Solved

Cisco 1811 - routed subnet behind PPPOE can't reach internet without NAT

Posted on 2013-12-14
6
272 Views
Last Modified: 2015-04-12
Hello,
My ISP recently assigned me a routed subnet - let's call it 206.x.x.104/29 (255.255.255.248). They said that this routed subnet is "behind" the IP that is assigned to me automatically via PPPOE.
When I take one of those usable IPs (like 206.x.x.105), assign it to a VLAN called "206" on the router, and then get my laptop on that VLAN, I can see the router. The router can see me. The router can see the internet. The laptop cannot reach the internet.
I've turned on ip route. I've set the default gateway to use the Dialer1 interface. The PPPoE connects fine, I just can't get the VLAN 206 to see the internet.
Of course, when I enable NAT for the VLAN 206 (set VLAN 206 up for "ip nat inside", and set Dialer1 as "ip nat outside"), the VLAN 206 can see the internet, but nothing on the internet can see VLAN 206 since it's NATed.
Also worth noting: a traceroute from another place on the internet to an IP address in my routed subnet 206.x.x.104/29 never seems to reach my automatically  assigned PPPOE IP. Any good advice out there?1811WorkInProgress.txt
0
Comment
Question by:SPLAT-Tech
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 46

Expert Comment

by:Craig Beck
ID: 39719220
Config looks good to me.  Have you tried using:

ip route 0.0.0.0 0.0.0.0 dhcp

instead of...

ip route 0.0.0.0 0.0.0.0 Dialer1

Alternatively, just remove the static default route.  You have the ppp ipcp route default command in the Dialer config so it will inject the route from the PPP session if IPCP negotiation succeeds.
0
 

Author Comment

by:SPLAT-Tech
ID: 39719585
OK - so I hopped into the router and removed the static default route which allowed the router to continue to see the internet (as you said, since the ipcp session comes up), but no internet from laptop still without NAT setup on the router. Also, re-adding the static default route as you suggested, using DHCP instead of Dialer1, gave me the same result.
I'm hoping to get a call from my ISP on Monday to see if this is on their end or not. Thanks craigbeck for the ideas.
My biggest concern: the ISP seems to be saying that the routed subnet is a next-hop after my PPPOE assigned IP, then why do I never see the PPPOE assigned IP in the tracert results? We'll see on Monday...
0
 
LVL 46

Expert Comment

by:Craig Beck
ID: 39719683
They probably just set the route profile wrong in RADIUS.
0
Moving data to the cloud? Find out if you’re ready

Before moving to the cloud, it is important to carefully define your db needs, plan for the migration & understand prod. environment. This wp explains how to define what you need from a cloud provider, plan for the migration & what putting a cloud solution into practice entails.

 

Accepted Solution

by:
SPLAT-Tech earned 0 total points
ID: 40711437
After speaking with the ISP ( i got someone that actually new what they were doing) we found out they had a bad route on their end.  They would not disclose the exact nature of the problem but they did fix it and all is good now.
0
 

Author Closing Comment

by:SPLAT-Tech
ID: 40719447
The problem was actually with the ISP
0
 
LVL 46

Expert Comment

by:Craig Beck
ID: 40719476
So why was my answer not selected??

craigbeck 2013-12-15 at 10:01:44  ID: 39719683
They probably just set the route profile wrong in RADIUS.
0

Featured Post

Veeam gives away 10 full conference passes

Veeam is a VMworld 2017 US & Europe Platinum Sponsor. Enter the raffle to get the full conference pass. Pass includes the admission to all general and breakout sessions, VMware Hands-On Labs, Solutions Exchange, exclusive giveaways and the great VMworld Customer Appreciation Part

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses
Course of the Month4 days, 5 hours left to enroll

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question