No NAT on the ASR. Routing table shows the old route with the default route going to the ISP. It also shows the new IPs directly connected. However if I'm on that new subnet I can reach my old subnet and vice versa but unable to get out to the internet.

@mattmayer 

A traceroute from that 1001-X with IP source one of the new IP public, next-hop is your ISP ?

This is the weird part... when I go from the new subnet to say 8.8.8.8 it dies from the start, but when I send a trace route to an IP on the old subnet it hops to the ASR and continues on just fine.

Hi Richard,

I'll attach a pic to hopefully clear things up a little bit more. IPs have been changed to protect the innocent. As for NAT translation that is done by an ASA firewall that sits off the first subnet.

Matt

Thanks for the diagram, which is helpful. Am I correct in understanding that the mask for the G0/0/0 is /30. If not what is it?

Also am I correct in understanding that originally the ISP gave you 2 Public address blocks (a /30 as a transit subnet and a /29 for use by devices in your internal network)? And correct in understanding that the same ISP has now given you a second /29 of Public IPs? If not what is correct?

Also, do you have devices connected in subnet B using the new IP addresses? If so does their default gateway point to the address of G0/0/4?

Also are there any security policies, acls, etc on G0/0/0 checking traffic coming in from the Internet?

Richard,

Correct, the mask for Gi0/0/0 is a /30 and correct the /30 for transit and the /29 for my devices. And also correct I have a new /29 from the ISP.

I do have a device on the new subnet and the default gateway is the IP from gi0/0/4. I can route internally from that subnet to the old subnet but not out to the internet.

No security policies in place

Matt

Matt
Thanks for confirming my understanding of the environment. To investigate this please do these steps and let us know the result on the ASR (either console, or telnet/SSH):
- attempt to ping 8.8.8.8 specifying the source as the address on G0/0/1
- attempt to ping 8.8.8.8 specifying the source as the address on G0/0/4
Also would you post the config of G0/0/0?

Rick.

Here you go:

ASR-01#ping 8.8.8.8 source x.x.13.17
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
Packet sent with a source address of x.x.13.17
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 3/3/4 ms

ASR-01#ping 8.8.8.8 source x.x.79.50
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
Packet sent with a source address of x.x.79.50
.....
Success rate is 0 percent (0/5)

!
interface GigabitEthernet0/0/0
description ISP1
bandwidth 100000
ip address 74.33.13.26 255.255.255.252
load-interval 30
negotiation auto

Matt

Matt

Thanks for trying what I suggested. As I suspected might be the case it shows that your ISP is not routing for the new block of addresses. Just checking assumptions: the new block of Public IP is from the same ISP as your first block?

Assuming that both address blocks are from the same ISP I suggest that you ask the ISP for help in finding why the new block is not working.

That not correct, it not issue of ISP.

This case not clear until now 

I check your supernet it different 

So you can use as @paul driver mentioned secondary IP under interface connect to ISP after you remove IP from other interface

Which lead us to second point 

*****Rourer can not accept same subnet in two interfaces so old subner As I see in two interfaces and the only explain is you use BDI, are you use BDI? *****

MHM

MHM

Are you saying that when ping specifying one source is successful and ping to same destination specifying a different source is not an issue of ISP? What do you think the issue is? 

Yes the supernet is different. The new address block can be used only in one place. It could be used as secondary address on an interface that has some other subnet as primary, or it could be primary on its own subnet. But the issue in the earlier post appears to be that he was trying to do both.