05-03-2018 04:47 PM - edited 03-08-2019 02:53 PM
Hi,
I have a router C881-k9 connected on wan port fastethernet4 to the ISP modem, which provide internet with 1 public IP address and I’ve been asked to configure the following to get the internet working from my LAN:
Wanip2 is assigned on fastethernet4 and wanip1 is assigned on ISP modem
A default route is set to wanip1
A loopback is created and a public ip is assigned
VLAN1 is configured with a dhcp
The loopback has to ping the wanip1 on ISP modem and it is
A NAT was set, the client PCs can ping the loopback (public ip), the WANIP1 and the WANIP2 but not the google DNS 8.8.8.8
I can ping the public IP from anywhere as well
My problem is that I cannot get internet on the internal network
Here is the configuration and I appreciate some help.
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $1$b.pC$wkyOJBKtya.BkiDwOAMG0/
enable password nopassword
!
no aaa new-model
!
!
!
!
!
!
!
!
!
!
!
ip dhcp excluded-address 192.168.1.1 192.168.1.10
!
ip dhcp pool vlan1pool
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 8.8.8.8 8.8.4.4
!
!
!
ip name-server 8.8.8.8
ip cef
no ipv6 cef
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
cts logging verbose
license udi pid C881-K9 sn xxxxxxxxxx
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address xxx.yyyy.zzz.sss 255.255.255.255
ip nat outside
ip virtual-reassembly in
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface FastEthernet4
ip address 172.16.0.2 255.255.255.252
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface Vlan1
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat pool PUBLIC-POOL xxx.yyyy.zzz.sss xxx.yyyy.zzz.sss netmask 255.255.255.255
ip nat inside source list 1 pool PUBLIC-POOL overload
ip route 0.0.0.0 0.0.0.0 172.16.0.1
!
!
snmp-server community public RO
access-list 1 permit 192.168.1.0 0.0.0.255
!
control-plane
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
!
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
password cisco
login
transport input none
!
scheduler allocate 20000 1000
!
!
!
end
Thank you
05-03-2018 06:07 PM - edited 05-03-2018 06:09 PM
Hi
I assume it is a lab (because it could involve others steps in real world), now if you are going to NAT the private networks using a loopback, the ip nat outside command is not required under the interface loopback, it is required under the interfaces where the packets will be routed, so your configuration should be:
interface Loopback0
ip address xxx.yyyy.zzz.sss 255.255.255.255
interface FastEthernet4
ip address 172.16.0.2 255.255.255.252
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface Vlan1
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
ip nat inside source list 1 interface loopback0 overload
ip route 0.0.0.0 0.0.0.0 172.16.0.1
access-list 1 permit 192.168.1.0 0.0.0.255
Now, the steps I mentioned above (real world) is, if you are using a loopback IP to translate the traffic the ISP device must know that loopback IP so you should have a static route on the ISP device. If your loopback is related a public IP address it could be not required.
Hope it is useful
:-)
05-03-2018 06:15 PM
Thank you for your reply, btw it is not a lab
and i already removed the ip nat outside
and as you can see there is a default route 0.0.0.0 to the isp gateway wich is his wanip1
bit still not working, do you think any additional config is needed?
05-05-2018 04:29 AM
at the end it was an ISP issue and they had to fix it.
thank you all for your help.
05-03-2018 06:09 PM
The loopback ip is not able to ping the 8.8.8.8 as well, could it be a misconfiguration from the isp side?
But what make it weird that this public ip is reachable for ping once configured on loopback interface.
05-03-2018 06:18 PM
ok the question here is: the ip address to create the NAT is a loopback and it is a public IP? or you want to translate the loopback IP and private network through a public IP?
05-03-2018 06:22 PM
the ip address to create the NAT is a loopback and it is a public IP
05-03-2018 06:28 PM
Ok,
So the configuration should be imagining the IP is 111.0.0.25 :
interface Loopback0
ip address 111.0.0.25 255.255.255.255
interface FastEthernet4
ip address 172.16.0.2 255.255.255.252
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface Vlan1
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
ip nat inside source list 1 interface loopback0 overload
ip route 0.0.0.0 0.0.0.0 172.16.0.1
access-list 1 permit 192.168.1.0 0.0.0.255
ISP DEVICE
ip route 111.0.0.25 255.255.255.255 172.16.0.2 (it will be known via the client router)
The ISP usually provide public IP addresses also for the point to point between the client router and the ISP device, they also could provide different public network segments but everything is handled on the ISP side.
05-03-2018 06:35 PM
The configuration is already the same what you wrote, and not rorkung
05-03-2018 06:26 PM
And do you think there is anyway to test the connection that it is reaching the internet other than pinging from the loopback id to another public ip like the google dns?
keeping in mind that i can ping the public ip from everywhere.
05-03-2018 06:38 PM
the loopback IP was provided by the ISP? and the /30 used between the router and modem is 172.16.0.0/30?
05-03-2018 06:40 PM
Have you tried to configure the public IP under the FastEthernet 4 interface?
05-04-2018 01:29 AM
yes even if it is not a logical test I already tested and it is not working.
05-03-2018 10:51 PM
Yes
05-04-2018 06:19 AM
Hi ledaouk!
Could you run commands: "show ip nat translations" and "show ip route"?
Mybe you are missing routes to outside NAT address.. It just look like that every thing is going on "ip route 0.0.0.0 0.0.0.0 172.16.0.1", without any NATs.
Trafic from you Local subnet "192.168.1.0/24" have to know where is the network "xxx.yyyy.zzz.sss xxx.yyyy.zzz.sss/Y", this loopback interface is your Outside global . I afriad that you are missing routes to your loopback address!!!
Please post the "show ip route" and "show ip nat translations" outputs to figure out what is going on.
/Mohammed
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide