10-02-2007 07:08 AM - edited 03-03-2019 06:59 PM
I have a 7206 Router with 4 FA interface, 3 of which is connected to my ISP Routers, and port fa4/0 is connected to a layer 2 switch going to my LAN.
I have configure the router with PBR and trunking to support my multiple subnets with in my LAN.
NAT is also implemented in my network.
My problem was if i ping our server which has a public IP (100.100.100.69) from my station (192.168.111.22). I am getting an RTO error. But when I check the show ip nat translation logs. I can see that my attempts are translated from private to public going to the server. And I can't even ping the next hop router (100.100.100.66). But I can surf the internet from my pc. its such that accessing the server within 100.100.100.64/26 network are not working at all.
But if you try to ping or access the server outside of your network, its 100% working.
So i am getting clueless where am i going to start to troubleshoot.
Check my config below:
Exchange Server IP: 100.100.100.69
Gateway: 100.100.100.65
PC: 192.168.111.22
GW: 192.168.111.1
Cisco7206:
interface FastEthernet1/0
description Connection-to-Digitel
ip address 100.100.100.65 255.255.255.192
ip nat outside
ip policy route-map Digitel
duplex half
interface FastEthernet4/0.1
description VLAN1-Management
encapsulation dot1Q 1 native
ip address 192.168.111.1 255.255.255.0
no ip redirects
ip nat inside
ip nat pool primary-pool 100.100.100.67 100.100.100.68 netmask 255.255.255.192
ip nat inside source route-map primary-map pool primary-pool overload
route-map primary-map permit 10
match ip address 10
set interface FastEthernet4/0
!
route-map Digitel permit 20
match ip address 30
set interface FastEthernet1/0
access-list 10 permit 192.168.111.0 0.0.0.255
access-list 30 permit 100.100.100.64 0.0.0.63
ip route 0.0.0.0 0.0.0.0 100.100.100.66
Our server and workstation are within my LAN. Can somebody check this out for me?
Thanks in advance
10-08-2007 10:42 AM
Are you able to ping ip's like yahoo.com ip address. If so try to add a static ARP entry for the Server's MAc address on the router.
10-08-2007 11:32 AM
Can I ask you why do you have the policy map 'ip policy route-map Digitel' appllied on F1/0 interface and it doesn't appear to have been configured correct. Can you remove the policy map from f1/0 and test?
If you can provide more details of what you are trying to accomplish with the policy routing then we can assist you in coming up with the right configuration required.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: