Router Multiple WAN per VLAN

KAZUYASHIBATA0718 · ‎11-27-2019

MulHello, I want some help on this topic.

We want to assign a different WAN IP Address for VLAN.

For example:

122.221.xxx.xxx - VLAN10

122.222.xxx.xxx - VLAN20 and so on. We have 8 available WAN IP Addresses.

So far, we tried to ip NATPOOL like:

object-group network VLAN10

range 192.168.243.0 192.168.243.255

ip nat inside source list VLAN10-ACL pool VLAN10-NATPOOL

But it does not work. What I noticed is I can ping 8.8.8.8 no problem but DNS resolution function does not work. If I tried to say ping google.com, it says unknown host. Its really strange.

Any help would be appreciated.

Thanks.

Georg Pauwen · ‎11-28-2019

Hello,

that sounds like 'just' a DNS resolution problem with your clients. Which DNS servers are being assigned to your clients ? If you want to ping a domain name from your router, you need to configure:

ip domain-lookup

and a name server, e.g.:

ip name-server 8.8.8.8

KAZUYASHIBATA0718 · ‎11-28-2019

@Georg Pauwen Thank you.

We are using internal DNS server 172.17.1.xxx. This DNS was working before.

What I did was remove this line:

ip nat inside source list CC2-ACL pool CC2-NATPOOL

Like do I need to create an ACL to permit DNS for CC2-NATPOOL?

Georg Pauwen · ‎11-28-2019

Hello,

what was in that access list ?

Actually, post the full running configuration of your router...

Are you trying to ping the domain name from the router or from a client (PC) ?

KAZUYASHIBATA0718 · ‎11-28-2019

Hello.

Here it is.

I was trying to ping from a client PC not from the router.

thanks in advance.

Georg Pauwen · ‎11-28-2019

Hello,

I am not sure I understand your config, maybe I am missing something:

Where does 192.168.224.0/24 come from ? There is no corresponding interface for, or internal route to, that network.

Also, I don't see a default route for Internet traffic, or did you just omit that ?

object-group network CC2
range 192.168.224.0 192.168.224.255

!

ip nat pool CC2-NATPOOL 122.211.143.35 122.211.143.35 prefix-length 29
ip nat inside source list CC2-ACL pool CC2-NATPOOL
ip nat inside source list Internet-ACL interface GigabitEthernet0/0 overload

!

ip access-list extended CC2-ACL
deny ip object-group CC2 object-group INTERNAL
permit ip object-group CC2 any

KAZUYASHIBATA0718 · ‎11-28-2019

Where does 192.168.224.0/24 come from ? There is no corresponding interface for, or internal route to, that network.

Also, I don't see a default route for Internet traffic, or did you just omit that ?

>>> Sorry it should be 192.168.243.0/24. Now it is range 192.168.224.0 192.168.224.255 but if I change to range 192.168.243.0 192.168.243.255, the problem of Internet occurs and I can ping to 8.8.8.8 but not DNS resolution fails.

Sorry but where should I set the default route for internet traffic?

default routes <172.17.1.1> is another router.

Gateway of last resort is 172.17.1.1 to network 0.0.0.0

D*EX 0.0.0.0/0 [170/28416] via 172.17.1.1, 7w0d, Tunnel1
10.0.0.0/8 is variably subnetted, 97 subnets, 5 masks
D EX 10.1.0.0/16 [170/28672] via 172.17.1.1, 7w0d, Tunnel1
D EX 10.2.0.0/16 [170/28928] via 172.17.1.1, 08:42:13, Tunnel1
D EX 10.3.0.0/16 [170/28672] via 172.17.1.1, 7w0d, Tunnel1
D EX 10.4.2.0/23 [170/28928] via 172.17.1.1, 6w1d, Tunnel1
D EX 10.4.8.0/23 [170/28928] via 172.17.1.1, 7w0d, Tunnel1

object-group network CC2
range 192.168.224.0 192.168.224.255 >>> should be range 192.168.243.0 192.168.243.255

!

ip nat pool CC2-NATPOOL 122.211.143.35 122.211.143.35 prefix-length 29
ip nat inside source list CC2-ACL pool CC2-NATPOOL
ip nat inside source list Internet-ACL interface GigabitEthernet0/0 overload

!

ip access-list extended CC2-ACL
deny ip object-group CC2 object-group INTERNAL
permit ip object-group CC2 any

KAZUYASHIBATA0718 · ‎12-04-2019

Hi! even with a default route it did not work.

Although I could resolve the IP to hostnames (it means DNS is working).

Ping to google.com or 8.8.8.8 resulted in time-outs.

Seems like something is blocking internet access.