Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
372
Views
0
Helpful
2
Replies

Unable to ping lab network

browndonte123
Level 1
Level 1

‎06-16-2025 06:10 PM

Hello.

I am trying to configure a lab router for a physical network lab. I created a peer network for my home router and lab router to communicate with and share routes via OSPF. I also enabled NAT on the lab router for it to access the internet. 

 

However, I'm having a problem getting two-way communication. My lab router and anything behind it can ping the home router and the internet but my home router can't ping anything behind the lab router. I've ran Wireshark and can confirm any packet to the Lab Router is making it there (with ICMP requests/reply) but I keep getting " Connection Timed Out"

I'm not sure if it's either a routing issue or a ACL issue. 

I have provided my lab router configuration and a diagram for better understanding.

Any help is appreciated!

Labels:
Preview file
3 KB
Preview file
24 KB
Preview file
67 KB
0 Helpful
2 Replies 2

Martin L
VIP
VIP

‎06-17-2025 12:28 AM - edited ‎06-17-2025 12:31 AM

what is ur home router devce? i guess non-cisco cable/dsl router. if so, then yes, it's blocking traffic goint to PC. u could try by adding static route (direct one for testing with /32) if home router allows to do so.  also, turn on debug icmp on lab router to see what and which directions is going/doing.  another issue could be double NAT translations; usually it is goal of home router to do NAT not the lab router. why does lab router do  NAT ?  can lab router ping switch and PC ?

Regards, ML
**Have fun labbing!!!***
***Please Rate All Helpful Responses ***

0 Helpful

browndonte123
Level 1
Level 1
In response to Martin L

‎06-17-2025 04:18 AM - edited ‎06-17-2025 04:23 AM

My home router is a OPNSense firewall, I didn't quite include that info as I thought it would be outside the scope of this forum. 

I could give that a try and get back to you with the results.

Im not sure if I'm overcomplicating (and I suck at explaining) this but the reason why Im using NAT is because of my OPNSENSE firewall. I am trying to have a physical lab, Lab-Router (which is physical switches/routers, etc) and a virtual lab (under the 10.10.20.0 net that host ESXI,GNS3, etc) and I want these two to communicate with each other using a dynamic routing protocol for me to practice routing between two "point to point routers" if you get what I mean. Anyways the problem is, say I add a new SVI on my physical L3 switch (Lab-Switch), any traffic coming from that destined for my virtual lab or the Internet would need a firewall policy to allow that specific network anywhere and to prevent it from accessing my other nets 10-net and 30-net. So I use NAT as a way to only need one firewall policy to control what the outbound router interface (10.1.1.2) has access to.

And yes, Lab-Router can ping Lab-Switch and the PC behind it

0 Helpful
Customers Also Viewed These Support Documents