Solved

Showing Gw Adress instead of assigned static address

Posted on 2009-07-02
11
459 Views
Last Modified: 2012-05-07
i have a few static IPs in my network

like 65.xx.xx.233 is assigned at 1 pc and if i do a ipaddy.com on the machine it shows

65.xx.xx.226  the same one of the interface doesnt it normally not go through the router ALso on the machine its going through the Default Gw of my other ISP so im  lost as if maybe its something to do with the overload thats currently set up ....


Thanks
ohhh shoot its already in there i might of copied this from wehn you showed me previous ....
 
heres the current just to make sure...
 
AmtecLV1841#sh run
Building configuration...
 
Current configuration : 17943 bytes
!
! Last configuration change at 12:15:23 PST Mon Mar 16 2009 by johnny
! NVRAM config last updated at 01:35:57 PST Sun Mar 15 2009 by johnny
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
!
hostname AmtecLV1841
!
boot-start-marker
boot system flash 
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 5
logging buffered 51200 debugging
logging console critical
 
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login User_Database local
aaa authorization network MGMT local 
!
aaa session-id common
clock timezone PST -8
no ip source-route
ip cef
!
!
ip inspect name Firewall cuseeme
ip inspect name Firewall ftp
ip inspect name Firewall h323
ip inspect name Firewall netshow
ip inspect name Firewall rcmd
ip inspect name Firewall realaudio
ip inspect name Firewall rtsp
ip inspect name Firewall sqlnet
ip inspect name Firewall streamworks
ip inspect name Firewall tftp
ip inspect name Firewall tcp
ip inspect name Firewall udp
ip inspect name Firewall vdolive
ip inspect name Firewall icmp
ip inspect name Firewall esmtp
ip inspect name Firewall sip
ip inspect name Firewall sip-tls
ip tcp path-mtu-discovery
ip telnet source-interface FastEthernet0/1
!
!
no ip bootp server
ip name-server 4.2.2.2
ip name-server 65.106.1.196
ip name-server 65.106.7.196
!
!
crypto pki trustpoint TP-self-signed-1297439676
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1297439676
revocation-check none
rsakeypair TP-self-signed-1297439676
!
!
!
!
class-map match-any IP_Node
match access-group 104
!
!
policy-map VoIP_Priority
class IP_Node
 set ip dscp ef
 priority 256
class class-default
 fair-queue
 random-detect
policy-map QoS
class class-default
 shape average 500000 5000 0
 service-policy VoIP_Priority
!
! 
crypto keyring 1 
  pre-shared-key address 71.xx.xx.241 key asdfasdf
crypto keyring 2 
  pre-shared-key address 0.0.0.0 0.0.0.0 key asdfasdfasdf
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp policy 2
encr 3des
authentication pre-share
group 2
lifetime 28800
!
crypto isakmp client configuration group MGMT
key Tasdfasdm@
dns 192.168.11.1 64.30.0.17
wins 192.168.11.1
domain amtec.local
pool VPN_IPs
acl 105
max-users 3
max-logins 3
netmask 255.255.255.0
crypto isakmp profile 1
  description Tunnel to San Bernardino
  keyring 1
  crypto isakmp profile 2
  description VPN Client profile
  match identity group MGMT
  client authentication list User_Database
  isakmp authorization list MGMT
  client configuration address respond
crypto isakmp profile 3
  description Tunnel to internet 
   keyring 2
  match identity address 0.0.0.0 
!
!
crypto ipsec transform-set Transform_Set_1 esp-3des esp-sha-hmac 
crypto ipsec df-bit clear
!
crypto dynamic-map Site-to-Site 3
set transform-set Transform_Set_1 
 set isakmp-profile 3
!
crypto dynamic-map VPN_Client 2
set security-association idle-time 1800
set transform-set Transform_Set_1 
 set isakmp-profile 2
reverse-route
!
!
crypto map VPN_Tunnel 1 ipsec-isakmp 
 description Tunnel to San Bernardino
set transform-set Transform_Set_1 
 set isakmp-profile 1
match address 100
qos pre-classify
crypto map VPN_Tunnel 2 ipsec-isakmp dynamic VPN_Client 
crypto map VPN_Tunnel 3 ipsec-isakmp dynamic Site-to-Site 
!
bridge irb
!
!
interface Loopback0
description Virtual NAT Interface
ip address 1.1.1.1 255.255.255.252
!
interface Loopback2
ip address 2.2.2.2 255.255.255.255
!
interface Null0
no ip unreachables
!
interface FastEthernet0/0
description Connected to TelePacific Internet$FW_OUTSIDE$
ip address 65.xx.xx.226 255.255.255.240
ip access-group 101 in
no ip redirects
no ip unreachables
ip directed-broadcast
ip inspect Firewall out
ip nat outside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
no cdp enable
crypto map VPN_Tunnel
crypto ipsec fragmentation before-encryption
!
interface FastEthernet0/1
description $FW_INSIDE$
ip address 192.168.11.254 255.255.255.0
ip access-group 102 in
no ip redirects
no ip unreachables
ip directed-broadcast
ip nat inside
ip virtual-reassembly
ip policy route-map NAT_Filter
duplex auto
speed auto
!
interface FastEthernet0/1.1
no cdp enable
!
interface FastEthernet0/1/0
switchport access vlan 10
!
interface FastEthernet0/1/1
!
interface FastEthernet0/1/2
!
interface FastEthernet0/1/3
!
interface Serial0/0/0
ip address 64.xx.xx.10 255.255.255.252
no ip redirects
no ip unreachables
ip nat outside
ip virtual-reassembly
encapsulation ppp
service-module t1 timeslots 1-24
!
interface Vlan1
no ip address
!
interface Vlan10
ip address 65.xx.xx.46 255.255.255.128
ip access-group 103 in
ip verify unicast reverse-path
no ip redirects
no ip unreachables
ip directed-broadcast
ip inspect Firewall out
ip nat outside
ip virtual-reassembly
crypto map VPN_Tunnel
crypto ipsec fragmentation before-encryption
!
interface BVI1
no ip address
!
ip local pool VPN_IPs 192.168.255.1 192.168.255.10
ip forward-protocol udp netbios-ss
ip route 0.0.0.0 0.0.0.0 Serial0/0/0 10
ip route 0.0.0.0 0.0.0.0 65.xx.xx.1 
ip route 192.168.14.0 255.255.255.0 192.168.11.2
!
ip http server
ip http authentication local
ip http secure-server
ip nat inside source route-map Ethernet interface Vlan10 overload
ip nat inside source route-map Nat interface FastEthernet0/0 overload
ip nat inside source route-map T1 interface FastEthernet0/0 overload
ip nat inside source static tcp 192.168.11.254 23 65.xx.xx.46 23 extendable
ip nat inside source static tcp 192.168.11.1 25 65.xx.xx.46 25 extendable
ip nat inside source static tcp 192.168.11.1 80 65.xx.xx.46 80 extendable
ip nat inside source static tcp 192.168.11.1 443 65.xx.xx.46 443 extendable
ip nat inside source static tcp 192.168.11.1 3389 65.xx.xx.46 3389 extendable
ip nat inside source static tcp 192.168.11.1 4125 65.xx.xx.46 4125 extendable
ip nat inside source static tcp 192.168.11.254 22 65.xx.xx.226 22 extendable
ip nat inside source static tcp 192.168.11.1 25 65.xx.xx.226 25 extendable
ip nat inside source static tcp 192.168.11.1 80 65.xx.xx.226 80 extendable
ip nat inside source static tcp 192.168.11.1 443 65.xx.xx.226 443 extendable
ip nat inside source static tcp 192.168.11.1 3389 65.xx.xx.226 3389 extendable
ip nat inside source static tcp 192.168.11.1 4125 65.xx.xx.226 4125 extendable
ip nat inside source static tcp 192.168.11.17 6107 65.xx.xx.226 6107 extendable
ip nat inside source static udp 192.168.11.17 6107 65.xx.xx.226 6107 extendable
ip nat inside source static tcp 192.168.11.1 25 65.xx.xx.230 25 extendable
ip nat inside source static tcp 192.168.11.1 80 65.xx.xx.230 80 extendable
ip nat inside source static tcp 192.168.11.1 443 65.xx.xx.230 443 extendable
ip nat inside source static tcp 192.168.11.1 3389 65.xx.xx.230 3389 extendable
ip nat inside source static tcp 192.168.11.1 4125 65.xx.xx.230 4125 extendable
ip nat inside source static 192.168.14.27 65.xx.xx.231
ip nat inside source static 192.168.14.2 65.xx.xx.232
ip nat inside source static tcp 192.168.14.24 80 65.xx.xx.234 80 extendable
ip nat inside source static tcp 192.168.14.24 37000 65.xx.xx.234 37000 extendable
ip nat inside source static tcp 192.168.11.1 3389 65.xx.xx.238 3389 extendable
ip nat outside source static 192.168.11.1 65.xx.xx.226
ip nat outside source static 192.168.14.2 65.xx.xx.232
ip nat outside source static 192.168.14.24 65.xx.xx.234
ip nat outside source static 192.168.14.27 65.xx.xx.231
!
access-list 100 permit ip 192.168.11.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 100 permit ip 192.168.11.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 100 permit ip 192.168.255.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 100 permit ip 192.168.14.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 100 permit ip 192.168.3.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 100 permit ip 192.168.10.0 0.0.0.255 192.168.14.0 0.0.0.255
access-list 101 permit ip any any
access-list 101 deny   ip 192.168.11.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 101 deny   ip 192.168.11.0 0.0.0.255 192.168.254.0 0.0.0.255
access-list 101 deny   ip 192.168.11.0 0.0.0.255 192.168.255.0 0.0.0.255
access-list 101 deny   ip 192.168.14.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 101 deny   ip 192.168.14.0 0.0.0.255 192.168.254.0 0.0.0.255
access-list 101 deny   ip 192.168.14.0 0.0.0.255 192.168.255.0 0.0.0.255
access-list 101 deny   ip 192.168.255.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 101 deny   ip 192.168.3.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 101 permit ip 192.168.11.0 0.0.0.255 any
access-list 101 permit ip 192.168.14.0 0.0.0.255 any
access-list 102 permit ip any host 192.168.14.28
access-list 102 permit ip host 192.168.14.28 any
access-list 102 permit ip 192.168.14.0 0.0.0.255 any
access-list 102 deny   ip host 255.255.255.255 any
access-list 102 deny   ip 127.0.0.0 0.255.255.255 any
access-list 102 permit ip host 192.168.11.28 192.168.254.0 0.0.0.255
access-list 102 permit ip any host 192.168.14.27
access-list 102 permit ip host 192.168.14.27 any
access-list 102 permit tcp any any eq 5060
access-list 102 permit ip host 192.168.14.2 host 209.203.104.37
access-list 102 permit ip host 209.203.104.37 host 192.168.14.2
access-list 102 permit ip host 192.168.14.2 192.168.254.0 0.0.0.255
access-list 102 permit ip 192.168.14.0 0.0.0.255 192.168.254.0 0.0.0.255
access-list 102 deny   ip 192.168.11.0 0.0.0.255 192.168.254.0 0.0.0.255
access-list 102 deny   icmp any 192.168.254.0 0.0.0.255
access-list 102 permit ip any any
access-list 103 permit ip 192.168.10.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 103 permit ip 192.168.14.0 0.0.0.255 any
access-list 103 permit ip host 0.0.0.0 any
access-list 103 permit ip 192.168.10.0 0.0.0.255 192.168.255.0 0.0.0.255
access-list 103 permit ahp any host 65.xx.xx.46
access-list 103 permit ahp any host 65.xx.xx.226
access-list 103 permit esp any host 65.xx.xx.46
access-list 103 permit esp any host 65.xx.xx.226
access-list 103 permit udp any host 65.xx.xx.46 eq 5060
access-list 103 permit ip host 192.168.14.27 any
access-list 103 permit ip any host 192.168.14.27
access-list 103 permit udp any host 65.xx.xx.46 eq isakmp
access-list 103 permit udp any host 65.xx.xx.226 eq isakmp
access-list 103 permit udp any host 65.xx.xx.46 eq non500-isakmp
access-list 103 permit udp any host 65.xx.xx.226 eq non500-isakmp
access-list 103 permit esp any any
access-list 103 permit gre any any
access-list 103 permit tcp any any eq 1723
access-list 103 permit ip 192.168.2.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 103 permit ip 192.168.3.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 103 permit ip 192.168.3.0 0.0.0.255 192.168.11.0 0.0.0.255
access-list 103 permit ip 192.168.3.0 0.0.0.255 192.168.14.0 0.0.0.255
access-list 103 permit ip 192.168.10.0 0.0.0.255 192.168.11.0 0.0.0.255
access-list 103 permit ip 192.168.10.0 0.0.0.255 192.168.14.0 0.0.0.255
access-list 103 permit ip 192.168.254.0 0.0.0.255 host 192.168.11.28
access-list 103 permit ip 192.168.254.0 0.0.0.255 192.168.14.0 0.0.0.255
access-list 103 deny   ip 192.168.254.0 0.0.0.255 any
access-list 103 permit ip 192.168.255.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 103 permit ip 192.168.255.0 0.0.0.255 192.168.11.0 0.0.0.255
access-list 103 permit ip 192.168.255.0 0.0.0.255 192.168.14.0 0.0.0.255
access-list 103 deny   icmp 192.168.254.0 0.0.0.255 any
access-list 103 permit icmp any any echo-reply
access-list 103 permit icmp any any time-exceeded
access-list 103 permit icmp any any timestamp-reply
access-list 103 permit icmp any any traceroute
access-list 103 permit icmp any any unreachable
access-list 103 permit udp any any eq ntp
access-list 103 permit tcp any host 65.xx.xx.46 eq 161
access-list 103 permit tcp any host 65.xx.xx.226 eq 161
access-list 103 permit tcp any host 65.xx.xx.46 eq 162
access-list 103 permit tcp any host 65.xx.xx.226 eq 162
access-list 103 permit udp any host 65.xx.xx.46 eq snmp
access-list 103 permit udp any host 65.xx.xx.226 eq snmp
access-list 103 permit udp any host 65.xx.xx.46 eq snmptrap
access-list 103 permit udp any host 65.xx.xx.226 eq snmptrap
access-list 103 permit udp host 209.203.104.37 host 65.xx.xx.46 eq 5060
access-list 103 permit tcp any host 65.xx.xx.46 eq smtp
access-list 103 permit tcp any host 65.xx.xx.226 eq smtp
access-list 103 permit tcp any host 65.xx.xx.46 eq www
access-list 103 permit tcp any host 65.xx.xx.226 eq www
access-list 103 permit tcp any host 65.xx.xx.46 eq 443
access-list 103 permit tcp any host 65.xx.xx.226 eq 443
access-list 103 permit tcp any host 65.xx.xx.46 eq 3389
access-list 103 permit tcp any host 65.xx.xx.226 eq 3389
access-list 103 permit tcp any host 65.xx.xx.46 eq 4125
access-list 103 permit tcp any host 65.xx.xx.226 eq 4125
access-list 103 permit tcp any host 65.xx.xx.46 eq 37000
access-list 103 permit tcp any host 65.xx.xx.226 eq 37000
access-list 103 permit tcp any host 65.xx.xx.46 eq ftp
access-list 103 permit tcp any host 65.xx.xx.226 eq ftp
access-list 103 permit tcp any host 65.xx.xx.46 eq ftp-data
access-list 103 permit tcp any host 65.xx.xx.226 eq ftp-data
access-list 103 deny   ip 192.168.11.0 0.0.0.255 any
access-list 103 deny   ip 10.0.0.0 0.255.255.255 any
access-list 103 deny   ip 172.16.0.0 0.15.255.255 any
access-list 103 deny   ip 192.168.0.0 0.0.255.255 any
access-list 103 deny   ip 127.0.0.0 0.255.255.255 any
access-list 103 deny   ip host 255.255.255.255 any
access-list 103 deny   ip host 0.0.0.0 any
access-list 103 permit udp any any eq 5060
access-list 103 permit tcp any any eq 5060
access-list 104 permit ip host 192.168.14.2 any
access-list 104 permit ip any host 192.168.14.2
access-list 104 permit ip 192.168.14.0 0.0.0.255 0.0.0.0 255.255.255.0
access-list 104 remark IP Nodes / Phones
access-list 105 permit ip 192.168.10.0 0.0.0.255 192.168.255.0 0.0.0.255
access-list 105 permit ip 192.168.11.0 0.0.0.255 192.168.255.0 0.0.0.255
access-list 105 permit ip 192.168.14.0 0.0.0.255 192.168.255.0 0.0.0.255
access-list 105 permit ip 192.168.255.0 0.0.0.255 any
access-list 105 remark VPN Split Tunnel Rules
access-list 106 permit ip host 192.168.11.1 192.168.3.0 0.0.0.255
access-list 106 permit ip host 192.168.11.1 192.168.10.0 0.0.0.255
access-list 106 permit ip host 192.168.11.1 192.168.255.0 0.0.0.255
access-list 106 permit ip 192.168.11.0 0.0.0.255 192.168.255.0 0.0.0.255
access-list 106 permit ip 192.168.14.0 0.0.0.255 192.168.255.0 0.0.0.255
access-list 150 permit ip 192.168.11.40 any
no cdp run
route-map XoRoutemap permit 10
match ip address XoStatics
!
route-map NAT_Filter permit 1
match ip address 106
set ip next-hop 1.1.1.2
!
route-map NAT_Filter permit 20
match ip address 150
set ip next-hop 65.xx.xx.226
!
route-map Ethernet permit 10
match ip address 101
match interface Vlan10
!
route-map Nat permit 1
match ip address 101
match interface FastEthernet0/0
!
route-map T1 permit 10
match ip address 101
match interface Serial0/0/0
!
!
!
control-plane
!
bridge 1 protocol ieee
banner motd ^CC
*********************************************************************************
*                                                                               *
* This is a private computer system.                                            *
* Unauthorized Access is prohibited. All Access is logged.                      *
* Any unauthorized access will be prosecuted to the fullest extent of the law.  *
*                                                                               *
*********************************************************************************
^C
!
line con 0
transport output all
line aux 0
transport output all
line vty 0 4
password 7 asdfasdf
transport input all
transport output all
!
scheduler max-task-time 5000
scheduler allocate 20000 1000
sntp server 204.312x98.40
en

Open in new window

0
Comment
Question by:ritztech
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
11 Comments
 
LVL 11

Expert Comment

by:billwharton
ID: 24766407
Your question is very confusing. Can you re-phrase all of it using grammatically correct English?
0
 

Author Comment

by:ritztech
ID: 24767062
i have 14 available statics within my network.



And i need my 192.168.14.2 address to show 65.xx.xx.232 when it goes outbound (right now it shows 65.xx.xx.226)

as you see i have ip nat inside source static 192.168.14.2 65.xx.xx.232

so inbound works just not the outbound.


reasoning
{sip issues with the from header has to show what ip came in and out have to match or it wont terminate the call.}

thanks

0
 
LVL 6

Expert Comment

by:danf0x
ID: 24767331
I see you have the inside source which is setup correctly, but you also have an outside source which shouldn't be there.
ip nat outside source static 192.168.14.2 65.xx.xx.232
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 
LVL 6

Expert Comment

by:danf0x
ID: 24767389
sorry I hit the button too quickly
You should have
ip nat outside source static  65.xx.xx.232 192.168.14.2
you just have it reversed and it seems you have all of your outside nat statements reversed
0
 

Author Comment

by:ritztech
ID: 24787579
hmmm when i did that it just shut off any access to the 192.168.14.2

is there something messed up with my ACL
0
 
LVL 6

Expert Comment

by:danf0x
ID: 24787649
What machine were you talking to it from?  The only thing I see on your list that it can talk to is
access-list 102 permit ip host 192.168.14.2 host 209.203.104.37
access-list 102 permit ip host 209.203.104.37 host 192.168.14.2
0
 

Author Comment

by:ritztech
ID: 24787970
hmmm that was my old SIp provider 2 years ago  im not sure if that would do anything
0
 

Author Comment

by:ritztech
ID: 25362201
could anyone assist me on why thats not able to show.....

thanks
0
 
LVL 29

Accepted Solution

by:
Jan Springer earned 500 total points
ID: 25580484
You say:

"like 65.xx.xx.233 is assigned at 1 pc and if i do a ipaddy.com on the machine it shows"

but I don't see anything in the configuration that indicates a static resource ending in this octet.

By default (with your configuration), any IP address not specified with a nat outside statement is going to be natted with the IP of your .226 interface.

With your /28 assignment, you have 13 available IP addresses that you can use for static assignments.

You need to add another inside/outside static nat statement with a public IP not in use for that machine.
0

Featured Post

Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question