cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3344
Views
75
Helpful
39
Replies

Setting up ARIN network range on a router. BGP setup and how do I use my IPs?

badassmexican
Level 1
Level 1

I'm very new to Cisco routing.  I have a 7100 series router and a new ISP that will advertise our IP block.

I'm trying to figure out how to configure the router to allow us to use the IPs from our block.  Any pointers on what I'm missing would be greatly appreciated.  I'm having lots of fun with this router.

 

I was able to figure out how to get the router setup and now I have internet and DHCP working.

It has two ports which I assigned with the IP provided by my ISP and an internal IP.  

 

I added my ISP gateway as a neighbor in my BGP settings:

neighbor 33.88.245.169 remote-as 174 

 

I also added a route to my ISPs gateway and the Internet started working:

ip route 0.0.0.0 0.0.0.0 38.88.245.169 

 

I also created a new access list 1.  4 was already there so I'm thinking maybe I should not have created a new one and just added to access list 4.

 

I bolded the things I've added to the configuration.  The rest was already there.  I think this router was already working but with a different ISP.

 

Router#show running-config
Building configuration...

Current configuration : 3151 bytes
!
version 12.1
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router
!
logging rate-limit console 10 except errors
!
ip subnet-zero
!
!
no ip finger
no ip domain-lookup
ip dhcp excluded-address 192.168.250.0 192.168.250.6
!
ip dhcp pool Main-DHCP
network 192.168.250.0 255.255.255.0
default-router 192.168.250.1
dns-server 66.28.0.45
!
call rsvp-sync
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 192.168.250.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface FastEthernet0/1
description Uplink
ip address 38.88.245.170 255.255.255.248
ip nat outside
duplex full
speed 100
!
interface Serial1/0
no ip address
shutdown
framing c-bit
cablelength 10
dsu bandwidth 44210
!
router bgp 6551
bgp log-neighbor-changes
network 207.182.96.0
network 207.182.97.0
network 207.182.98.0
network 207.182.99.0
network 207.182.100.0
network 207.182.104.0
network 207.182.105.0
neighbor 33.88.245.169 remote-as 174
!
ip nat inside source list 1 interface FastEthernet0/1 overload
ip nat inside source list 4 interface FastEthernet0/1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1
ip route 0.0.0.0 0.0.0.0 38.88.245.169
ip route 207.182.96.0 255.255.255.0 FastEthernet0/0
ip route 207.182.97.0 255.255.255.0 FastEthernet0/0
ip route 207.182.98.0 255.255.255.0 FastEthernet0/0
ip route 207.182.98.0 255.255.255.128 FastEthernet0/0
ip route 207.182.99.0 255.255.255.0 FastEthernet0/0
ip route 207.182.100.0 255.255.255.0 FastEthernet0/0
ip route 207.182.101.0 255.255.255.0 FastEthernet0/0
ip route 207.182.102.0 255.255.255.0 FastEthernet0/0
ip route 207.182.103.0 255.255.255.0 FastEthernet0/0
ip route 207.182.104.0 255.255.255.0 FastEthernet0/0
ip route 207.182.105.0 255.255.255.0 FastEthernet0/0
no ip http server
!
!
ip prefix-list USCOLO_out seq 10 permit 207.182.96.0/24
ip prefix-list USCOLO_out seq 11 permit 207.182.96.0/19
ip prefix-list USCOLO_out seq 20 permit 207.182.97.0/24
ip prefix-list USCOLO_out seq 30 permit 207.182.98.0/24
ip prefix-list USCOLO_out seq 40 permit 207.182.99.0/24
ip prefix-list USCOLO_out seq 41 permit 207.182.100.0/24
ip prefix-list USCOLO_out seq 42 permit 207.182.104.0/24
ip prefix-list USCOLO_out seq 45 permit 207.182.105.0/24
ip prefix-list USCOLO_out seq 99 deny 0.0.0.0/0
!
ip prefix-list default seq 5 permit 0.0.0.0/0
logging facility local0
logging source-interface FastEthernet0/0
access-list 1 permit 192.168.250.0 0.0.0.255
access-list 4 permit 207.182.105.0
access-list 4 permit 207.182.104.0
access-list 4 permit 207.182.97.0
access-list 4 permit 207.182.96.0
access-list 4 permit 207.182.99.0
access-list 4 permit 207.182.98.0
access-list 4 permit 207.182.100.0
route-map USCOLO permit 10
match as-path 1
set local-preference 103
!
route-map USCOLO_out permit 10
match ip address prefix-list USCOLO_out
!
!
!
line con 0
transport input none
line aux 0
line vty 0 4
login
line vty 5 15
login
!
end

39 Replies 39

Hello

so then please summerise your requirements regards your network and we can assist you with the getting the router into a running state 

 

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Hello,

 

 

Thanks for the help. 

 

Currently we have:

 

Old ISP -> Cisco 1900 series -> Sonicwall (DHCP) -> Switch -> LAN

 

What we need now is to replace our old ISP with the new one that will allow us to use the IP's we own on systems in our LAN.  Systems that don't need a static IP could just use DHCP behind one IP for the whole network.  I'm not sure which of these two layouts would work best.

 

We want to be able to use all the IPs we own.

AS Number/Range:  6551

AS Handle:  AS6551
Net Range:  207.182.96.0 - 207.182.127.255
CIDR:  207.182.96.0/19

 

                                           static IP systems

                                         /

New ISP -> Cisco 7100 series -> switch <

                                         \ 

                                           SonicWall -> DHCP LAN

 

or                                                                                                                                                   

                                                                      static IP systems

                                                     /

New ISP -> Cisco 7100 series -> switch -> SonicWall <

                                                     \ 

                                                       DHCP LAN

 

 

The SonicWall is at end of life and I'm looking for a replacement.  It's doing its job of being a firewall and blocking and forwarding ports, etc.  But the service that does the reporting and content/site filtering has expired.  So I'm looking into a new model or something better.  Can the 7100 do the basic firewall stuff since it's a router?

 

Hello

 


@badassmexican wrote:

What we need now is to replace our old ISP with the new one that will allow us to use the IP's we own on systems in our LAN.  Systems that don't need a static IP could just use DHCP behind one IP for the whole network.  I'm not sure which of these two layouts would work best.

 

We want to be able to use all the IPs we own.

AS Number/Range:  6551

AS Handle:  AS6551
Net Range:  207.182.96.0 - 207.182.127.255
CIDR:  207.182.96.0/19

 


 

Not sure i understand the above ? -  Are you saying the above  /19 public ip address range has been allocated your company?
and you are wanting or running this address range internally on your lan devices?

Do you have a running config of your exiting router that this new router is going to replace.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Hi,

 

Correct, we have the /19 allocated to us.  We want to be able to use them.  Of course in the safest way possible to protect the LAN.  So they could be in a separate LAN that we remote into.  But we want it all behind this router if possible.

 

I do not have a running config of the router we're replacing.  But it doesn't do anything with our /19 range.  That ISP didn't offer the advertising or BGP feature.

 

On the new Router and ISP:

 

My DHCP IPs get on the internet no problem. 

 

I'm finally able to use IPs in the 207.182.100.0 range.  I couldn't get on the internet with any of the /19 IPs but I added this line to the config and it worked.

access-list 4 permit 207.182.100.0 0.0.0.255

 

I still don't see that IP when I do a Who AM I IP look up.  I get:

38.88.245.170

 

 

Here's my current running config:

Router#show running-config

Building configuration...

 

Current configuration : 3551 bytes

!

version 12.1

no service single-slot-reload-enable

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname Router

!

logging rate-limit console 10 except errors

!

ip subnet-zero

!

!

no ip finger

no ip domain-lookup

ip dhcp excluded-address 192.168.250.0 192.168.250.6

!

ip dhcp pool Main-DHCP

   network 192.168.250.0 255.255.255.0

   default-router 192.168.250.1

   dns-server 66.28.0.45

!

call rsvp-sync

!

!

!

!

!

!

!

!

interface FastEthernet0/0

description 700 S flower                                                 

ip address 207.182.100.1 255.255.255.0 secondary

ip address 207.182.97.4 255.255.255.0 secondary

ip address 207.182.96.18 255.255.255.240 secondary

ip address 207.182.96.34 255.255.255.240 secondary

ip address 207.182.96.61 255.255.255.240 secondary

ip address 207.182.96.7 255.255.255.240 secondary

ip address 207.182.98.1 255.255.255.0 secondary

ip address 192.168.250.1 255.255.255.0

ip nat inside

duplex auto

speed auto

!

interface FastEthernet0/1

description USCOLO-Uplink                                                

ip address 38.88.245.170 255.255.255.248

ip nat outside

duplex full

speed 100

!

interface Serial1/0

no ip address

shutdown

framing c-bit

cablelength 10

dsu bandwidth 44210

!

router bgp 6551

bgp log-neighbor-changes

network 207.182.96.0

network 207.182.97.0

network 207.182.98.0

network 207.182.99.0

network 207.182.100.0

network 207.182.104.0

network 207.182.105.0

neighbor 33.88.245.169 remote-as 174

!

ip nat inside source list 1 interface FastEthernet0/1 overload

ip nat inside source list 4 interface FastEthernet0/1 overload

ip classless

ip route 0.0.0.0 0.0.0.0 FastEthernet0/1

ip route 0.0.0.0 0.0.0.0 38.88.245.169

ip route 207.182.96.0 255.255.255.0 FastEthernet0/0

ip route 207.182.97.0 255.255.255.0 FastEthernet0/0

ip route 207.182.98.0 255.255.255.0 FastEthernet0/0

ip route 207.182.98.0 255.255.255.128 FastEthernet0/0

ip route 207.182.99.0 255.255.255.0 FastEthernet0/0

ip route 207.182.100.0 255.255.255.0 FastEthernet0/0

ip route 207.182.101.0 255.255.255.0 FastEthernet0/0

ip route 207.182.102.0 255.255.255.0 FastEthernet0/0

ip route 207.182.103.0 255.255.255.0 FastEthernet0/0

ip route 207.182.104.0 255.255.255.0 FastEthernet0/0

ip route 207.182.105.0 255.255.255.0 FastEthernet0/0

no ip http server

!

!

ip prefix-list USCOLO_out seq 10 permit 207.182.96.0/24

ip prefix-list USCOLO_out seq 11 permit 207.182.96.0/19

ip prefix-list USCOLO_out seq 20 permit 207.182.97.0/24

ip prefix-list USCOLO_out seq 30 permit 207.182.98.0/24

ip prefix-list USCOLO_out seq 40 permit 207.182.99.0/24

ip prefix-list USCOLO_out seq 41 permit 207.182.100.0/24

ip prefix-list USCOLO_out seq 42 permit 207.182.104.0/24

ip prefix-list USCOLO_out seq 45 permit 207.182.105.0/24

ip prefix-list USCOLO_out seq 99 deny 0.0.0.0/0

!

ip prefix-list default seq 5 permit 0.0.0.0/0

logging facility local0

logging source-interface FastEthernet0/0

access-list 1 permit 192.168.250.0 0.0.0.255

access-list 4 permit 207.182.105.0

access-list 4 permit 207.182.104.0

access-list 4 permit 207.182.97.0

access-list 4 permit 207.182.96.0

access-list 4 permit 207.182.99.0

access-list 4 permit 207.182.98.0

access-list 4 permit 207.182.100.0

access-list 4 permit 207.182.100.0 0.0.0.255

route-map USCOLO permit 10

match as-path 1

set local-preference 103

!

route-map USCOLO_out permit 10

match ip address prefix-list USCOLO_out

!

!

!

line con 0

transport input none

line aux 0

line vty 0 4

login

line vty 5 15

login

!

end

I hope I'm using the right terminology.  I am very new to this.  Basically I just want to be able to assign a static IP to a machine and have that IP be visible to the world.

 

 

Hello

Not to worry , I think I am not asking the right questions , as I am still a a bit confused, If i have this correct your present situation is this:

You have an existing network up and running on a router you dont have access to via the old ISP which you are wanting to discontinue using.

 
You also have another router with old configuration on it that you are trying to connect to the new ISP to include the network ip range and bgp ASN details you posted previously.

 

Now this ip range, it seems a lot of public ip address (8000 in fact) to be assigned just to one company so I am wondering if this is just the ISP's network that they are adverting and not what you have actually been allocated?

 

 

 

 

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Hi Paul,

 

Thanks for helping me figure this out.  You do have our present situation correct.  We want to get rid of the old ISP and their router and use the new ISP with the second router that has old configuration.  I'm not really sure if it was configured correctly originally.   We probably don't need the subnetted 207.182.96.xxx networks.  Unless there is some benefit to that.

 

We do own all those IPs.  I log into the ARIN site with our credentials and I get that info straight from them.  Since we own them we want to figure out how to use them when needed.  I'm sure we'll only be using a few at a time and not all of them.

 

I've been trying to figure it out and now I can get internet through DHCP and use the IPs in the ranges of the IPs on my f0/0 port.  I noticed I can use the IPs assigned to f0/0 as gateways as well as the gateway provided by the ISP.  They both seem to work to get me online when I use the IPs we own.   But these IPs are only visible behind the router.  I see the ISP provided IP when I do a "Who Am I" look up instead of the static IP I set on the client.   I was hoping a 1-to-1 nat for our ARIN assigned subnet would get the IPs visible to the outside but I just started trying to figure that out.

 

 

 

 

Hellosh 

Okay ,  Can you post the following please:

 

sh ip bgp summary
sh ip route bgp

sh ip route
sh ip int brief.

 

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Unfortunately I don't have access to the router today.  I'll get that info when I'm back at the office tomorrow.

 

I do have the current running config though.

 

Router#show running-config
Building configuration...

Current configuration : 3551 bytes
!
version 12.1
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router
!
logging rate-limit console 10 except errors
!
ip subnet-zero
!
!
no ip finger
no ip domain-lookup
ip dhcp excluded-address 192.168.250.0 192.168.250.6
!
ip dhcp pool Main-DHCP
network 192.168.250.0 255.255.255.0
default-router 192.168.250.1
dns-server 66.28.0.45
!
call rsvp-sync
!
!
!
!
!
!
!
!
interface FastEthernet0/0
description 700 S flower
ip address 207.182.100.1 255.255.255.0 secondary
ip address 207.182.97.4 255.255.255.0 secondary
ip address 207.182.96.18 255.255.255.240 secondary
ip address 207.182.96.34 255.255.255.240 secondary
ip address 207.182.96.61 255.255.255.240 secondary
ip address 207.182.96.7 255.255.255.240 secondary
ip address 207.182.98.1 255.255.255.0 secondary
ip address 192.168.250.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface FastEthernet0/1
description USCOLO-Uplink
ip address 38.88.245.170 255.255.255.248
ip nat outside
duplex full
speed 100
!
interface Serial1/0
no ip address
shutdown
framing c-bit
cablelength 10
dsu bandwidth 44210
!
router bgp 6551
bgp log-neighbor-changes
network 207.182.96.0
network 207.182.97.0
network 207.182.98.0
network 207.182.99.0
network 207.182.100.0
network 207.182.104.0
network 207.182.105.0
neighbor 33.88.245.169 remote-as 174
!
ip nat inside source list 1 interface FastEthernet0/1 overload
ip nat inside source list 4 interface FastEthernet0/1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1
ip route 0.0.0.0 0.0.0.0 38.88.245.169
ip route 207.182.96.0 255.255.255.0 FastEthernet0/0
ip route 207.182.97.0 255.255.255.0 FastEthernet0/0
ip route 207.182.98.0 255.255.255.0 FastEthernet0/0
ip route 207.182.98.0 255.255.255.128 FastEthernet0/0
ip route 207.182.99.0 255.255.255.0 FastEthernet0/0
ip route 207.182.100.0 255.255.255.0 FastEthernet0/0
ip route 207.182.101.0 255.255.255.0 FastEthernet0/0
ip route 207.182.102.0 255.255.255.0 FastEthernet0/0
ip route 207.182.103.0 255.255.255.0 FastEthernet0/0
ip route 207.182.104.0 255.255.255.0 FastEthernet0/0
ip route 207.182.105.0 255.255.255.0 FastEthernet0/0
no ip http server
!
!
ip prefix-list USCOLO_out seq 10 permit 207.182.96.0/24
ip prefix-list USCOLO_out seq 11 permit 207.182.96.0/19
ip prefix-list USCOLO_out seq 20 permit 207.182.97.0/24
ip prefix-list USCOLO_out seq 30 permit 207.182.98.0/24
ip prefix-list USCOLO_out seq 40 permit 207.182.99.0/24
ip prefix-list USCOLO_out seq 41 permit 207.182.100.0/24
ip prefix-list USCOLO_out seq 42 permit 207.182.104.0/24
ip prefix-list USCOLO_out seq 45 permit 207.182.105.0/24
ip prefix-list USCOLO_out seq 99 deny 0.0.0.0/0
!
ip prefix-list default seq 5 permit 0.0.0.0/0
logging facility local0
logging source-interface FastEthernet0/0
access-list 1 permit 192.168.250.0 0.0.0.255
access-list 4 permit 207.182.105.0
access-list 4 permit 207.182.104.0
access-list 4 permit 207.182.97.0
access-list 4 permit 207.182.96.0
access-list 4 permit 207.182.99.0
access-list 4 permit 207.182.98.0
access-list 4 permit 207.182.100.0
access-list 4 permit 207.182.100.0 0.0.0.255
route-map USCOLO permit 10
match as-path 1
set local-preference 103
!
route-map USCOLO_out permit 10
match ip address prefix-list USCOLO_out
!
!
!
line con 0
transport input none
line aux 0
line vty 0 4
login
line vty 5 15
login
!
end

 

 

Hello

Attached is a basic configuration to obtain bgp peering with your isp and to allow Network Address Translation with a /24 ip range from your public address allocation. NAT will match each individual internal ip address via it host portion (inside local) with a individual public ip address(inside global) host portion:

 

Example:
192.168.250.2 <-->  207.182.96.2
192.168.250.3 <-->  207.182.96.3
etc..

Also applied is some IOS security just incase you would like to implement it as you didn't mention any existence of any FW in your topology.

 

I have made the assumption you are receiving a default route from you ISP via bgp and as such filtered ingress on that default.

 

If you are experiencing any connection issue with the IOS security( cbac/acl) please remove the ACLs  from your wan interface and change accordingly.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Hi Paul, Here's what those commands returned before applying your recommended settings. I'm doing that next.

 

Router#sh ip bgp summary 
BGP router identifier 192.168.250.1, local AS number 6551
BGP table version is 18, main routing table version 18
7 network entries and 7 paths using 931 bytes of memory
1 BGP path attribute entries using 60 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP activity 8/1 prefixes, 12/5 paths, scan interval 15 secs

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
33.88.245.169 4 174 0 0 0 0 0 never Idle


Router#sh ip route bgp

Router#


Router#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

S 207.182.101.0/24 is directly connected, FastEthernet0/0
C 207.182.100.0/24 is directly connected, FastEthernet0/0
S 207.182.103.0/24 is directly connected, FastEthernet0/0
S 207.182.102.0/24 is directly connected, FastEthernet0/0
C 207.182.97.0/24 is directly connected, FastEthernet0/0
38.0.0.0/29 is subnetted, 1 subnets
C 38.88.245.168 is directly connected, FastEthernet0/1
207.182.96.0/24 is variably subnetted, 5 subnets, 2 masks
C 207.182.96.16/28 is directly connected, FastEthernet0/0
C 207.182.96.0/28 is directly connected, FastEthernet0/0
S 207.182.96.0/24 is directly connected, FastEthernet0/0
C 207.182.96.48/28 is directly connected, FastEthernet0/0
C 207.182.96.32/28 is directly connected, FastEthernet0/0
S 207.182.99.0/24 is directly connected, FastEthernet0/0
207.182.98.0/24 is variably subnetted, 2 subnets, 2 masks
S 207.182.98.0/25 is directly connected, FastEthernet0/0
C 207.182.98.0/24 is directly connected, FastEthernet0/0
C 192.168.250.0/24 is directly connected, FastEthernet0/0
S 207.182.105.0/24 is directly connected, FastEthernet0/0
S 207.182.104.0/24 is directly connected, FastEthernet0/0
S* 0.0.0.0/0 is directly connected, FastEthernet0/1
is directly connected

Router#

Router#sh ip int brief
Interface IP-Address OK? Method Status Protol
FastEthernet0/0 192.168.250.1 YES NVRAM up up
FastEthernet0/1 38.88.245.170 YES NVRAM up up
Serial1/0 unassigned YES NVRAM administratively down down

 

Hi Paul,

 

I seem to be missing some of the commands.  Could it be my router os is too old?  These commands gave me issues:

 

*security authentication failure rate 10 log
*security passwords min-length 6
(Security wasn't available)

*login block-for 10 attempts 2 within 5
(login command not available)

*no ipv6 cef
(no ipv6)

*no cdp log mismatch duplex
(no log only advertise-v2, holdtime, timer and run)

*no ip http secure-server
(no secure-server only access-class, authentication, path, port, server)

*crypto key generate rsa label LOCAL general-keys modulus 2048
(no crypto)

*ip ssh version 2
*ip ssh authentication-retries 3
(no ssh)

*ip inspect audit-trail
*ip inspect udp idle-time 1800
*ip inspect dns-timeout 7
*ip inspect tcp idle-time 14400
*ip inspect name CBAC ftp timeout 3600
*ip inspect name CBAC http timeout 3600
*ip inspect name CBAC rcmd timeout 3600
*ip inspect name CBAC realaudio timeout 3600
*ip inspect name CBAC smtp timeout 3600
*ip inspect name CBAC tftp timeout 30
*ip inspect name CBAC udp timeout 15
*ip inspect name CBAC tcp timeout 3600
(no inspect)

*ip inspect CBAC out
(no inspect in f0/1)

*ip nat inside source route-map LAN pool LAN-POOL reversible
(no reversible, only overload or <cr> so I tried it)

*transport input ssh
(no ssh only all, none, pad, telnet, v120)

 

Here's what I was able to add of the config file:

 

 

Router#show running-config 
Building configuration...

Current configuration : 2347 bytes
!
version 12.1
no service single-slot-reload-enable
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname Router
!
logging rate-limit console 10 except errors
logging console critical
aaa new-model
aaa authentication login LOCAL local
aaa authorization console
!
ip subnet-zero
no ip source-route
no ip gratuitous-arps
no ip icmp rate-limit unreachable
ip cef
!
!
no ip finger
ip tcp synwait-time 5
no ip domain-lookup
!
no ip bootp server
call rsvp-sync
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 192.168.250.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
description USCOLO-Uplink
ip address 33.88.245.170 255.255.255.248
ip access-group cbac in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
shutdown
duplex auto
speed auto
!
interface Serial1/0
no ip address
shutdown
framing c-bit
cablelength 10
dsu bandwidth 44210
!
router bgp 6551
no synchronization
bgp log-neighbor-changes
neighbor 33.88.245.169 remote-as 174
neighbor 33.88.245.169 route-map allowdefault in
neighbor 33.88.245.169 filter-list 5 out
no auto-summary
!
ip nat pool LAN-POOL 207.182.96.1 207.182.96.254 prefix-length 24 type match-host
ip nat inside source route-map LAN pool LAN-POOL overload
ip classless
no ip http server
ip as-path access-list 5 permit ^$
!
!
ip prefix-list 1 seq 5 permit 0.0.0.0/0
!
ip access-list extended cbac
permit icmp any any echo-reply
permit tcp any any eq bgp
permit udp any any eq bootpc
permit udp any any eq snmp
permit tcp any any established
deny ip any any
logging trap debugging
logging facility local2
access-list 10 permit 192.168.250.0 0.0.0.255
no cdp run
route-map allowdefault permit 10
match ip address prefix-list 1
!
route-map LAN permit 10
match ip address 10
!
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
login authentication LOCAL
transport input none
line aux 0
privilege level 15
logging synchronous
login authentication LOCAL
transport output telnet
line vty 0 4
login authentication LOCAL
transport input none
line vty 5 15
!
end

secret 

*username commsadmin privilege 15 secret

Hello

Yes most probably down to ios restriction in any case

 

interface FastEthernet0/0
no shutdown

interface FastEthernet0/1
no ip access-group cbac in
no shutdown


Then test....


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

I fixed the silly mistakes I had on my ports.  I don't seem to have the "reverse" option on my nat rules.  Would that be causing me not being able to ping my gateway?

interface FastEthernet0/0

ip address 192.168.250.1 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

duplex auto

speed auto

!

interface FastEthernet0/1

description USCOLO-Uplink

ip address 33.88.245.170 255.255.255.248

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat outside

duplex full

speed 100

!



Router#show running-config

Building configuration...

 

Current configuration : 2307 bytes

!

version 12.1

no service single-slot-reload-enable

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

service password-encryption

service sequence-numbers

!

hostname Router

!

logging rate-limit console 10 except errors

logging console critical

aaa new-model

aaa authentication login LOCAL local

aaa authorization console

!

ip subnet-zero

no ip source-route

no ip gratuitous-arps

no ip icmp rate-limit unreachable

ip cef

!

!

no ip finger

ip tcp synwait-time 5

no ip domain-lookup

!

no ip bootp server

call rsvp-sync

!

!

!

!

!

!

!

!

interface FastEthernet0/0

ip address 192.168.250.1 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

duplex auto

speed auto

!

interface FastEthernet0/1

description USCOLO-Uplink

ip address 33.88.245.170 255.255.255.248

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat outside

duplex full

speed 100

!

interface Serial1/0

no ip address

shutdown

framing c-bit

cablelength 10

dsu bandwidth 44210

!

router bgp 6551

no synchronization

bgp log-neighbor-changes

neighbor 33.88.245.169 remote-as 174

neighbor 33.88.245.169 route-map allowdefault in

neighbor 33.88.245.169 filter-list 5 out

no auto-summary

!

ip nat pool LAN-POOL 207.182.96.1 207.182.96.254 prefix-length 24 type match-host

ip nat inside source list 10 interface FastEthernet0/1 overload

ip classless

no ip http server

ip as-path access-list 5 permit ^$

!

!

ip prefix-list 1 seq 5 permit 0.0.0.0/0

!

ip access-list extended cbac

permit icmp any any echo-reply

permit tcp any any eq bgp

permit udp any any eq bootpc

permit udp any any eq snmp

permit tcp any any established

deny   ip any any

logging trap debugging

logging facility local2

access-list 10 permit 192.168.250.0 0.0.0.255

no cdp run

route-map allowdefault permit 10

match ip address prefix-list 1

!

route-map LAN permit 10

match ip address 10

!

!

!

line con 0

exec-timeout 0 0

privilege level 15

logging synchronous

login authentication LOCAL

transport input none

line aux 0

privilege level 15

logging synchronous

login authentication LOCAL

transport output telnet

line vty 0 4

login authentication LOCAL

transport input none

line vty 5 15

!

end



Hello


@badassmexican wrote:

I fixed the silly mistakes I had on my ports.  I don't seem to have the "reverse" option on my nat rules.  Would that be causing me not being able to ping my gateway?


 

No it should not negate pinging you gateway, however as I stated i assumed you are receiving a default route from your ISP 33.88.245.169

Can you post:
sh ip route
sh ip bgp sum

 

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: