EPL (Ethernet Private Line) Routing/No Internet

Jimmy Sauvageau · ‎02-15-2017

I've configured a Cisco 891F Router at a main site that's setup with EPL with VLAN tagging. The Main Site is the one with the Internet connection coming in, all other remote sites are going to piggyback off of it through the EPL. The Main Site Internet is working and the LAN can get out onto the Internet. I configured the remote site and was able to ping the main sites LAN & EPL VLANs with the remote site LAN, however, I was unable to get Internet Access. Is it possible I'm missing a static route? Here's some LAN Information:

Main Site:

206.180.50.0/24

DG: 206.180.50.100/24

VLAN 448: 172.16.1.1

Static Routes

0.0.0.0 0.0.0.0 <Public IP Gateway>

10.90.36.0 255.255.255.0 172.16.1.2

route-map NAT overload on WAN port

Remote Site

10.90.36.0/24

DG: 10.90.36.254/24

VLAN 448: 172.16.1.2

Static Route

206.180.50.0 255.255.255.0 172.16.1.1

Remote Site can ping Default Gateway of Main Site as well as the 172.16.1.1 IP.

Does the remote site need a static route in order to get Internet Access? Or maybe I'm missing something on the Main site router?

Thanks in advance,

p.s. if more information is needed, please let me know.

Reza Sharifi · ‎02-15-2017

The remote site's router needs to have a default router pointing to 172.16.1.1

ip route 0.0.0.0 0.0.0.0 172.16.1.1

HTH

Jimmy Sauvageau · ‎02-15-2017

I'll try that tomorrow, other then that, is there anything else I would need for it to get Internet Access?

Reza Sharifi · ‎02-15-2017

It maybe helpful if you can post "sh run" from both main site and the remote site.

HTH

Jimmy Sauvageau · ‎02-16-2017

I have attached the configuration information to this post. If you would like for me to copy and paste it on the post, please let me know. A lot of the Access-List are irrelevant and shouldn't be there, they contain old IPs.

Reza Sharifi · ‎02-16-2017

Ok, so let me picture this without a diagram. The main site lan IP segment is 206.180.50.0/25 and the remote site lan IP segment is 10.90.36.0/24. Vlan 449 (subnet 172.16.2.0/24) connect the remote side to the main site. I also see in the config that the remote site subnet (10.90.36.0/24) is part of the NAT statement at the main site. If this all correct, the only thing you should need on the remote site is a default route.

ip route 0.0.0.0 0.0.0.0 172.16.1.1

HTH

Jimmy Sauvageau · ‎02-16-2017

in this case, it's VLAN 448, LAN at main site is 206.180.50.0/24. I've added the default route, can ping the main site WAN port, but can't get out on the internet from the 10.90.36.0 LAN from remote-site. Could this be an ACL issue?

Reza Sharifi · ‎02-16-2017

For testing, you can remove access list 100 and 115 from the interfaces and than test with ping and trace route to 8.8.8.8 from the remote site

interface GigabitEthernet8

description F6 Internet

ip address <Public IP>/29

ip access-group 100 in

no ip proxy-arp

ip mtu 1492

ip nat outside

ip ips ids in

ip virtual-reassembly in

duplex auto

speed auto

ntp disable

no cdp enable

!

interface Vlan1

description Main Building LAN

ip address 206.180.50.100 255.255.255.0

ip access-group 115 in

no ip proxy-arp

ip nat inside

Jimmy Sauvageau · ‎02-16-2017

no changes. Remote site still can't ping or connect outside.

Jimmy Sauvageau · ‎02-16-2017

I've even wiped both routers and configured them just enough for Internet to work and both were ale to ping. I have no ACL setup except for the NAT one which I put any to any and still no luck. I feel like the main site isn't NATing the LAN over at the remote site.

Jimmy Sauvageau · ‎02-16-2017

I added the default route you mentioned, I'm able to ping the Main Site WAN port now, but still can't get on the Internet.