Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1244
Views
0
Helpful
9
Replies

Cannot ping after giving natting also.

Go to solution
deypuchka
Level 1
Level 1

‎08-01-2022 01:27 AM - edited ‎08-01-2022 01:33 AM


Hello guys,

I have this configuration where my core switch (multilayer switch)is both doing routing and switching process.
My configurations which I have mention in the picture is all working, I can ping to the ISP Router (192.168.1.1)
but i cannot ping to the core switch (192.168.1.2) from the Remote Office. My ISP Router also can ping to 192.168.1.2.
Can someone please give solution where did i make a mistake out here. And if you want the configuration of the ISP router I do not have any except the default route.

ISP Router - ip route 0.0.0.0 0.0.0.0 192.168.1.2

pppppppppp.jpg

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to MHM Cisco World

‎08-07-2022 02:21 PM

There are several things in this post that are not clear. It suggests that NAT is configured on the core switch. What kind of switch is this core switch? There are very few switches that support NAT. I am also puzzled by references to interface s2/1. What kind of interface is this?

I am also not clear about the diagram which does show 2 lines from the remote office (one to ISP router and one to core switch). Are these really 2 separate paths from the remote office? Or is it just suggesting communication from the remote office to both devices with the path from remote office to the core switch going through the ISP router?

Despite not knowing these things I do have a guess at what the problem is. The diagram shows a dynamic NAT set up to translate inside address going to outside. And the dynamic NAT would allow responses from outside to the inside device. But the dynamic NAT does not allow traffic originated from the outside device to an inside device. So when the remote office attempts to ping the core switch it is outside to inside and the NAT does not work for that.

HTH

Rick

View solution in original post

0 Helpful
9 Replies 9

Go to solution
Georg Pauwen
VIP
VIP

‎08-01-2022 02:18 AM

Hello,

what is the Remote Office, a router ? Post the full running configs of the core switch, as well as the device that is running at the Remote Office.

0 Helpful

Go to solution
deypuchka
Level 1
Level 1
In response to Georg Pauwen

‎08-05-2022 10:35 PM - edited ‎08-05-2022 10:36 PM

Yes and it runs with ip 172.16.1.1

0 Helpful

Go to solution
paul driver
VIP
VIP

‎08-07-2022 02:58 AM

Hello

@deypuchka wrote:

Hello guys,

ISP Router - ip route 0.0.0.0 0.0.0.0 192.168.1.2

 

In your diagram you show the core switch with a default static route pointing to the ISP rtr and then in your post you show a default static route pointing to the core switch!

The isp rtr should not have a default route pointing to the core switch if any it should be pointing egress towards the ISP network, plus what type of core switch are you running that supports NAT?


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Go to solution
MHM Cisco World
VIP
VIP

‎08-07-2022 03:39 AM

this issue is from 
1- asymmetric routing the remote send traffic to Core and Core reply via ISP 
2- the NAT where even when asymmetric routing the ping success unless you config NAT in one way which make the source/destination of packet NATing to new IP and hence the ping reply is drop.

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to MHM Cisco World

‎08-07-2022 02:21 PM

There are several things in this post that are not clear. It suggests that NAT is configured on the core switch. What kind of switch is this core switch? There are very few switches that support NAT. I am also puzzled by references to interface s2/1. What kind of interface is this?

I am also not clear about the diagram which does show 2 lines from the remote office (one to ISP router and one to core switch). Are these really 2 separate paths from the remote office? Or is it just suggesting communication from the remote office to both devices with the path from remote office to the core switch going through the ISP router?

Despite not knowing these things I do have a guess at what the problem is. The diagram shows a dynamic NAT set up to translate inside address going to outside. And the dynamic NAT would allow responses from outside to the inside device. But the dynamic NAT does not allow traffic originated from the outside device to an inside device. So when the remote office attempts to ping the core switch it is outside to inside and the NAT does not work for that.

HTH

Rick
0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to Richard Burts

‎08-08-2022 01:13 AM

I am glad that our suggestions have been helpful. Thank you for marking this question as solved. This will help other participants in the community to identify discussions which have helpful information. This community is an excellent place to ask questions and to learn about networking. I hope to see you continue to be active in the community.

HTH

Rick
0 Helpful

Go to solution
MHM Cisco World
VIP
VIP

‎08-08-2022 02:42 AM

I really dont get the issue here?
are there two links or one link in remote Site?

0 Helpful

Go to solution
deypuchka
Level 1
Level 1
In response to MHM Cisco World

‎08-12-2022 02:18 AM

Only one and the dotted lines indicates the connections that I want to ping.

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to deypuchka

‎08-13-2022 01:38 AM

Thank you for clarifying that the dotted lines indicate where you want to communicate and do not indicate separate paths from the remote office.

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents