05-13-2010 08:52 AM - edited 03-04-2019 08:28 AM
I'm not sure if the title makes sense or not but here is my problem. Cisco 1841 router currently setup with several static routes for web / email servers and such. Inside IP scheme is 192.168.1.x 255.255.255.0, example of outside IP scheme is 24.1.1.x 255.255.255.224. We had a block of 20 public outside IP address and ran out so our ISP issued us another block, 98.1.1.x 255.255.255.224. Everything with my old routes still work fine but any machine that I try to give a static route to under the new IP scheme cannot access the internet. Summary of our config is attached as a text file.
So basically my problem is that 192.168.1.162 cannot access the internet. I can ping the router on the inside (192.168.1.115) and outside (24.172.38.162) connection with no problem but thats as far as I get.
05-13-2010 09:05 AM
Hello Billy,
the provider has given you a second IP address block but not a second link to them?
you have added a default static route to 98.1.1.1 but I don't see any interface with ip 98.1.1.2 for example
you should simply use the new pool in NAT without attempting to add the static default route
if all above is valid you should remove the line
ip route 0.0.0.0 0.0.0.0 98.1.1.1
with:
no ip route 0.0.0.0 0.0.0.0 98.1.1.1
Hope to help
Giuseppe
05-13-2010 09:16 AM
Here is our setup
Fiber Line Coming In From ISP ---> Cisco Switch Managed by ISP ---> Cisco 1841 Router ---> Network Switches.
I guess that answers the first thing you asked.
So are you saying I should add a secondary IP onto my fa 0/1 with ip of 98.1.1.2 and then take out the ip route statement?
Sorry you lost me a little there.
05-13-2010 10:25 AM
Hello Bill,
one thing is to get a second public address block for NAT
another thing is routing
you need to use a reachable next-hop ip address
if you have only one link that second default route is simply wrong and meaningless
Hope to help
Giuseppe
05-13-2010 10:34 AM
Ok so if I want a machine with ip of 192.168.1.162 to have an outside
ip of 98.1.1.5 what do I need to do?
On May 13, 2010, at 1:25 PM, "giuslar"
05-13-2010 11:20 AM
Hi,
As Giuseppe said all you will need is another nat statement whether it be a static nat or pat or an overload with a nat pool.
05-13-2010 11:23 AM
I tried adding this statement
ip nat inside source static 192.168.1.162 98.1.1.5
But it didn't work, and I removed the extra ip route statement.
On May 13, 2010, at 2:20 PM, "KWillacey"
05-13-2010 11:31 AM
I have had issues with that a few times when you have a different subnet from what is configured on the interface, I just added a secondary IP address and that seemed to work so you can try that. If that doesnt work maybe the ISP misconfigured something on their end.
05-13-2010 12:44 PM
Well the thing that gets me that I just found out is that on my router I can ping 98.1.1.1 which is the gateway IP of the new IP block
05-17-2010 02:13 PM
I added the secondary interface...still not working...
05-17-2010 02:28 PM
Did you add a secondary interface or a secondary address? Giuseppe is correct in that right now, under the config that you posted, you don't have a 98.x.x.x address to route to. The default gateway can't be used. You can ping the address from your router because your OTHER gateway is routing you to it.
HTH,
John
05-17-2010 02:29 PM
Billy
As Giuseppe has said you do not need the second default route ie. ip route 0.0.0.0 0.0.0.0 98.1.1.1.
All you should need is the NAT statement and to make sure that proxy-arp is enabled on the interface connecting to the ISP.
Can you confirm that the ISP is routing this new block to the outside interface of your router ?
Jon
05-17-2010 02:32 PM
Yea sorry I meant address I dont know why I said interface.
My outside connection (FA0/1) now has a secondary ip in the 98..x.x.x subnet
I also have tested that everything is routed correct by the ISP as if I bypass the router and statically assign an IP everything works fine.
I have also removed the extra ip route statement and it's still not working.
05-17-2010 02:39 PM
cforce1841 wrote:
Yea sorry I meant address I dont know why I said interface.
My outside connection (FA0/1) now has a secondary ip in the 98..x.x.x subnet
I also have tested that everything is routed correct by the ISP as if I bypass the router and statically assign an IP everything works fine.
I have also removed the extra ip route statement and it's still not working.
Bit of a stupid question but have you allowed access to that new public IP in the acl on your outside interface.
Also not sure what you mean by bypassing the router it works. What you want the ISP to do is add a route on their router that looks like -
ip route 98.1.1.x 255.255.255.224 24.1.1.2
can you confirm they are doing this rather then expecting you to use a secondary interface on your router ?
Jon
05-17-2010 02:50 PM
The acl for my outside connection is in the config I posted, I don't think that it blocks access to it but I havn't added a specific allow. What would that statement look like and where would it go?
What I mean by bypassing the router is this...here is our setup
Fiber from ISP --> Cisco Switch owned by ISP -->Our router
The switch owned by the ISP only used 2 interfaces most of the time. One coming in from them and one going out to our router. If I plug up to another port on the switch with a patch cable to my laptop and assign a static ip in the 98.x.x.x subnet I can connect with no problem.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide