Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
690
Views
2
Helpful
6
Replies

Problem with pinging from external server and ISP router.

Go to solution
Friut
Level 1
Level 1

‎12-11-2024 07:06 AM - edited ‎12-11-2024 07:16 AM

Problem Summary

In a Packet Tracer simulation, the ISP router could not reach internal networks through RTR-1, even though traffic from the internal network (Host A) successfully communicated with the external server via NAT. Pings from the ISP to RTR-1's internal interfaces failed, suggesting issues with NAT, routing, or implicit filtering. We need help identifying why incoming traffic from the ISP is blocked while outgoing traffic works fine.

Link to Ufile with my PT 

Labels:
Big Network.zip
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Flavio Miranda
VIP
VIP
In response to Friut

‎12-11-2024 07:51 AM

@Friut 

 you are missing one route on the ISP router. Your ISP router does not know how to reply.

 

View solution in original post

Big Network-v2.zip
6 Replies 6

Go to solution
Flavio Miranda
VIP
VIP

‎12-11-2024 07:13 AM

@Friut 

Attach the packettracer here directly.  You just need to zip the file first.

0 Helpful

Go to solution
Friut
Level 1
Level 1
In response to Flavio Miranda

‎12-11-2024 07:17 AM

Hi, thanks was a bit confused how to do it. But should be there now

0 Helpful

Go to solution
Flavio Miranda
VIP
VIP
In response to Friut

‎12-11-2024 07:51 AM

@Friut 

 you are missing one route on the ISP router. Your ISP router does not know how to reply.

 

Big Network-v2.zip

Go to solution
Friut
Level 1
Level 1
In response to Flavio Miranda

‎12-11-2024 08:22 AM

Thank you so much!

Go to solution
vishalbhandari
Spotlight
Spotlight

‎12-11-2024 07:57 AM

@Friut Common Causes and Fixes

  1. NAT Overload Missing ACL Entry:

    • Ensure the NAT ACL includes traffic from the ISP to internal networks.

  2. Return Traffic Blocked:

    • Add a reflexive ACL or an explicit ACL to permit return traffic.

  3. Incorrect NAT Outside Interface:

    • Confirm the ip nat outside interface matches the one facing the ISP.

  4. No Static NAT:

    • If specific services (like pings) need to be reachable, configure static NAT:
      bash
      ip nat inside source static <Internal_IP> <Public_IP>
0 Helpful

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame

‎12-11-2024 09:32 AM

Ignoring other considerations, BTW, if true dynamic NAT is being used, an external host could only reach an internal host if there's an active NAT entry for the two hosts.  True static NAT would work provided a static NAT entry is in place for the two hosts.

In the forgoing, I used the adjective "true", i.e. just NAT not NAT/PAT.

If PAT, or complex variant, is in play, often the inside to outside also has some additional state information for expected reverse flow traffic.  If such criteria isn't met, outside won't be able to contact an inside host.

0 Helpful
Customers Also Viewed These Support Documents