cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1365
Views
0
Helpful
6
Replies

no internet on public lan subnet

deep98765
Level 1
Level 1

Hi

I am unable to get internet on public lan subnet. The setup is the same as described here http://www.dslreports.com/faq/15918 with a /30 and a /29 subnet. I followed first config,but was also unable to get traffic to internal host. I included config as giving by provider. Any help will be apprecieted with getting local host on visible internet in the /29 subnet giving and not /30 subnet. Its a cisco 2612

Thanks again

Cisco newbie

Without nat:

interface eth0/0

ip address 196.15.216.193 255.255.255.248 (public range of lan subnet)

no shut

interface serial0/0

ip address 196.25.214.202 255.255.255.252(public wan range to connect to modem)

no shut

ip route 0.0.0.0 0.0.0.0 196.25.214.201

When using nat:

interface eth0/0

ip address 10.0.0.1 255.255.255.0 (private range of lan subnet)

ip nat inside

no shut

interface serial0/0

ip address 196.25.214.202 255.255.255.252(public wan range to connect to modem)

ip nat outside

no shut

ip route 0.0.0.0 0.0.0.0 196.25.214.201

ip nat pool overloadpool 196.15.216.193 196.15.216.193 netmask 255.255.255.48

ip nat inside source list 10 overloadpool overload

access-list 10 permit 10.0.0.0 0.0.0.99

ip nat inside source static 10.0.0.101 196.15.216.194

2 Accepted Solutions

Accepted Solutions

Edison Ortiz
Hall of Fame
Hall of Fame

From the router, can you ping the next hop? 196.25.214.201 - if you can't - try contacting the ISP.

If you can, try pinging an internet host using the IP address instead of a name in order to isolate any DNS issues.

For instance, on the router ping cisco.com (72.163.4.161)

router#ping 72.163.4.161 (if fails - your ISP may be blocking the /30 subnet as source - let's use the /29 subnet)

router#ping 72.163.4.161 source ethernet0/0 (this will source the packet from your /29 subnet).

If both fails, time to contact your ISP.

If any of the above was successful, then try pinging using the IP address from a host behind the router - if it works, then you have a DNS issue.

View solution in original post

Eugene

The results of the extended ping confirm that the /29 is not routed back to you. If your router simple ping to the provider router is successful then it confirms that the connection from you to the provider is good and is working. If the extended ping, sourcing from the /29, then fails it is pretty conclusive proof that they are not routing that address space back to you,

HTH

Rick

HTH

Rick

View solution in original post

6 Replies 6

Richard Burts
Hall of Fame
Hall of Fame

Eugene

I suggest that the first step is to verify the status of your router interfaces and to be sure that they are functional. Would you post the output of show ip interface brief? This would allow us to be sure that they appear to be ready to work.

I would suggest that the second step is to verify connectivity between the router and the ISP. Use this:

- use a simple ping from the router to the ISP  ping 196.25.214.201

If there is connectivity with the ISP then check to be sure that the ISP is routing the other subnet back to you. Use this:

- use an extended ping from the router. in the extended ping the destination would be the ISP address of 196.25.214.201 and the source address would be 196.15.216.193

Do these and let us know the results. If these do not show the problem then we can try other suggestions.

HTH

Rick

HTH

Rick

Hi

Thanks for reply. Results of extended ping:

router#ping

Protocol [ip]:

Target IP address: 196.25.214.201

Repeat count [5]:

Datagram size [100]:

Timeout in seconds [2]:

Extended commands [n]: y

Source address or interface: 196.15.216.193

Type of service [0]:

Set DF bit in IP header? [no]:

Validate reply data? [no]:

Data pattern [0xABCD]:

Loose, Strict, Record, Timestamp, Verbose[none]:

Sweep range of sizes [n]:

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 196.25.214.201, timeout is 2 seconds:

Packet sent with a source address of 196.15.216.193

.....

Success rate is 0 percent (0/5)

Edison Ortiz
Hall of Fame
Hall of Fame

From the router, can you ping the next hop? 196.25.214.201 - if you can't - try contacting the ISP.

If you can, try pinging an internet host using the IP address instead of a name in order to isolate any DNS issues.

For instance, on the router ping cisco.com (72.163.4.161)

router#ping 72.163.4.161 (if fails - your ISP may be blocking the /30 subnet as source - let's use the /29 subnet)

router#ping 72.163.4.161 source ethernet0/0 (this will source the packet from your /29 subnet).

If both fails, time to contact your ISP.

If any of the above was successful, then try pinging using the IP address from a host behind the router - if it works, then you have a DNS issue.

deep98765
Level 1
Level 1

Hi

Thanks for respones.If i ping 72.163.4.161 source ethernet0/0 success rate 0/5.

I can ping google.co.za or internal address no problem when on cisco, but not on internal host or from outside.

google.co.za

72.163.4.161

10.0.0.2(internal host)

196.15.216.193

All these pings is succesful when doing it on the router itself.

PS. I have a sneaking suspicion that /29 not routed back to me. Just want to make sure.

Eugene

The results of the extended ping confirm that the /29 is not routed back to you. If your router simple ping to the provider router is successful then it confirms that the connection from you to the provider is good and is working. If the extended ping, sourcing from the /29, then fails it is pretty conclusive proof that they are not routing that address space back to you,

HTH

Rick

HTH

Rick

Could you provide configuration for the device and see where the problem lies.

Rustom Billimoria