Routing Issue Cisco 2921

Waqas Butt · ‎12-29-2014

Hi Everyone.... I need urgent help on the below scenario....

ISP Managed Router connected to ADSL & looked for me to view or change configuration.... i have successfully configured my own 2921 to work with ISP router with IP NAT, Internet is working for all my LAN Users.

After connecting the VPN from outside to managed services router... i am able to reach my 2921 (10.10.10,100) but unable to access Internal LAN interface which is (10.10.100.1) on-wards....

ISP Managed Router (10.10.10.1) >>>>>>>>>> (10.10.10.100) MY Router (2921) (10.10.100.1)>>>>>>>>>>DHCP Users (10.10.100.21 to 100)

CONFIGURATION OF 2921 Attached.

Please give suggestions and advise if i need to so some more settings on 2921.

paul driver · ‎12-29-2014

Hello

You don't say how you are trying to connect to the internal users ? Telnet/Http/FTP etc..

I can see you have a default-gateway applied and also multiple static routes which seems unnecessary -

Lastly, do you have 192.168.1.0/24 users and is 10.10.10.1 the ISP next hop address.

Can you try tidying this config up a little?

no ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0
no ip route 10.10.100.0 255.255.255.0 10.10.10.1
no access-list 10
no ip default-gateway 10.10.10.1

access-list 10 permit 10.10.100.0 0.0.0.255
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 10.10.10.1

res

Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Waqas Butt · ‎12-30-2014

Hi Paul,

I have changed the config as required.... yes ISP router side is 10.10.10.1

Still issues.... Internet is working fine for my LAN users...

When i connect VPN on ISP managed router - 78.93.181.41 its connected....

I can ping 10.10.10.0 range.... and able to reach my router which is 10.10.100.1.... but unable to access anything on 10.10.100.0 (which is my LAN)

Any ideas.... as i asked ISP to allow this in their router which they did....

access-list 10 permit 10.10.100.0 0.0.0.255

this what i get from 2921 now....

RGTSTHALIA2900#show ip nat translations
Pro Inside global Inside local Outside local Outside global
udp 10.10.10.100:1031 10.10.100.21:1031 192.168.1.111:161 192.168.1.111:161
udp 10.10.10.100:1031 10.10.100.21:1031 192.168.100.11:161 192.168.100.11:161
udp 10.10.10.100:1031 10.10.100.21:1031 192.168.100.111:161 192.168.100.111:161
udp 10.10.10.100:1031 10.10.100.21:1031 192.168.100.112:161 192.168.100.112:161
tcp 10.10.10.100:1674 10.10.100.21:1674 2.21.39.117:80 2.21.39.117:80
tcp 10.10.10.100:1734 10.10.100.21:1734 2.21.39.117:80 2.21.39.117:80
tcp 10.10.10.100:1735 10.10.100.21:1735 2.21.39.117:80 2.21.39.117:80

RGTSTHALIA2900#show ip route

Gateway of last resort is 10.10.10.1 to network 0.0.0.0

S* 0.0.0.0/0 [1/0] via 10.10.10.1, GigabitEthernet0/0
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C 10.10.10.0/24 is directly connected, GigabitEthernet0/0
L 10.10.10.100/32 is directly connected, GigabitEthernet0/0
C 10.10.100.0/24 is directly connected, GigabitEthernet0/1
L 10.10.100.1/32 is directly connected, GigabitEthernet0/1