Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6239
Views
0
Helpful
13
Replies

TTL expired in transit and Routing Loops

howardwen
Level 1
Level 1

‎02-06-2017 06:33 PM - edited ‎03-08-2019 09:13 AM

hello.

ISP give me 1 fiber and 3 public subnet IPs. 72.44.190.36/29 make my route WAN IP, and 74.206.101.16/28 is my second public subnet IPs.

When 1:1 NAT(74.206.101.23), not cause Routing Loops, and when make port NAT(74.206.101.22) then will cause Routing loops. why? how to fixed it?

thanks.

Labels:
Preview file
18 KB
Preview file
23 KB
0 Helpful
13 Replies 13

Francesco Molino
VIP Alumni
VIP Alumni

‎02-06-2017 07:31 PM

Hi

Who's is IP 70.44.190.34?

Ip 70.44.190.36 is your router right?

Could you share your routing config?

Thanks


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

howardwen
Level 1
Level 1
In response to Francesco Molino

‎02-06-2017 07:35 PM

72.44.192.36 is my router IP, 72.44.192.34 and 72.44.192.35 is ISP HSRP IP, 33 is gateway.

ISP reply me 74.206.101.16/28 is route by 72.44.192.36.

I'm now use MoNowall, so I want to change to Cisco 1941. so will fixed this problem?

0 Helpful

Francesco Molino
VIP Alumni
VIP Alumni
In response to howardwen

‎02-06-2017 07:44 PM

What's your config on your router.

Changing router won't solve your issue unless your routing will change... With a config of your routing setup it could help

Thanks

PS: Please don't forget to rate as correct answer if this answered your question


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

howardwen
Level 1
Level 1
In response to Francesco Molino

‎02-06-2017 07:47 PM

my router is MoNowall not Cisco now.

and config Proxy ARP to second and third public subnet IPs.

0 Helpful

Francesco Molino
VIP Alumni
VIP Alumni
In response to howardwen

‎02-06-2017 07:59 PM

Are you planning to change to a Cisco router? If yes what is your planned config?

If not, what is your routing table?.

Sorry can't help on commands because I don't know these 3rd party devices.

Thanks


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

howardwen
Level 1
Level 1
In response to Francesco Molino

‎02-06-2017 08:39 PM

Thank you!

config is here:https://supportforums.cisco.com/discussion/13205731/single-wan-port-assign-3-subnet-public-ips-cisco-1941

0 Helpful

Francesco Molino
VIP Alumni
VIP Alumni
In response to howardwen

‎02-07-2017 06:03 AM

On your config, I don't see any nat statement referring to IP 74.206.101.23 or 74.206.101.22.

Normally these IPs are routed from your ISP to your WAN interface and you just need to use them in your nat statement,

Did you configured them?


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

howardwen
Level 1
Level 1
In response to Francesco Molino

‎02-07-2017 05:55 PM

I cut these NAT config but so long.

actually is :

ip nat inside source static 192.168.23.52 74.206.101.23 

ip nat inside source static tcp 192.168.23.68 80 74.206.101.22 80 

0 Helpful

Francesco Molino
VIP Alumni
VIP Alumni
In response to howardwen

‎02-07-2017 07:09 PM

Ok does http access works on this public IP?

If you don't have any other nat on the IP ending by 22, modify the actual by a full static nat and retry ping/traceroute

Thanks

PS: Please don't forget to rate and mark as correct answer if this answered your question


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

howardwen
Level 1
Level 1
In response to Francesco Molino

‎02-08-2017 12:15 AM

HTTP access sometimes slowly.

NAT is not ending by 22, full subnets of 72.44.192.48/28 and 74.206.101.16/28.all have NAT.

0 Helpful

Francesco Molino
VIP Alumni
VIP Alumni
In response to howardwen

‎02-08-2017 05:20 AM

Ok let me repeat what I meant by nat ending by 22.

Today you have this nat statement for the Public IP 74.206.101.22:

ip nat inside source static tcp 192.168.23.68 80 74.206.101.22 80 

To test it, do a full nat statement like:

ip nat inside source static 192.168.23.68 74.206.101.22

Then you can test by using ICMP or even traceroute to validate. You'll see everything will work fine. If that IP is not natted for ICMP then it won't reply to you on internet.

Thanks

PS: Please don't forget to rate and mark as correct answer if this answered your question


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

Julio E. Moisa
VIP Alumni
VIP Alumni

‎02-06-2017 07:36 PM

Hi

Could you please share your config? do you have a diagram of your topology?




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
0 Helpful

howardwen
Level 1
Level 1
In response to Julio E. Moisa

‎02-06-2017 07:36 PM

72.44.192.36 is my router IP, 72.44.192.34 and 72.44.192.35 is ISP HSRP IP, 33 is gateway.

ISP reply me 74.206.101.16/28 is route by 72.44.192.36.

I'm now use MoNowall, so I want to change to Cisco 1941. so will fixed this problem?

0 Helpful
Customers Also Viewed These Support Documents