02-16-2009 06:41 AM - edited 03-06-2019 04:03 AM
Hi all,
I am trying to get out to the Internet using a PC that routes through two separate networks (10.1.13.0, 162.105.72.0) and it is not happening.
Here is my setup.
Edge Router = 162.105.72.1/24
LAN Router G0/0 = 162.105.72.14/24
LAN Router G0/1 = 10.1.13.1/24
PC = 10.1.13.30/24
My PC can ping both interfaces on my LAN Router.
My LAN Router can ping my PC, my Edge Router, and www.yahoo.com.
My PC cannot ping my Edge Router or anything outside of it.
My PC IP settings are as follows:
10.1.13.30/24
Default gateway: 10.1.13.1
My LAN router has the following entry:
Ip route 0.0.0.0 0.0.0.0 162.105.72.1
What am I missing? I was assuming the "Ip route 0.0.0.0 0.0.0.0 162.105.72.1" entry would forward any packets that are destined to somewhere unknown to it's next hop (162.105.1.1).
02-16-2009 06:45 AM
Did you configure NAT?
__
Edison.
02-16-2009 06:58 AM
Hello,
Are you NATing your internal IP range 10.1.13.0/24 before the packets leave towards the internet?
Another possibility is that your edge router doesn't have a route back to 10.1.13.0/24 network. What is the routing table of the edge router?
Regards
02-16-2009 07:34 AM
I agree that NAT is a likely cause of problems in getting to the Internet. But I believe that James has correctly identified the problem as the edge router not having a route back. Especially when the original post includes this:"My PC cannot ping my Edge Router". Ping to the edge router would not need NAT but would need a return route.
HTH
Rick
02-16-2009 07:39 AM
Well, his LAN router has a public routable IP so NAT can be configured in the LAN router and the Edge router does not need the internal subnet routing information.
02-16-2009 07:50 AM
Is it poor methodology from a security standpoint that I did not use a private address on the LAN router, and instead used a public address that is in the public IP scope of my LAN?
I am just trying to setup a test network, and learn a little more about routing.
02-16-2009 07:57 AM
It's not about security - it all depends how far out you want to extend your internal subnet information.
You have not provided much information about your topology but based on the initial post, I assumed your LAN router was yours and the Edge router was ISP owned.
Often, the ISP manages their own router and provides the customer with public IP addresses to assign to their routers.
If you have that scenario, then the NAT must be performed in your LAN router - which is the router with non-routable private subnet along with routable public subnet - instead of the Edge router which based in your post has public IP addressing on both interfaces.
HTH,
__
Edison.
02-16-2009 07:37 AM
Sorry, I am very much a novice....
I added the following route on the edge router:
ip route 10.1.13.0 255.255.255.0 162.105.72.14
Now I DO receive a reply from the edge router to my PC.
The natting aspect eluded me all together. Just to verify, I am going to NAT everything from the 10.1.13.0 to the 162.105.72.14 address, correct?
02-16-2009 07:48 AM
Kelly
You do not need to NAT traffic to the 162.105.72.14 but you need to NAT traffic that will go out to the Internet.
HTH
Rick
02-16-2009 07:59 AM
Lookup RFC-1918!
:-)
02-17-2009 03:52 AM
Hello,
You need to NAT the source address of internal traffic behind IP 162.105.72.14. It should be something like this
ip access-list 10 10.1.13.0 0.0.0.255
!
ip nat inside source list 10 interface g0/0 overload
!
interface g0/0
ip nat outside
interface g0/1
ip nat inside
I hope this helps
Thanks
James
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: