Have two sets of Public IP and can't access the internet

Unanswered Question
Sep 9th, 2009
User Badges:

I got two sets of public IP from my ISP, one /30 and /24. I have a 2811 router which is connect to the ISP cisco switch. On my router I have the /30 and and the next interface is the /24 which is connect to a switch. I can ping my ISP GW and DNS servers but I can't access the internet. Can anyone look at my config and tell me what I am missing.

=======



EDGE-Router>en

EDGE-Router#show run

Building configuration...


Current configuration : 3335 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname EDGE-Router

!

boot-start-marker

boot-end-marker

!

logging buffered 51200 warnings

!

no aaa new-model

!

!

ip cef

!

!

ip domain name yourdomain.com

multilink bundle-name authenticated

!

!

!

archive

log config

hidekeys

!

!

!

!

!

interface Loopback0

no ip address

ip nat inside

ip virtual-reassembly

!

interface FastEthernet0/0

description LINK TO ISP

ip address 69.177.74.206 255.255.255.252

ip virtual-reassembly

duplex auto

speed auto

!

interface FastEthernet0/1

description LINK TO ARTNET INTERNET SWITCH 23RD FLOOR

ip address 69.177.131.2 255.255.255.0

ip virtual-reassembly

duplex auto

speed auto

!

interface FastEthernet0/0/0

!

interface FastEthernet0/0/1

!

interface FastEthernet0/0/2

!

interface FastEthernet0/0/3

!

interface Vlan1

no ip address

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 69.167.64.205

!

!

ip http server

ip http access-class 23

ip http authentication local

ip http timeout-policy idle 60 life 86400 requests 10000


!

ip access-list standard outside-nat-inside

permit 192.168.0.0 0.0.0.255 log

permit any log

!

access-list 23 permit 10.10.10.0 0.0.0.7

!

!

control-plane

!




!

line con 0

password 7 002501120A5E1F540472

logging synchronous

login

line aux 0

line vty 0 4

access-class 23 in

privilege level 15

password 7 13240506050910782077

logging synchronous

login

transport input telnet

line vty 5 15

access-class 23 in

privilege level 15

login local

transport input telnet

!

scheduler allocate 20000 1000

!

end




  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Wed, 09/09/2009 - 11:53
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Shane


This is a bit confusing. Your default route points to 69.167.64.205 which is the other end of the /30.


So what are you trying to achieve with the /24 ?


Jon

shanemcanuff Wed, 09/09/2009 - 12:09
User Badges:

With the /24 I want to connect any systems that is connected to the switch on that interface to access the internet or I can access it from the internet since the /24 I have are public IP

shanemcanuff Wed, 09/09/2009 - 12:12
User Badges:

69.167.64.205 sorry I mean 69.177.74.205 is the ISP gateway. from my router I can ping www.goolge.com but when I connect to the swicth which /24 is connected to I can ping up the the ISP gateway and DNS servers but can't access the internet.

Edison Ortiz Wed, 09/09/2009 - 12:16
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

Verify your ISP has a route back to your /24 subnet, if they don't - the internet won't know how to get back to you.


Your config is fine.


BTW, where are you implementing NAT in your network?


__


Edison.

shanemcanuff Wed, 09/09/2009 - 12:38
User Badges:

Edison, I was thinking to do NAT but since two set of IP's are public do I have to do NAT?

Jon Marshall Wed, 09/09/2009 - 12:45
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Shane


No, you shouldn't have to.


As Edison says, your config looks good. Assuming you have the default-gateway etc. correct on your /24 subnet clients i would check with your ISP.


Have you ruled out DNS ie. have you pinged google's IP address rather than URL.


Jon

Edison Ortiz Wed, 09/09/2009 - 13:02
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

If every device internally is going to be on the public /24, you don't need NAT but I find it odd that you will use a public /24 for your internal network. What type of business environment is this? Hosting services?


BTW, I agree with Jon - try pinging an IP instead of name from the switch holding an IP from the /24 subnet. Try pinging 4.2.2.1


__


Edison.

Jon Marshall Wed, 09/09/2009 - 12:18
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Shane


Are you sure the ISP is routing the /24 back to you ?


Jon

Edison Ortiz Wed, 09/09/2009 - 12:14
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

Your default route is incorrect.


ip route 0.0.0.0 0.0.0.0 69.167.64.205


Based on the IP address on the WAN interface


description LINK TO ISP

ip address 69.177.74.206 255.255.255.252


it should be


ip route 0.0.0.0 0.0.0.0 69.177.74.205



shanemcanuff Wed, 09/09/2009 - 12:35
User Badges:

the ip route 0.0.0.0 0.0.0.0 69.167.64.205 was a error I typed. the ISP gateway is 69.177.74.205.

shanemcanuff Wed, 09/09/2009 - 13:31
User Badges:

Thanks a lot guy, I call my ISP and for some reason the engineer forget to route the /24 to me.

Jon Marshall Wed, 09/09/2009 - 13:34
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Shane


Yep, that would do it :-)


Glad you got it sorted.


Jon

Actions

This Discussion