03-10-2018 07:10 PM - edited 03-08-2019 02:12 PM
Hi Team,
This is all for the purpose of SIP connectivity so am assuming that you do need to be able to have ping established connection for SIP to progress too
Unfortunately I have lost access to my ISP's router of 220.233.1.203
My set up is this
ISP router 192.168.20.1
Cisco 2691 MPS router 192.168.20.2 via FA0/0 to port 3 on router
This is a double NAT environment but have added 192.168.20.2 IP to the DMZ in the Firewall
Below is the current routing table
CiscoCurious#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
C 192.168.30.0/24 is directly connected, FastEthernet0/0
C 192.168.11.0/24 is directly connected, FastEthernet0/1.1
C 192.168.20.0/24 is directly connected, FastEthernet0/1.10
CiscoCurious#
Some commands I have run are...
CiscoCurious(config)#ip route 203.1.233.220 255.255.255.0 192.168.20.2
%Inconsistent address and mask
CiscoCurious(config)#ip route 203.1.233.220 255.255.255.0 192.168.20.1
%Inconsistent address and mask
CiscoCurious(config)#
CiscoCurious(config)#ip route 203.1.233.220 255.255.255.0 FA0/0
%Inconsistent address and mask
CiscoCurious(config)#
CiscoCurious(config)#ip route 203.1.233.220 255.255.255.0 FA0/0 permanent
%Inconsistent address and mask
CiscoCurious(config)#
The last one resulted in this change
"Gateway of last resort is 0.0.0.0 to network 0.0.0.0"
C 192.168.30.0/24 is directly connected, FastEthernet0/0
C 192.168.11.0/24 is directly connected, FastEthernet0/1.1
C 192.168.20.0/24 is directly connected, FastEthernet0/1.10
And this "S* 0.0.0.0/0 is directly connected, FastEthernet0/0"
CiscoCurious#
I had thought that ip route destination ip, mask, 192.168.20.1 would have sufficed considering 192.168.20.2 (my cisco router) is already in the ISP router firewall on my side unless I need to use next hop?
Thanks again. If this doesn't make sense, let me know and will assist further
Solved! Go to Solution.
03-11-2018 04:55 AM
Hi Deepak,
I cant see anything in the acl either as below shows..
CiscoCurious#show ip access-lists
Standard IP access list 10
10 permit 192.168.20.0, wildcard bits 0.0.0.255
CiscoCurious#
CiscoCurious#ping 192.168.20.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.20.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
CiscoCurious#traceroute 192.168.20.1
Type escape sequence to abort.
Tracing the route to 192.168.20.1
1 192.168.20.1 0 msec 0 msec *
CiscoCurious#
The ip address for the FA0/0 Link to ISP modem is 192.168.30.2
But the ACL is....
10 permit "192.168.20.0", wildcard bits 0.0.0.255
As the 30 is a different subnet to 20, wouldn't I have to create/modify ACL for this?
03-11-2018 08:08 AM
Hi,
Some missing configuration on "CiscoCurious"
Q1. Where is IP NAT Inside"?
Please give IP nat Inside command under the required interface as "FastEthernet0/1.10"
Q.2 ISP connected Interface is "FastEthernet 0/0" then where is route?
Ans: IP route 0.0.0.0 0.0.0.0 192.168.30.1 <ISP modem IP>
Q3 Why two more default routes?
Ans: Remove the ip route 0.0.0.0 0.0.0.0 192.168.10.2 & ip route 0.0.0.0 0.0.0.0 203.1.233.220
add some spefic static route:
IP route 192.168.15.0 255.255.255.0 192.168.20.2
IP route 192.168.10.0 255.255.255.0 192.168.20.2
Make those changes and update me.
Regards,
Deepak Kumar
03-12-2018 05:11 AM
03-12-2018 05:34 AM
03-12-2018 04:03 PM
Hi Deepak,
Thanks again. Will update further tonight. Lots of learning.. :)
03-13-2018 04:10 AM
03-13-2018 06:26 AM
03-14-2018 05:45 PM
Hi Deepak,
Thanks for your help so far. Much appreciated. I have chatted to my ISP re this issue and all route updates we have done and no connection yet to them.
They have asked me to submit a request for assistance to get this connected. So I will leave this open for time being if your OK with that. Let me know.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide