cpatte7372
asked on
Cisco Router Config Question
Hello Experts
Can someone please take a look at the configuration and let me know why I can ping google on 8.8.8.8 from WAN interface GE0/1 but not from LAN Interface GE0/0?
I have default route but still can't ping from source 192.168.30.1
Regards
Carlton
Can someone please take a look at the configuration and let me know why I can ping google on 8.8.8.8 from WAN interface GE0/1 but not from LAN Interface GE0/0?
I have default route but still can't ping from source 192.168.30.1
Regards
Carlton
Can you ping from internal LAN to router's VLAN interface?
Probably you don't have NAT configured (or NAT is misconfigured), but paste configuration.
:)
:)
ASKER
I can ping 192.168.30.1 from within the router (if that's what you mean)?
ASKER
Pred
I don't think NAT is required
I don't think NAT is required
Oh, yes it is... you can't ping from private address space to internet directly. :)
You must ping from public IP address. NAT translates your private IP address to public IP address.
You must ping from public IP address. NAT translates your private IP address to public IP address.
ASKER
so will the following work
ip nat pool guargon 59.x.x.1 59..1 netmask 255.255.255.252
ip nat inside source list 1 pool guargon overload
ip nat pool guargon 59.x.x.1 59..1 netmask 255.255.255.252
ip nat inside source list 1 pool guargon overload
access-list 1 permit 192.168.30.0 0.0.0.255
ip nat pool guargon 59.x.x.1 59.x.x.x netmask 255.255.255.252
ip nat inside source list 1 pool guargon overload
(or simply without IP pool for WAN, if you don't need one
ip nat inside source list 1 interface GE0/1 overload)
interface GE0/1
ip nat outside
interface GE0/0
ip nat inside
ip nat pool guargon 59.x.x.1 59.x.x.x netmask 255.255.255.252
ip nat inside source list 1 pool guargon overload
(or simply without IP pool for WAN, if you don't need one
ip nat inside source list 1 interface GE0/1 overload)
interface GE0/1
ip nat outside
interface GE0/0
ip nat inside
ASKER
First, you need to move "ip nat outside" to interface GigabitEthernet0/1.3861 because that's where the IP address is.
2nd, get rid of the ip nat pool and simply do:
ip nat inside source list 1 interface GigabitEthernet0/1.3861 overload
The nat pool statement you used is attempting to nat your inside addresses to the address of your ISP and that wouldn't work anyway. The above will make everything look like it's coming from your router interface.
2nd, get rid of the ip nat pool and simply do:
ip nat inside source list 1 interface GigabitEthernet0/1.3861 overload
The nat pool statement you used is attempting to nat your inside addresses to the address of your ISP and that wouldn't work anyway. The above will make everything look like it's coming from your router interface.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You mean Mike, not Pred...
ASKER
Your inbound access list "Permitted-Inbound-Interne t" doesn't really permit anything to come back to you. I don't know how you're testing but can you ping 59.xx.xx.11 from the LAN?
You're also missing a default route:
ip route 0.0.0.0 0.0.0.0 59.xx.xx.11
You're also missing a default route:
ip route 0.0.0.0 0.0.0.0 59.xx.xx.11
Is this mean that you are going to internet through distant location?
(Private IP DNS servers - out of IP pool on this router - point into this direction)
I don't see default route here, so I can only presume that you get internet through tunnel and default route from eigrp.
In that case you might not need NAT, NAT can be done on another router.
What is output from
#show ip route
Is this all relevant info in config, or there are some other missing puzzle pieces? :)
(Looks like they do, since this time there is no IP DHCP pool in configuration.)
If there is a default route in routing table remove NAT completely and issue
#traceroute 8.8.8.8
(Private IP DNS servers - out of IP pool on this router - point into this direction)
I don't see default route here, so I can only presume that you get internet through tunnel and default route from eigrp.
In that case you might not need NAT, NAT can be done on another router.
What is output from
#show ip route
Is this all relevant info in config, or there are some other missing puzzle pieces? :)
(Looks like they do, since this time there is no IP DHCP pool in configuration.)
If there is a default route in routing table remove NAT completely and issue
#traceroute 8.8.8.8
ASKER
Cheers