cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1475
Views
3
Helpful
6
Replies

wan routing issue

I have 2 routers and 1 MLS. I have configured..

Router A is  internet router and its address is 2.2.2.2

router B as follows

ip cef

controller T1 0/0

framing esf

crc-threshold 1

linecode b8zs

channel-group 0 timeslots 1-32 speed 56

interface FastEthernet0/0

description ANH OLD LAN

ip address 172.18.100.10 255.255.255.0

speed 10

full-duplex

!

interface Serial0/0:0

description MPLS connection

ip address A.B.C.F  255.255.255.252

encapsulation ppp

!

interface FastEthernet0/1

description LAN Public IP

ip address 2.2.2.3.255.255.240

speed auto

full-duplex

router bgp 64513

no synchronization

bgp log-neighbor-changes

network X.X.X>X mask 255.255.255.240

redistribute connected

redistribute static

neighbor Y.T.R.R remote-as 65512

no auto-summary

no ip http server

ip classless

ip route 0.0.0.0 0.0.0.0 2.2.2.2

ip route 172.18.0.0 255.255.0.0 FastEthernet0/0

MLS as follows

mls flow ip destination

mls flow ipx destination

spanning-tree mode pvst

interface Vlan1

ip address 172.18.100.11 255.255.255.0

ip helper-address 172.18.100.1

!

interface Vlan2

description Wireless

ip address 172.18.101.11 255.255.255.0

ip helper-address 172.18.100.1

!

interface Vlan200

ip address 192.168.5.1  255.255.255.0

!

ip classless

ip route 0.0.0.0 0.0.0.0 172.18.100.10

ip route 172.16.0.0 255.255.0.0 172.18.100.10

no ip http server

Router A's fa 0 interface and router B's  FastEthernet0/1 connected together via a switch.

router B's

interface FastEthernet0/0 and MLS switch connected as default vlan.

router B learn all the routes via BGP

my clients default gateway is 172.18.100.11.

I can access internet with internet router. and also I can ping to fa0/1 of router B via client PC. But only thing is I cannot access/ping  internet.

My question is why I cannot access internet with these configurations??

Quick reply highly appreciated.

Thank you

Chamara

1 Accepted Solution

Accepted Solutions

shamax_1983
Level 3
Level 3

Hello Chamara,

You should have NAT setup for your Clients' internal subnet so it gets a public IP as it leaves your infrastructure.

When you try to ping Internet, the packet should have a routable (public) IP address.

In your case, as long as you ping your own infrastructure ( which you already have routes back for the private IP range you configured for your client ( 172.16.0.0 255.255.0.0 )) it will know how to get back.

But once it leaves your infrastructure and enters the Internet ( your ISP ) it will get dropped because Internet would not accept private IP addresses (RFC1918) as source addresses.

You can resolve this buy configuring NAT for your client's IP range on Router B

Let me know if you have more questions on this.

Also, please don't forget to rate/mark helpful answers.

Shamal

View solution in original post

6 Replies 6

cadet alain
VIP Alumni
VIP Alumni

Hi,

Can you ping f0/0 of Router A  from Router B  ? what gives a traceroute to 8.8.8.8 from the pc client ?

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

I cannot access the internet router (Roouter A). But I can ping router B to roouter A fa0/0.  I can ping clients from the router B too. 

Even I cannot trace route from MLS (switch ) too. it just showing stars...

Thank you

Regards

Chamara

milan.kulik
Level 10
Level 10

Hi,

you might have forgotten to configure NAT for your clients using private IP addresses?

HTH,

Milan

shamax_1983
Level 3
Level 3

Hello Chamara,

You should have NAT setup for your Clients' internal subnet so it gets a public IP as it leaves your infrastructure.

When you try to ping Internet, the packet should have a routable (public) IP address.

In your case, as long as you ping your own infrastructure ( which you already have routes back for the private IP range you configured for your client ( 172.16.0.0 255.255.0.0 )) it will know how to get back.

But once it leaves your infrastructure and enters the Internet ( your ISP ) it will get dropped because Internet would not accept private IP addresses (RFC1918) as source addresses.

You can resolve this buy configuring NAT for your client's IP range on Router B

Let me know if you have more questions on this.

Also, please don't forget to rate/mark helpful answers.

Shamal

Damn.. I really forgot that.. Thank you so much Shamal and Milan.  much appreciated.

Review Cisco Networking for a $25 gift card