1

D 172.12.20.0 [90/26933760] via 20.2.2.249, 07:23:22, Tunnel1
D 172.17.0.0/16 [90/26933760] via 20.2.2.5, 07:23:33, Tunnel1
172.20.0.0/16 is variably subnetted, 47 subnets, 2 masks
D EX 172.20.112.0/24 [170/26882560] via 20.2.2.254, 07:23:22, Tunnel1
D EX 172.20.113.0/24 [170/26882560] via 20.2.2.254, 01:39:07, Tunnel1
D EX 172.20.114.0/24 [170/26882560] via 20.2.2.254, 00:13:22, Tunnel1
D 172.20.115.0/24 [90/26933760] via 20.2.2.205, 07:23:33, Tunnel1
D EX 172.20.118.0/24 [170/26882560] via 20.2.2.254, 01:39:07, Tunnel1

my routes are good. i cant ping from computer (network inside lan) but my router can ping successfully.

MHM Cisco World · ‎12-14-2022

ip nhrp map multicast 109.51.22.31
ip nhrp map 20.2.2.134 109.51.22.31 <<- this map is wrong you must change the IP to be 20.2.2.254
ip nhrp nhs 20.2.2.254