Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
576
Views
0
Helpful
12
Replies

Have two sets of Public IP and can't access the internet

shanemcanuff
Level 1
Level 1

‎09-09-2009 11:49 AM - edited ‎03-04-2019 05:59 AM

I got two sets of public IP from my ISP, one /30 and /24. I have a 2811 router which is connect to the ISP cisco switch. On my router I have the /30 and and the next interface is the /24 which is connect to a switch. I can ping my ISP GW and DNS servers but I can't access the internet. Can anyone look at my config and tell me what I am missing.

=======

EDGE-Router>en

EDGE-Router#show run

Building configuration...

Current configuration : 3335 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname EDGE-Router

!

boot-start-marker

boot-end-marker

!

logging buffered 51200 warnings

!

no aaa new-model

!

!

ip cef

!

!

ip domain name yourdomain.com

multilink bundle-name authenticated

!

!

!

archive

log config

hidekeys

!

!

!

!

!

interface Loopback0

no ip address

ip nat inside

ip virtual-reassembly

!

interface FastEthernet0/0

description LINK TO ISP

ip address 69.177.74.206 255.255.255.252

ip virtual-reassembly

duplex auto

speed auto

!

interface FastEthernet0/1

description LINK TO ARTNET INTERNET SWITCH 23RD FLOOR

ip address 69.177.131.2 255.255.255.0

ip virtual-reassembly

duplex auto

speed auto

!

interface FastEthernet0/0/0

!

interface FastEthernet0/0/1

!

interface FastEthernet0/0/2

!

interface FastEthernet0/0/3

!

interface Vlan1

no ip address

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 69.167.64.205

!

!

ip http server

ip http access-class 23

ip http authentication local

ip http timeout-policy idle 60 life 86400 requests 10000

!

ip access-list standard outside-nat-inside

permit 192.168.0.0 0.0.0.255 log

permit any log

!

access-list 23 permit 10.10.10.0 0.0.0.7

!

!

control-plane

!

!

line con 0

password 7 002501120A5E1F540472

logging synchronous

login

line aux 0

line vty 0 4

access-class 23 in

privilege level 15

password 7 13240506050910782077

logging synchronous

login

transport input telnet

line vty 5 15

access-class 23 in

privilege level 15

login local

transport input telnet

!

scheduler allocate 20000 1000

!

end

Labels:
0 Helpful
12 Replies 12

Jon Marshall
Hall of Fame
Hall of Fame

‎09-09-2009 11:53 AM

Shane

This is a bit confusing. Your default route points to 69.167.64.205 which is the other end of the /30.

So what are you trying to achieve with the /24 ?

Jon

0 Helpful

shanemcanuff
Level 1
Level 1
In response to Jon Marshall

‎09-09-2009 12:09 PM

With the /24 I want to connect any systems that is connected to the switch on that interface to access the internet or I can access it from the internet since the /24 I have are public IP

0 Helpful

shanemcanuff
Level 1
Level 1
In response to Jon Marshall

‎09-09-2009 12:12 PM

69.167.64.205 sorry I mean 69.177.74.205 is the ISP gateway. from my router I can ping www.goolge.com but when I connect to the swicth which /24 is connected to I can ping up the the ISP gateway and DNS servers but can't access the internet.

0 Helpful

Edison Ortiz
Hall of Fame
Hall of Fame
In response to shanemcanuff

‎09-09-2009 12:16 PM

Verify your ISP has a route back to your /24 subnet, if they don't - the internet won't know how to get back to you.

Your config is fine.

BTW, where are you implementing NAT in your network?

__

Edison.

0 Helpful

shanemcanuff
Level 1
Level 1
In response to Edison Ortiz

‎09-09-2009 12:38 PM

Edison, I was thinking to do NAT but since two set of IP's are public do I have to do NAT?

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to shanemcanuff

‎09-09-2009 12:45 PM

Shane

No, you shouldn't have to.

As Edison says, your config looks good. Assuming you have the default-gateway etc. correct on your /24 subnet clients i would check with your ISP.

Have you ruled out DNS ie. have you pinged google's IP address rather than URL.

Jon

0 Helpful

Edison Ortiz
Hall of Fame
Hall of Fame
In response to shanemcanuff

‎09-09-2009 01:02 PM

If every device internally is going to be on the public /24, you don't need NAT but I find it odd that you will use a public /24 for your internal network. What type of business environment is this? Hosting services?

BTW, I agree with Jon - try pinging an IP instead of name from the switch holding an IP from the /24 subnet. Try pinging 4.2.2.1

__

Edison.

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to shanemcanuff

‎09-09-2009 12:18 PM

Shane

Are you sure the ISP is routing the /24 back to you ?

Jon

0 Helpful

Edison Ortiz
Hall of Fame
Hall of Fame

‎09-09-2009 12:14 PM

Your default route is incorrect.

ip route 0.0.0.0 0.0.0.0 69.167.64.205

Based on the IP address on the WAN interface

description LINK TO ISP

ip address 69.177.74.206 255.255.255.252

it should be

ip route 0.0.0.0 0.0.0.0 69.177.74.205

0 Helpful

shanemcanuff
Level 1
Level 1
In response to Edison Ortiz

‎09-09-2009 12:35 PM

the ip route 0.0.0.0 0.0.0.0 69.167.64.205 was a error I typed. the ISP gateway is 69.177.74.205.

0 Helpful

shanemcanuff
Level 1
Level 1
In response to shanemcanuff

‎09-09-2009 01:31 PM

Thanks a lot guy, I call my ISP and for some reason the engineer forget to route the /24 to me.

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to shanemcanuff

‎09-09-2009 01:34 PM

Shane

Yep, that would do it :-)

Glad you got it sorted.

Jon

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card