04-04-2018 09:09 AM - edited 03-05-2019 10:13 AM
I am having trouble figuring out why I cannot ping through my PPPoE connection between SP1 and NY-CPE2 while doing NAT on NY-CPE2. NY-CPE2 is able to ping R3, but not from extended ping on inside interface. I can't seem to figure out why NAT, while it appears to be translating it to the correct interface, won't pass my traffic.
SP1-----------SP2--------R3
|
NY-CPE2<---R1<---R2
SP1=203.0.113.5
R3=192.168.3.2
NY-CPE2=203.0.113.6 :: 192.168.1.1
R1=192.168.1.2 :: 192.168.2.1
R2=192.168.2.2
RESULTS
-------------------------
NAT: Entry assigned id 122
NAT*: ICMP id=42->1024
NAT*: s=192.168.2.1->203.0.113.6, d=192.168.3.2 [307]
NAT*: ICMP id=42->1024
NAT*: s=192.168.2.1->203.0.113.6, d=192.168.3.2 [308]
Tracing the route to 192.168.3.2
VRF info: (vrf in name/id, vrf out name/id)
1 192.168.2.2 252 msec 76 msec 20 msec
2 192.168.1.1 80 msec 32 msec 24 msec
3 * * *
4 * * *
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 unassigned YES unset up up
FastEthernet1/0 192.168.1.1 YES manual up up
Dialer1 unassigned YES IPCP up up
Virtual-Access1 unassigned YES unset up up
RUNNING-CONFIG
-----------------
interface FastEthernet0/0
no ip address
duplex full
pppoe enable
pppoe-client dial-pool-number 1
!
interface FastEthernet1/0
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip summary-address eigrp 100 0.0.0.0 0.0.0.0
duplex full
!
interface Dialer1
ip address negotiated
ip nat outside
encapsulation ppp
dialer pool 1
ppp chap password 0 Test123
!
!
router eigrp 100
network 192.168.0.0 0.0.255.255
!
ip nat inside source list 101 interface Dialer1 overload
ip forward-protocol nd
!
!
ip route 0.0.0.0 0.0.0.0 Dialer1
!
access-list 101 permit ip any any
!
!
04-04-2018 11:43 AM
Hello,
I have made a few adjustments to your config (marked in bold), see if you get it to work:
interface FastEthernet0/0
no ip address
duplex full
pppoe enable
pppoe-client dial-pool-number 1
!
interface FastEthernet1/0
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip summary-address eigrp 100 0.0.0.0 0.0.0.0
duplex full
!
interface Dialer1
ip address negotiated
ip mtu 1460
ip nat outside
encapsulation ppp
ip tcp adjust-mss 1420
dialer pool 1
ppp chap password 0 Test123
!
router eigrp 100
network 192.168.0.0 0.0.255.255
!
ip nat inside source route-map ISP interface Dialer1 overload
ip forward-protocol nd
!
ip route 0.0.0.0 0.0.0.0 Dialer1
!
access-list 1 permit 192.168.1.0
!
route-map ISP permit 10
match ip address 1
match interface Dialer1
04-04-2018 05:09 PM
i added the additional statements, but get the same results where it looks like it's translating correctly, just not leaving the interface. A ping from CPE2 works just fine, but an extended ping from the 192.168 network interface on f1/0 still looks like the following:
NY-CPE2(config-if)#do sh ip nat trans
Pro Inside global Inside local Outside local Outside global
icmp 203.0.113.6:1024 203.0.113.6:10 203.0.113.18:10 203.0.113.18:1024
icmp 203.0.113.6:1025 203.0.113.6:11 203.0.113.18:11 203.0.113.18:1025
Packet sent with a source address of 192.168.1.1
.....
Success rate is 0 percent (0/5)
NY-CPE2(config-if)#
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide