03-10-2018 07:10 PM - edited 03-08-2019 02:12 PM
Hi Team,
This is all for the purpose of SIP connectivity so am assuming that you do need to be able to have ping established connection for SIP to progress too
Unfortunately I have lost access to my ISP's router of 220.233.1.203
My set up is this
ISP router 192.168.20.1
Cisco 2691 MPS router 192.168.20.2 via FA0/0 to port 3 on router
This is a double NAT environment but have added 192.168.20.2 IP to the DMZ in the Firewall
Below is the current routing table
CiscoCurious#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
C 192.168.30.0/24 is directly connected, FastEthernet0/0
C 192.168.11.0/24 is directly connected, FastEthernet0/1.1
C 192.168.20.0/24 is directly connected, FastEthernet0/1.10
CiscoCurious#
Some commands I have run are...
CiscoCurious(config)#ip route 203.1.233.220 255.255.255.0 192.168.20.2
%Inconsistent address and mask
CiscoCurious(config)#ip route 203.1.233.220 255.255.255.0 192.168.20.1
%Inconsistent address and mask
CiscoCurious(config)#
CiscoCurious(config)#ip route 203.1.233.220 255.255.255.0 FA0/0
%Inconsistent address and mask
CiscoCurious(config)#
CiscoCurious(config)#ip route 203.1.233.220 255.255.255.0 FA0/0 permanent
%Inconsistent address and mask
CiscoCurious(config)#
The last one resulted in this change
"Gateway of last resort is 0.0.0.0 to network 0.0.0.0"
C 192.168.30.0/24 is directly connected, FastEthernet0/0
C 192.168.11.0/24 is directly connected, FastEthernet0/1.1
C 192.168.20.0/24 is directly connected, FastEthernet0/1.10
And this "S* 0.0.0.0/0 is directly connected, FastEthernet0/0"
CiscoCurious#
I had thought that ip route destination ip, mask, 192.168.20.1 would have sufficed considering 192.168.20.2 (my cisco router) is already in the ISP router firewall on my side unless I need to use next hop?
Thanks again. If this doesn't make sense, let me know and will assist further
Solved! Go to Solution.
03-11-2018 04:55 AM
Hi Deepak,
I cant see anything in the acl either as below shows..
CiscoCurious#show ip access-lists
Standard IP access list 10
10 permit 192.168.20.0, wildcard bits 0.0.0.255
CiscoCurious#
CiscoCurious#ping 192.168.20.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.20.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
CiscoCurious#traceroute 192.168.20.1
Type escape sequence to abort.
Tracing the route to 192.168.20.1
1 192.168.20.1 0 msec 0 msec *
CiscoCurious#
The ip address for the FA0/0 Link to ISP modem is 192.168.30.2
But the ACL is....
10 permit "192.168.20.0", wildcard bits 0.0.0.255
As the 30 is a different subnet to 20, wouldn't I have to create/modify ACL for this?
03-11-2018 08:08 AM
Hi,
Some missing configuration on "CiscoCurious"
Q1. Where is IP NAT Inside"?
Please give IP nat Inside command under the required interface as "FastEthernet0/1.10"
Q.2 ISP connected Interface is "FastEthernet 0/0" then where is route?
Ans: IP route 0.0.0.0 0.0.0.0 192.168.30.1 <ISP modem IP>
Q3 Why two more default routes?
Ans: Remove the ip route 0.0.0.0 0.0.0.0 192.168.10.2 & ip route 0.0.0.0 0.0.0.0 203.1.233.220
add some spefic static route:
IP route 192.168.15.0 255.255.255.0 192.168.20.2
IP route 192.168.10.0 255.255.255.0 192.168.20.2
Make those changes and update me.
Regards,
Deepak Kumar
03-12-2018 05:11 AM
03-12-2018 05:34 AM
03-12-2018 04:03 PM
Hi Deepak,
Thanks again. Will update further tonight. Lots of learning.. :)
03-13-2018 04:10 AM
03-13-2018 06:26 AM
03-14-2018 05:45 PM
Hi Deepak,
Thanks for your help so far. Much appreciated. I have chatted to my ISP re this issue and all route updates we have done and no connection yet to them.
They have asked me to submit a request for assistance to get this connected. So I will leave this open for time being if your OK with that. Let me know.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: