cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1028
Views
5
Helpful
11
Replies

2811 router NAT/Routing issue ( Urgent)

mirzaakberali
Level 1
Level 1

Hello All,

Can you please look at my configuration and suggest your ideas.

My Current network details:-

Br_router- HQ router- Etisalat ISPCloud for internet

- Branch ofc router and HQ are connected with a Leased line .

-From HQ router Internet link is connected from ISP on a Fast ethernet port.

-Between Branch office and HQ Eigrp 1 is configured and able to ping till HQ.

-From HQ default route is configured towards ISP ip address to access internet from router.

-After this HQ router is able to ping Outside WWW world.

*- To allow Branch office also to access the same HQ internet i have configured PAT with access-list allowing Branch ofc network on HQ router , but still i can not able to access/ping internet.

Configuration:-

HQ router:-

Interface ser 0/3/1 (leasedline ->Branch)

ip address 172.30.1.10 255.255.255.0

no shut

interface fa 0/1 ( ISP connection)

ip add 194.170.133.126 255.255.255.252

no shut

Router Eigrp 1

network 172.30.0.0 0.0.255.255

no auto-summary

-ip route 0.0.0.0 0.0.0.0 194.170.133.125

(default route for ISP link)

-ip nat pool INTERNET 94.56.64.120 94.56.64.127 netmask 255.255.255.248

-ip nat inside source list 1 pool INTERNET overload

access-list 1 permit 172.30.0.0 0.0.255.255

access-list 1 permit 192.168.20.0 0.0.0.255

BR office router:-

Interface serial0

ip add 172.30.1.20 255.255.255.0

no shut

router eigrp 1

redistribute connected

network 172.30.1.0

no auto-summary

After configuring above configuration i am not able to ping 194.170.133.125 ip address which is the ISP end ip from Branch office router and not able

to ping www world.

at Branch off router , my trace is not crossing beyond 172.30.1.10.

at the other end at HQ router i am able to ping 194.170.133.125 and ping www world .

Thanks for all your support.

2 Accepted Solutions

Accepted Solutions

ralphcarter
Level 1
Level 1

As Jon stated, put:

"ip nat inside" under your serial connection to Br

If this still fails, then make sure.

1. 94.56.64.120 - 94.56.64.127 is the correct range of public IPs you are allocated.

2. HQ has a route for the 192.168.x.x segment.

CCIE 26175
www.techsnips.com

View solution in original post

Mirza

The branch router needs a default route for internet destinations.

As Kevin suggests easiest thing is to add this to your config on HQ router

router eigrp 1

redistribute static

that way the default route configured on the HQ router will be passed to the branch router.

Where are we this, is it still not working ? If not can you add the above and also ensure you have added "ip nat inside" to the serial interface on HQ router and then retest and let us know.

Jon

View solution in original post

11 Replies 11

Jon Marshall
Hall of Fame
Hall of Fame

Mirza

I'm assuming you have been allocated the 94.56.64.x addresses you have used in your NAT pool ?

Under your interfaces on the HQ router have you configured "ip nat inside" and "ip nat outside" ie.

HQ router

int s0/3/1

ip nat inside

int fa0/1

ip nat outside

Jon

Hello John,

Thanks for your reply!

I have configured "Ip Nat outside on fa 0/1 port on HQ router, but did not configure "IP nat inside on se 0/3/1 interface.

Do we need this to be configured?

Also do we need IP NAT inside/outside on Branch router Ser 0 interface ?

Please explain incase if it requires.

Thanks,

Mirza.

Mirza

"I have configured "Ip Nat outside on fa 0/1 port on HQ router, but did not configure "IP nat inside on se 0/3/1 interface.

Do we need this to be configured?"

Yes you do.

"Also do we need IP NAT inside/outside on Branch router Ser 0 interface ?"

No you don't.

Jon

Hi,

Add default route on branch router towards HQ.

Hello Surya,

I tried putting default routes at Branch router several times , but internet didn't work.

Following default routes i tried one by one and checked -

ip route 0.0.0.0 0.0.0.0 194.170.133.125

ip route 0.0.0.0 0.0.0.0 194.170.133.126

ip route 0.0.0.0 0.0.0.0 172.30.1.10

after all this my trace was reaching 194.170.133.126 ip....which is our end ISP IP while giving trace as

Traceroute 194.170.133.125.

I dont think its a default route issue, may be something to do with NAT ...

Thanks,

Mirza.

Mirza

I don't know if you kept this line in

ip route 0.0.0.0 0.0.0.0 172.30.1.10

but you DO need it, or at least stick a redistribute static on the HQ router.

Hello,

I have configured Eigrp between HQ and Branch locations ,so can you plz explain why we need a static route at Branch router.

Thanks,

Mirza.

Mirza

The branch router needs a default route for internet destinations.

As Kevin suggests easiest thing is to add this to your config on HQ router

router eigrp 1

redistribute static

that way the default route configured on the HQ router will be passed to the branch router.

Where are we this, is it still not working ? If not can you add the above and also ensure you have added "ip nat inside" to the serial interface on HQ router and then retest and let us know.

Jon

ralphcarter
Level 1
Level 1

As Jon stated, put:

"ip nat inside" under your serial connection to Br

If this still fails, then make sure.

1. 94.56.64.120 - 94.56.64.127 is the correct range of public IPs you are allocated.

2. HQ has a route for the 192.168.x.x segment.

CCIE 26175
www.techsnips.com

Hello,

After giving IP NAT inside at HQ router ,still Branch router is not able to ping HQ ISP end IP .

NAT Pool is correctly configured, as i re-confirmed.

Do we need IP NAT inside on Branch router also?

Thanks,

Mirza.

All,

Issue has been resolved after giving the same IP NAT inside on HQ router .

My sincere thanks for all of your great and prompt response :).

Thanks,

Mirza.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco