12-17-2013 06:03 AM - edited 03-04-2019 09:53 PM
Hi all,
When i'm trying to ping any public IP e.g 4.2.2.2, 98.138.253.109(yahoo.com) without putting any source it is working fine. As you can see below
OCSRTR#
OCSRTR#ping 4.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 116/119/124 ms
OCSRTR#ping 98.138.253.109
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 98.138.253.109, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 264/277/288 ms
But when i'm trying to ping same IPs by putting source of as 192.168.150.1(gateway for LAN) its not working.
OCSRTR#ping 4.2.2.2 sou 192.168.150.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:
Packet sent with a source address of 192.168.150.1
.....
Success rate is 0 percent (0/5)
OCSRTR#ping 98.138.253.109 sou 192.168.150.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 98.138.253.109, timeout is 2 seconds:
Packet sent with a source address of 192.168.150.1
.....
Success rate is 0 percent (0/5)
Below is the output of show ip int brief
OCSRTR#sho ip int brief
Interface IP-Address OK? Method Status Prot ocol
Embedded-Service-Engine0/0 unassigned YES NVRAM administratively down down
GigabitEthernet0/0 192.168.150.1 YES NVRAM up up
GigabitEthernet0/0.2 192.168.142.1 YES NVRAM up up
GigabitEthernet0/1 unassigned YES NVRAM up up
GigabitEthernet0/2 unassigned YES NVRAM administratively down down
Serial0/0/0:0 unassigned YES unset down down
Serial0/0/0:1 unassigned YES unset down down
Serial0/0/0:2 unassigned YES unset down down
Serial0/0/0:3 unassigned YES unset down down
Serial0/0/0:4 unassigned YES unset down down
Serial0/0/0:5 unassigned YES unset down down
Serial0/0/0:6 unassigned YES unset down down
Serial0/0/0:7 unassigned YES unset down down
Serial0/0/0:8 unassigned YES unset down down
Serial0/0/0:9 unassigned YES unset up up
Serial0/0/0:15 unassigned YES unset up up
SM1/0 192.168.142.1 YES unset up up
SM1/1 unassigned YES unset up up
Dialer0 2.xx.xx.xx YES IPCP up up
NVI0 192.168.150.1 YES unset up up
Virtual-Access1 unassigned YES unset up up
Virtual-Access2 unassigned YES unset up up
Vlan1 unassigned YES unset up up
Below is the configuration of gig0/0
OCSRTR#show run interface gigabitEthernet 0/0
Building configuration...
Current configuration : 186 bytes
!
interface GigabitEthernet0/0
ip address 192.168.150.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
crypto ipsec client ezvpn OCS_Deira inside
end
From LAN internet is working properly
kindly help
12-17-2013 06:12 AM
Are your LAN-clients also on network 192.168.150.0? And please post your NAT-config.
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
12-17-2013 10:23 PM
@Karsten
Yes my LAN-clients are in same subnet.
Below is the NAT configuraiton on router. Have a look
interface GigabitEthernet0/0
ip address 192.168.150.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
crypto ipsec client ezvpn OCS_Deira inside
!
interface GigabitEthernet0/0.2
encapsulation dot1Q 2
ip address 192.168.142.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
crypto ipsec client ezvpn OCS_Deira inside
h323-gateway voip interface
h323-gateway voip bind srcaddr 192.168.142.1
interface GigabitEthernet0/1
no ip address
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
interface Dialer0
mtu 1492
ip address negotiated
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication pap xxxxx
ppp pap sent-username ocsdxb1 password 0 xxxxx
crypto ipsec client ezvpn OCS_Deira
ip nat inside source route-map nonat interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
access-list 110 deny ip 192.168.150.0 0.0.0.255 192.6.14.0 0.0.0.255
access-list 110 deny ip 192.168.150.0 0.0.0.255 10.1.0.0 0.0.255.255
access-list 110 deny ip 192.168.142.0 0.0.0.255 192.6.14.0 0.0.0.255
access-list 110 deny ip 192.168.142.0 0.0.0.255 10.1.0.0 0.0.255.255
access-list 110 permit ip 192.168.150.0 0.0.0.255 any
access-list 110 permit ip 192.168.142.0 0.0.0.255 any
route-map nonat permit 10
match ip address 110
12-17-2013 09:04 AM
This seems to be NAT issue , kindly post your configuration .
Thanks.
Ahmad.
Sent from Cisco Technical Support Android App
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide