cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2314
Views
16
Helpful
22
Replies

Regarding private and public ip address

arpitdesai12
Level 1
Level 1

Okay...I am new to cisco, just preparing for my CCNA exam. I had doubt regarding public IP addressing scheme and private IP addressing scheme.

Not actually doubt but i wanted to make sure my understanding regarding it..here's what i picture about it...

ok...so when when i have my router's one interface having public IP nd all other interface private IP address. so whenever my data with packet as source address of private IP reaches to public IP...does router converts it to Public ip and sends it out...without my NAT on....because whenever i ping to my Public ip's another interface connected to another router...i recieve request timed out not destination host unreachable

22 Replies 22

paolo bevilacqua
Hall of Fame
Hall of Fame

That happens because your router is configured to not respond to ping.

Then how does it responds after NATing....and one more thing....when i dnt do NAT can my Private IP go out of public IP interface

Hi Arpit,

if your router is set not to respond to ping, it will not respond to ping even after NAT.

your private range ip will not go out to Public because there wouldnt be a valid route available for it, even if u manually set it to go out to public interface, the first ISP router that receives it, will drop it.

HTH,

plz Rate helpful posts.


Soroush.

Hope it Helps!

Soroush.

Hi Soroushm,

your private range ip will not go out to Public because there wouldnt be a valid route available for it

Are you absolutely sure about this? Because it is possible that such a packet (with private range ip) will go out through public interface. The only problem is about the route back - just as you said. But I believe that it will go out through interface with public ip with no problem at all.

Best regards,

Jan

Ops, my bad..!!! i thought he wants to send packets with private ip as destination... sorry u r right !

5 stars to catch my fault here !

cheerZ,


Soroush.

Hope it Helps!

Soroush.

Thank you Soroush, you are very kind! Cheers!

Best regards,

Jan

Hey Jan yeah what u r saying is kinda i also thought nd wanted to confirm it....but as ive asked my question is if im able to send Private IP packet out to public , why i m not able to receive it back....my destination router(one wid public ip) does have route for private ip add.....and one more thing....i dnt get reply untill i m not doing NAT....ad soon as i do NAT....reply is der...

Arpit,

can you post configs of these two routers, sh ip route outputs, scheme how are they interconnected and what ping are you performing? Because it SHOULD work if routing is correct.

Best regards,

Jan

I have three Routers...one is CORP where my one interface has public IP nd rest 4 has private IPs....to one private IP interface there is a router R1 and to Public IP interface R3

Private IPs 10.1.0.0   0.0.255.255  and public 68.1.0.0   0.0.255.255

CORP :-

     10.0.0.0/24 is subnetted, 8 subnets

C       10.1.1.0 is directly connected, FastEthernet0/0

C       10.1.2.0 is directly connected, Serial0/0/0

C       10.1.3.0 is directly connected, Serial0/0/1

C       10.1.4.0 is directly connected, Serial0/1/0

O       10.1.6.0 [110/65] via 10.1.2.2, 00:02:06, Serial0/0/0

O       10.1.7.0 [110/65] via 10.1.2.2, 00:02:06, Serial0/0/0

O       10.1.8.0 [110/65] via 10.1.4.2, 00:02:06, Serial0/1/0

O       10.1.9.0 [110/65] via 10.1.4.2, 00:02:06, Serial0/1/0

     68.0.0.0/30 is subnetted, 2 subnets

C       68.1.1.4 is directly connected, Serial0/1/1

O       68.1.1.8 [110/65] via 68.1.1.6, 00:02:06, Serial0/1/1

CORP>

R1 :-

     10.0.0.0/24 is subnetted, 8 subnets

O       10.1.1.0 [110/65] via 10.1.3.1, 00:05:22, Serial0/0/1

C       10.1.2.0 is directly connected, Serial0/0/0

C       10.1.3.0 is directly connected, Serial0/0/1

O       10.1.4.0 [110/128] via 10.1.3.1, 00:05:22, Serial0/0/1

C       10.1.6.0 is directly connected, FastEthernet0/0

C       10.1.7.0 is directly connected, FastEthernet0/1

O       10.1.8.0 [110/129] via 10.1.3.1, 00:05:22, Serial0/0/1

O       10.1.9.0 [110/129] via 10.1.3.1, 00:05:22, Serial0/0/1

     68.0.0.0/30 is subnetted, 2 subnets

O       68.1.1.4 [110/128] via 10.1.3.1, 00:05:22, Serial0/0/1

O       68.1.1.8 [110/129] via 10.1.3.1, 00:05:22, Serial0/0/1

R1>

R3 :-

     10.0.0.0/24 is subnetted, 10 subnets

O       10.1.1.0 [110/65] via 68.1.1.5, 00:05:53, Serial0/0/0

O       10.1.2.0 [110/128] via 68.1.1.5, 00:05:53, Serial0/0/0

O       10.1.3.0 [110/128] via 68.1.1.5, 00:05:53, Serial0/0/0

O       10.1.4.0 [110/128] via 68.1.1.5, 00:05:53, Serial0/0/0

O       10.1.6.0 [110/129] via 68.1.1.5, 00:05:53, Serial0/0/0

O       10.1.7.0 [110/129] via 68.1.1.5, 00:05:53, Serial0/0/0

O       10.1.8.0 [110/129] via 68.1.1.5, 00:05:53, Serial0/0/0

O       10.1.9.0 [110/129] via 68.1.1.5, 00:05:53, Serial0/0/0

C       10.1.11.0 is directly connected, FastEthernet0/1

O       10.1.12.0 [110/2] via 10.1.11.2, 00:05:28, FastEthernet0/1

     68.0.0.0/30 is subnetted, 2 subnets

C       68.1.1.4 is directly connected, Serial0/0/0

C       68.1.1.8 is directly connected, FastEthernet0/0

R3>

To my R1 there is HOST with 10.1.7.2 from where im pinging to R3 host 68.1.1.10....now one thing imp is that i dnt get reply without NAT but strange thing is NAT ON Reply ON

Arpit,

one last thing. Can you attach whole configs of routers in zip format here? And also, what is the output of

 traceroute 68.1.1.10

command on the PC? I just need to confirm something.

Thanks for your patience!

Best regards,

Jan

hey dnt know how to upload file oer here....and yeah when i did tracert from my pc it show

PC>tracert 68.1.1.10

Tracing route to 68.1.1.10 over a maximum of 30 hops:

  1   31 ms     31 ms     16 ms     10.1.6.1

  2   63 ms     63 ms     63 ms     10.1.3.1

  3   94 ms     65 ms     78 ms     68.1.1.10

  4   110 ms    78 ms     109 ms    68.1.1.10

Trace complete.

where 10.1.6.1 is gateway....10.1.3.1 is interface connecting CORP nd hell it didnt showed R3 directly went to pc

i think i got these because NAT is oN....but when i removed NAT then i got request timed out after two hops

Hi  Arpit,

yeah I meant that you do traceroute without the NAT, sorry I haven't pointed that out. The point I want to clarify is that there could be an IP mismatch or incomplete route because when you take a closer look at the routing table you will see that when NAT is on, the packet will take a different route on the way back as it would take without NAT.

On which router does the NATing take place and to what address? - just to make sure I got this right.

You can upload files when you press Use advanced editor option in right top corner of the message box and then include files at the bottom.

Best regards,

Jan

okk...i m uploading .pkt file ....just check nd let me know what mistake is der...

CORP is one where i m doing NAT

Hi Arpit,

it is very strange, but it works for me in the opposite way.

I am trying ping from PC0 with IP of 10.1.6.2 to PC4 with IP address of 68.1.1.10

It works when NAT is disabled.

-routing is OK, route from PC0 to PC4 works in either direction

Doesn't work when NAT is enabled.

-problem here is that you are translating to address 64.1.1.5 but because it is not a real interface in up state, it is not in routing updates from OSPF even though the OSPF process on the CORP router is configured with network 64.0.0.0 0.255.255.55 command!

-try to check other routers with sh ip route command and you will see that you don't have route to 64.1.1.5 but you need it if you are translating to this address!

-one possible solution is that you will create loopback interface with ip address of 64.1.1.5, then the OSPF will redistribute route back and it will work

Don't worry the packets won't even make it to the loopback interface! That is because when the packet destined for such IP address arrives, NAT will take place first and just after that the routing will take place. So the traffic will be forwarded towards the real (private) IP address, not to the loopback.

So try to issue these commands on CORP router:

CORP(config)#int lo0

CORP(config-if)#ip add 64.1.1.5 255.255.255.255

And that should do the trick...it worked for me!

Are you absolutely sure it works with NAT enabled? Because when I opened your pkt scheme NAT was enabled and it didn't work for me.

One more thing: It would be more correct if you would configure your nat pool like this:

ip nat pool Arpit 64.1.1.5 64.1.1.5 netmask 255.255.255.255

because now you have it with netmask 255.255.255.252, but it doesn't matter right now...this is not the cause of the problem.

Best regards,

Jan

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco