Hi VJ

I am sending again the updateted output of Sh run command:

Router 'A'

version 12.3

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname OLPHO3

!

boot-start-marker

boot-end-marker

!

no aaa new-model

ip subnet-zero

!

!

ip cef

!

!

no ftp-server write-enable

interface FastEthernet0/0

description # Fast Ethernet Connection 1 #

ip address 192.168.0.248 255.255.255.0

duplex auto

speed auto

no cdp enable

!

interface FastEthernet0/1

description ## KHI Gateway to MPLS ###

ip address 192.168.15.250 255.255.255.0

ip nat inside

duplex auto

speed auto

!

!

interface Serial0/0/1

description #link to MPLS#$FW_INSIDE$

ip address 221.120.192.34 255.255.255.252

ip nat outside

!

!

router eigrp 1

network 192.168.0.0

network 192.168.2.0

network 192.168.9.0

network 192.168.10.0

network 192.168.13.0

network 192.168.14.0

network 192.168.15.0

network 192.168.16.0

network 192.168.19.0

network 192.168.100.0

network 202.125.147.0 0.0.0.7

network 221.120.192.0 0.0.0.3

no auto-summary

no eigrp log-neighbor-changes

!

ip classless

ip route 0.0.0.0 255.255.255.252 221.120.192.33 (this is the ISP end edge router IP)

ip route 192.168.16.0 255.255.255.0 221.120.192.33

ip route 192.168.16.0 255.255.255.0 202.125.147.97

ip route 202.125.147.96 255.255.255.252 221.120.192.33

ip http server

ip http access-class 71

ip http authentication local

ip nat pool outer 192.168.16.0 192.168.16.254 netmask 255.255.255.0

ip nat inside source list 7 interface Serial0/0/1 overload

!

!

access-list 7 permit 192.168.15.0 0.0.0.255

access-list 71 permit 192.168.0.5

access-list 99 permit 192.168.0.62

access-list 99 permit 192.168.0.5

access-list 99 deny any

access-list 101 permit ip any any

access-list 108 remark 8

access-list 108 remark SDM_ACL Category=2

access-list 108 permit ip 192.168.15.0 0.0.0.255 192.168.16.0 0.0.0.255

access-list 169 permit icmp any any echo

access-list 169 permit icmp any any echo-reply

access-list 169 permit udp any any eq echo

access-list 169 permit udp any eq echo any

access-list 169 permit tcp any any established

access-list 169 permit tcp any any

access-list 169 permit ip any any

dialer-list 1 protocol ip list 101

!

control-plane

!

banner login ^C ^C

banner motd ^C Welcome To OLPHO ISDN Router ^C

!

line con 0

login local

transport output telnet

line aux 0

login local

transport output telnet

Router 'B'

Current configuration : 1713 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname ORIX-MPLS

!

boot-start-marker

boot-end-marker

!

enable secret 5 $1$D54Q$j6R5yWaLSGH7XzPcsA5iW.

!

no aaa new-model

!

resource policy

!

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

ip subnet-zero

ip cef

no ip dhcp use vrf connected

ip name-server 202.125.148.204

isdn switch-type basic-net3

interface FastEthernet0/0

description CONNECTION TO MY NETWORK

ip address 192.168.16.250 255.255.255.0

ip nat inside

speed auto

full-duplex

no mop enabled

!

interface Serial0/1/0

description ITI SERIAL

ip address 202.125.147.98 255.255.255.252

ip nat outside

!

interface Serial0/1/1

no ip address

shutdown

clockrate 2000000

!

router eigrp 1

network 192.168.15.0

network 192.168.16.0

network 202.125.147.0 0.0.0.7

network 221.120.192.0 0.0.0.3

auto-summary

!

ip classless

ip route 0.0.0.0 0.0.0.0 202.125.147.97 (the 202.125.147.97 is the ISP edge router address)

ip route 0.0.0.0 255.255.255.252 202.125.147.97

!

ip http server

ip nat inside source list 8 interface Serial0/1/0 overload

!

end

Hi,

ACL 8 is missing in Router B.

Include these lines on Router B.

access-list 8 permit 192.168.16.0 0.0.0.255

-VJ

Hi again

Please change this line

ip route 0.0.0.0 255.255.255.252 221.120.192.33

to this and examine what will happen.

ip route 0.0.0.0 255.255.255.252 221.120.192.33

Thanks.

Hi VJ

access lis 8 is added but no luck

mr. mozaffari

Sorry i dont understand ur statement

Shahzad

Hi,

As pointed out by the fellow Netpro, please remove the incorrect static route on Router B.

no ip route 0.0.0.0 255.255.255.252 202.125.147.97

It should have only one default route.

ip route 0.0.0.0 0.0.0.0 202.125.147.97

-VJ

hi VJ

remove the incorrect address. but still failed to ping remote LAN

Thank u

Hi,

As you are having the MPLS links connecting to both the sites, do you really need NAT to access the remote lan segments.

I just had a look at the configuration and your initial requirement.

You want lan to lan access, in this case PAT is not going to help.

If you receive the lan routes via EIGRP properly, then you dont need to do NAT at all.

Does your service provider instructed you to turn on EIGRP to advertise your subnets.

If this is the case which is usually, you dont need to do NAT / PAT at both ends, you should be able to access the lan segments mutually at both locations.

Kindly clarify me on your setup to help you better.

-Vj

Hi

Yes, you are right. This is a MPLS link connecting both sites, usualy NAT and PAT not required to access remote lan segments.

I am using leased line on other router and eigrp protocol and it works fine with lan routes. My service providor not asked me to turn on the eigrp. but what else we should use instead of eigrp.

Thanks again

Thank you VJ.

I forwarded your suggested guidelines to our service provider.

Best Regards

Shahzad