2811 router NAT/Routing issue ( Urgent)

Answered Question
Sep 7th, 2009
User Badges:

Hello All,


Can you please look at my configuration and suggest your ideas.


My Current network details:-


Br_router- HQ router- Etisalat ISPCloud for internet


- Branch ofc router and HQ are connected with a Leased line .

-From HQ router Internet link is connected from ISP on a Fast ethernet port.

-Between Branch office and HQ Eigrp 1 is configured and able to ping till HQ.

-From HQ default route is configured towards ISP ip address to access internet from router.

-After this HQ router is able to ping Outside WWW world.

*- To allow Branch office also to access the same HQ internet i have configured PAT with access-list allowing Branch ofc network on HQ router , but still i can not able to access/ping internet.


Configuration:-

HQ router:-

Interface ser 0/3/1 (leasedline ->Branch)

ip address 172.30.1.10 255.255.255.0

no shut

interface fa 0/1 ( ISP connection)

ip add 194.170.133.126 255.255.255.252

no shut

Router Eigrp 1

network 172.30.0.0 0.0.255.255

no auto-summary

-ip route 0.0.0.0 0.0.0.0 194.170.133.125

(default route for ISP link)

-ip nat pool INTERNET 94.56.64.120 94.56.64.127 netmask 255.255.255.248

-ip nat inside source list 1 pool INTERNET overload

access-list 1 permit 172.30.0.0 0.0.255.255

access-list 1 permit 192.168.20.0 0.0.0.255



BR office router:-

Interface serial0

ip add 172.30.1.20 255.255.255.0

no shut

router eigrp 1

redistribute connected

network 172.30.1.0

no auto-summary


After configuring above configuration i am not able to ping 194.170.133.125 ip address which is the ISP end ip from Branch office router and not able

to ping www world.

at Branch off router , my trace is not crossing beyond 172.30.1.10.


at the other end at HQ router i am able to ping 194.170.133.125 and ping www world .


Thanks for all your support.

Correct Answer by Jon Marshall about 7 years 10 months ago

Mirza


The branch router needs a default route for internet destinations.


As Kevin suggests easiest thing is to add this to your config on HQ router


router eigrp 1

redistribute static


that way the default route configured on the HQ router will be passed to the branch router.


Where are we this, is it still not working ? If not can you add the above and also ensure you have added "ip nat inside" to the serial interface on HQ router and then retest and let us know.


Jon

Correct Answer by ralphcarter about 7 years 10 months ago

As Jon stated, put:


"ip nat inside" under your serial connection to Br


If this still fails, then make sure.


1. 94.56.64.120 - 94.56.64.127 is the correct range of public IPs you are allocated.

2. HQ has a route for the 192.168.x.x segment.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
Loading.
Jon Marshall Tue, 09/08/2009 - 00:35
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Mirza


I'm assuming you have been allocated the 94.56.64.x addresses you have used in your NAT pool ?


Under your interfaces on the HQ router have you configured "ip nat inside" and "ip nat outside" ie.


HQ router


int s0/3/1

ip nat inside


int fa0/1

ip nat outside


Jon

mirzaakberali Tue, 09/08/2009 - 02:44
User Badges:

Hello John,


Thanks for your reply!


I have configured "Ip Nat outside on fa 0/1 port on HQ router, but did not configure "IP nat inside on se 0/3/1 interface.


Do we need this to be configured?


Also do we need IP NAT inside/outside on Branch router Ser 0 interface ?


Please explain incase if it requires.


Thanks,

Mirza.

Jon Marshall Tue, 09/08/2009 - 04:02
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Mirza


"I have configured "Ip Nat outside on fa 0/1 port on HQ router, but did not configure "IP nat inside on se 0/3/1 interface.


Do we need this to be configured?"


Yes you do.


"Also do we need IP NAT inside/outside on Branch router Ser 0 interface ?"


No you don't.


Jon

mirzaakberali Tue, 09/08/2009 - 02:52
User Badges:

Hello Surya,


I tried putting default routes at Branch router several times , but internet didn't work.


Following default routes i tried one by one and checked -



ip route 0.0.0.0 0.0.0.0 194.170.133.125


ip route 0.0.0.0 0.0.0.0 194.170.133.126


ip route 0.0.0.0 0.0.0.0 172.30.1.10


after all this my trace was reaching 194.170.133.126 ip....which is our end ISP IP while giving trace as

Traceroute 194.170.133.125.



I dont think its a default route issue, may be something to do with NAT ...


Thanks,

Mirza.








ktwaddell Tue, 09/08/2009 - 06:22
User Badges:

Mirza


I don't know if you kept this line in

ip route 0.0.0.0 0.0.0.0 172.30.1.10


but you DO need it, or at least stick a redistribute static on the HQ router.

mirzaakberali Tue, 09/08/2009 - 08:36
User Badges:

Hello,


I have configured Eigrp between HQ and Branch locations ,so can you plz explain why we need a static route at Branch router.


Thanks,

Mirza.

Correct Answer
Jon Marshall Tue, 09/08/2009 - 08:55
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Mirza


The branch router needs a default route for internet destinations.


As Kevin suggests easiest thing is to add this to your config on HQ router


router eigrp 1

redistribute static


that way the default route configured on the HQ router will be passed to the branch router.


Where are we this, is it still not working ? If not can you add the above and also ensure you have added "ip nat inside" to the serial interface on HQ router and then retest and let us know.


Jon

Correct Answer
ralphcarter Tue, 09/08/2009 - 03:56
User Badges:

As Jon stated, put:


"ip nat inside" under your serial connection to Br


If this still fails, then make sure.


1. 94.56.64.120 - 94.56.64.127 is the correct range of public IPs you are allocated.

2. HQ has a route for the 192.168.x.x segment.

mirzaakberali Tue, 09/08/2009 - 08:53
User Badges:

Hello,


After giving IP NAT inside at HQ router ,still Branch router is not able to ping HQ ISP end IP .


NAT Pool is correctly configured, as i re-confirmed.


Do we need IP NAT inside on Branch router also?



Thanks,

Mirza.

mirzaakberali Tue, 09/08/2009 - 10:55
User Badges:

All,


Issue has been resolved after giving the same IP NAT inside on HQ router .


My sincere thanks for all of your great and prompt response :).


Thanks,

Mirza.

Actions

This Discussion