03-26-2012 06:19 AM - edited 03-04-2019 03:48 PM
Hi
I am unable to get internet on public lan subnet. The setup is the same as described here http://www.dslreports.com/faq/15918 with a /30 and a /29 subnet. I followed first config,but was also unable to get traffic to internal host. I included config as giving by provider. Any help will be apprecieted with getting local host on visible internet in the /29 subnet giving and not /30 subnet. Its a cisco 2612
Thanks again
Cisco newbie
Without nat:
interface eth0/0
ip address 196.15.216.193 255.255.255.248 (public range of lan subnet)
no shut
interface serial0/0
ip address 196.25.214.202 255.255.255.252(public wan range to connect to modem)
no shut
ip route 0.0.0.0 0.0.0.0 196.25.214.201
When using nat:
interface eth0/0
ip address 10.0.0.1 255.255.255.0 (private range of lan subnet)
ip nat inside
no shut
interface serial0/0
ip address 196.25.214.202 255.255.255.252(public wan range to connect to modem)
ip nat outside
no shut
ip route 0.0.0.0 0.0.0.0 196.25.214.201
ip nat pool overloadpool 196.15.216.193 196.15.216.193 netmask 255.255.255.48
ip nat inside source list 10 overloadpool overload
access-list 10 permit 10.0.0.0 0.0.0.99
ip nat inside source static 10.0.0.101 196.15.216.194
Solved! Go to Solution.
03-26-2012 06:32 AM
From the router, can you ping the next hop? 196.25.214.201 - if you can't - try contacting the ISP.
If you can, try pinging an internet host using the IP address instead of a name in order to isolate any DNS issues.
For instance, on the router ping cisco.com (72.163.4.161)
router#ping 72.163.4.161 (if fails - your ISP may be blocking the /30 subnet as source - let's use the /29 subnet)
router#ping 72.163.4.161 source ethernet0/0 (this will source the packet from your /29 subnet).
If both fails, time to contact your ISP.
If any of the above was successful, then try pinging using the IP address from a host behind the router - if it works, then you have a DNS issue.
03-26-2012 07:31 AM
Eugene
The results of the extended ping confirm that the /29 is not routed back to you. If your router simple ping to the provider router is successful then it confirms that the connection from you to the provider is good and is working. If the extended ping, sourcing from the /29, then fails it is pretty conclusive proof that they are not routing that address space back to you,
HTH
Rick
03-26-2012 06:32 AM
Eugene
I suggest that the first step is to verify the status of your router interfaces and to be sure that they are functional. Would you post the output of show ip interface brief? This would allow us to be sure that they appear to be ready to work.
I would suggest that the second step is to verify connectivity between the router and the ISP. Use this:
- use a simple ping from the router to the ISP ping 196.25.214.201
If there is connectivity with the ISP then check to be sure that the ISP is routing the other subnet back to you. Use this:
- use an extended ping from the router. in the extended ping the destination would be the ISP address of 196.25.214.201 and the source address would be 196.15.216.193
Do these and let us know the results. If these do not show the problem then we can try other suggestions.
HTH
Rick
03-26-2012 06:43 AM
Hi
Thanks for reply. Results of extended ping:
router#ping
Protocol [ip]:
Target IP address: 196.25.214.201
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 196.15.216.193
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 196.25.214.201, timeout is 2 seconds:
Packet sent with a source address of 196.15.216.193
.....
Success rate is 0 percent (0/5)
03-26-2012 06:32 AM
From the router, can you ping the next hop? 196.25.214.201 - if you can't - try contacting the ISP.
If you can, try pinging an internet host using the IP address instead of a name in order to isolate any DNS issues.
For instance, on the router ping cisco.com (72.163.4.161)
router#ping 72.163.4.161 (if fails - your ISP may be blocking the /30 subnet as source - let's use the /29 subnet)
router#ping 72.163.4.161 source ethernet0/0 (this will source the packet from your /29 subnet).
If both fails, time to contact your ISP.
If any of the above was successful, then try pinging using the IP address from a host behind the router - if it works, then you have a DNS issue.
03-26-2012 06:48 AM
Hi
Thanks for respones.If i ping 72.163.4.161 source ethernet0/0 success rate 0/5.
I can ping google.co.za or internal address no problem when on cisco, but not on internal host or from outside.
google.co.za
72.163.4.161
10.0.0.2(internal host)
196.15.216.193
All these pings is succesful when doing it on the router itself.
PS. I have a sneaking suspicion that /29 not routed back to me. Just want to make sure.
03-26-2012 07:31 AM
Eugene
The results of the extended ping confirm that the /29 is not routed back to you. If your router simple ping to the provider router is successful then it confirms that the connection from you to the provider is good and is working. If the extended ping, sourcing from the /29, then fails it is pretty conclusive proof that they are not routing that address space back to you,
HTH
Rick
03-28-2012 03:29 AM
Could you provide configuration for the device and see where the problem lies.
Rustom Billimoria
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide