09-07-2009 10:59 PM - edited 03-06-2019 07:37 AM
Hello All,
Can you please look at my configuration and suggest your ideas.
My Current network details:-
Br_router- HQ router- Etisalat ISPCloud for internet
- Branch ofc router and HQ are connected with a Leased line .
-From HQ router Internet link is connected from ISP on a Fast ethernet port.
-Between Branch office and HQ Eigrp 1 is configured and able to ping till HQ.
-From HQ default route is configured towards ISP ip address to access internet from router.
-After this HQ router is able to ping Outside WWW world.
*- To allow Branch office also to access the same HQ internet i have configured PAT with access-list allowing Branch ofc network on HQ router , but still i can not able to access/ping internet.
Configuration:-
HQ router:-
Interface ser 0/3/1 (leasedline ->Branch)
ip address 172.30.1.10 255.255.255.0
no shut
interface fa 0/1 ( ISP connection)
ip add 194.170.133.126 255.255.255.252
no shut
Router Eigrp 1
network 172.30.0.0 0.0.255.255
no auto-summary
-ip route 0.0.0.0 0.0.0.0 194.170.133.125
(default route for ISP link)
-ip nat pool INTERNET 94.56.64.120 94.56.64.127 netmask 255.255.255.248
-ip nat inside source list 1 pool INTERNET overload
access-list 1 permit 172.30.0.0 0.0.255.255
access-list 1 permit 192.168.20.0 0.0.0.255
BR office router:-
Interface serial0
ip add 172.30.1.20 255.255.255.0
no shut
router eigrp 1
redistribute connected
network 172.30.1.0
no auto-summary
After configuring above configuration i am not able to ping 194.170.133.125 ip address which is the ISP end ip from Branch office router and not able
to ping www world.
at Branch off router , my trace is not crossing beyond 172.30.1.10.
at the other end at HQ router i am able to ping 194.170.133.125 and ping www world .
Thanks for all your support.
Solved! Go to Solution.
09-08-2009 03:56 AM
As Jon stated, put:
"ip nat inside" under your serial connection to Br
If this still fails, then make sure.
1. 94.56.64.120 - 94.56.64.127 is the correct range of public IPs you are allocated.
2. HQ has a route for the 192.168.x.x segment.
09-08-2009 08:55 AM
Mirza
The branch router needs a default route for internet destinations.
As Kevin suggests easiest thing is to add this to your config on HQ router
router eigrp 1
redistribute static
that way the default route configured on the HQ router will be passed to the branch router.
Where are we this, is it still not working ? If not can you add the above and also ensure you have added "ip nat inside" to the serial interface on HQ router and then retest and let us know.
Jon
09-08-2009 12:35 AM
Mirza
I'm assuming you have been allocated the 94.56.64.x addresses you have used in your NAT pool ?
Under your interfaces on the HQ router have you configured "ip nat inside" and "ip nat outside" ie.
HQ router
int s0/3/1
ip nat inside
int fa0/1
ip nat outside
Jon
09-08-2009 02:44 AM
Hello John,
Thanks for your reply!
I have configured "Ip Nat outside on fa 0/1 port on HQ router, but did not configure "IP nat inside on se 0/3/1 interface.
Do we need this to be configured?
Also do we need IP NAT inside/outside on Branch router Ser 0 interface ?
Please explain incase if it requires.
Thanks,
Mirza.
09-08-2009 04:02 AM
Mirza
"I have configured "Ip Nat outside on fa 0/1 port on HQ router, but did not configure "IP nat inside on se 0/3/1 interface.
Do we need this to be configured?"
Yes you do.
"Also do we need IP NAT inside/outside on Branch router Ser 0 interface ?"
No you don't.
Jon
09-08-2009 02:43 AM
Hi,
Add default route on branch router towards HQ.
09-08-2009 02:52 AM
Hello Surya,
I tried putting default routes at Branch router several times , but internet didn't work.
Following default routes i tried one by one and checked -
ip route 0.0.0.0 0.0.0.0 194.170.133.125
ip route 0.0.0.0 0.0.0.0 194.170.133.126
ip route 0.0.0.0 0.0.0.0 172.30.1.10
after all this my trace was reaching 194.170.133.126 ip....which is our end ISP IP while giving trace as
Traceroute 194.170.133.125.
I dont think its a default route issue, may be something to do with NAT ...
Thanks,
Mirza.
09-08-2009 06:22 AM
Mirza
I don't know if you kept this line in
ip route 0.0.0.0 0.0.0.0 172.30.1.10
but you DO need it, or at least stick a redistribute static on the HQ router.
09-08-2009 08:36 AM
Hello,
I have configured Eigrp between HQ and Branch locations ,so can you plz explain why we need a static route at Branch router.
Thanks,
Mirza.
09-08-2009 08:55 AM
Mirza
The branch router needs a default route for internet destinations.
As Kevin suggests easiest thing is to add this to your config on HQ router
router eigrp 1
redistribute static
that way the default route configured on the HQ router will be passed to the branch router.
Where are we this, is it still not working ? If not can you add the above and also ensure you have added "ip nat inside" to the serial interface on HQ router and then retest and let us know.
Jon
09-08-2009 03:56 AM
As Jon stated, put:
"ip nat inside" under your serial connection to Br
If this still fails, then make sure.
1. 94.56.64.120 - 94.56.64.127 is the correct range of public IPs you are allocated.
2. HQ has a route for the 192.168.x.x segment.
09-08-2009 08:53 AM
Hello,
After giving IP NAT inside at HQ router ,still Branch router is not able to ping HQ ISP end IP .
NAT Pool is correctly configured, as i re-confirmed.
Do we need IP NAT inside on Branch router also?
Thanks,
Mirza.
09-08-2009 10:55 AM
All,
Issue has been resolved after giving the same IP NAT inside on HQ router .
My sincere thanks for all of your great and prompt response :).
Thanks,
Mirza.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide