03-15-2009 08:03 AM - edited 03-04-2019 03:56 AM
I've tried searching around these forums and google, but apparently I can't phrase my searches right. Here's the issue:
I recently added another T1 and combined them with multilink ppp. This works great from inside my network: internet access is fast and stable. From outside, however, traffic cannot come in. I can ping the external interface of my router from off network, but cannot ping the internal interface, nor any other public IP on the inside of the 2651. I should note that I inherited this network and am kind of new to Cisco routers. Here is the config of the router; if anyone could tell me if anything is suspect or point me in a direction to look next, I'd greatly appreciate it. Thanks:
interface Multilink1
description TWTC MLPPP
ip address 66.193.28.242 255.255.255.252
ip nat outside
ppp multilink
ppp multilink fragment delay 500
ppp multilink group 1
!
interface FastEthernet0/0
description Connected to LAN
ip address 64.128.125.58 255.255.255.248
ip nat inside
duplex auto
speed auto
!
interface Serial0/0
description TWTC Multilink Interface #1
no ip address
encapsulation ppp
service-module t1 timeslots 1-24
ppp multilink
ppp multilink group 1
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/1
description TWTC multilink interface #2
no ip address
encapsulation ppp
service-module t1 timeslots 1-24
ppp multilink
ppp multilink group 1
!
ip nat inside source list 100 interface Multilink1 overload
ip http server
no ip http secure-server
ip classless
ip route 0.0.0.0 0.0.0.0 66.193.28.241
ip route 192.168.0.0 255.255.0.0 64.128.125.59
!
ip access-list extended protocol
access-list 1 permit 64.128.125.59
access-list 23 permit 64.128.125.59
access-list 100 permit ip any any
03-15-2009 01:55 PM
Bryan
I would start my response by asking if access initiated from the Internet worked before you changed the configuration to use multilink? The phrasing of the question seems to believe that the problem has to do with multilink. But I believe that the configuration of address translation would not have permitted access to be initiated from the Internet no matter whether it was multilink or dedicated serial interface or whatever.
Your config sets up address translation with FastEther0/0 as interface inside, with the multilink as interface outside, and a dynamic translation with overload using the multilink address for all traffic coming from FastEther0/0. The result of this type of translation is that when any device inside sends traffic to the Internet the router sets up a translation for that device, ad the entry in the translate table allows traffic from the Internet to reach the correct inside device. But when traffic is initiated from the Internet, it gets to the router and the router is not sure which device should receive it because there is not an existing translation. For the Internet to initiate traffic to inside devices the typical solution is to provide a static translation for any device inside which should be reachable for traffic initiated from the Internet.
And in reading the post over again, I believe that I see another problem (which may or may not be related). You say:"cannot ping the internal interface, nor any other public IP on the inside of the 2651". This suggests that who ever you connect to on the multilink is not routing the 64.128.125.56/29 block of addresses to you. If you can get that issue resolved, and if you change the address translation so that traffic from that address block is not translated then devices in that address block should be reachable from the Internet.
HTH
Rick
03-15-2009 02:07 PM
Thank you very much for your help, Rick. Would you be able to guide me in how to set the NATing up correctly? I'm pretty new at Cisco IOS.
Indeed, access initiated from the Internet worked just fine before multilink, though I don't think it's the multilink that's the problem, since the external multilink1 interface seems to be doing its job just fine.
03-15-2009 02:26 PM
Bryan
Did you make changes in the router other than adding a second serial link and configuring multilink? If so please explain what else you changed.
Do you have a copy of the router config before the changes for multilink were made? If so can you post that config for comparison?
We might be able to advise you about the changes in address translation if we knew more details about your situation. For starters, if you are not going to translate the 64.128.125.56/29 address block, then what addresses are you going to want to translate?
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide