cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6550
Views
5
Helpful
25
Replies

Static Routes to Multiple Public IP Addresses

cforce1841
Level 1
Level 1

I'm not sure if the title makes sense or not but here is my problem.  Cisco 1841 router currently setup with several static routes for web / email servers and such.  Inside IP scheme is 192.168.1.x 255.255.255.0, example of outside IP scheme is 24.1.1.x 255.255.255.224.  We had a block of 20 public outside IP address and ran out so our ISP issued us another block, 98.1.1.x 255.255.255.224.  Everything with my old routes still work fine but any machine that I try to give a static route to under the new IP scheme cannot access the internet.  Summary of our config is attached as a text file.

So basically my problem is that 192.168.1.162 cannot access the internet.  I can ping the router on the inside (192.168.1.115) and outside (24.172.38.162) connection with no problem but thats as far as I get.

25 Replies 25

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Billy,

the provider has given you a second IP address block but not a second link to them?

you have added a default static route to 98.1.1.1 but I don't see any interface with ip 98.1.1.2 for example

you should simply use the new pool in NAT without attempting to add the static default route

if all above is valid you should remove the line

ip route 0.0.0.0 0.0.0.0 98.1.1.1

with:

no ip route 0.0.0.0 0.0.0.0 98.1.1.1

Hope to help

Giuseppe

Here is our setup

Fiber Line Coming In From ISP ---> Cisco Switch Managed by ISP ---> Cisco 1841 Router ---> Network Switches.

I guess that answers the first thing you asked.

So are you saying I should add a secondary IP onto my fa 0/1 with ip of 98.1.1.2 and then take out the ip route statement?

Sorry you lost me a little there.

Hello Bill,

one thing is to get a second public address block for NAT

another thing is routing

you need to use a reachable next-hop ip address

if you have only one link that second default route is simply wrong and meaningless

Hope to help

Giuseppe

Ok so if I want a machine with ip of 192.168.1.162 to have an outside

ip of 98.1.1.5 what do I need to do?

On May 13, 2010, at 1:25 PM, "giuslar"

Hi,

As Giuseppe said all you will need is another nat statement whether it be a static nat or pat or an overload with a nat pool.

I tried adding this statement

ip nat inside source static 192.168.1.162 98.1.1.5

But it didn't work, and I removed the extra ip route statement.

On May 13, 2010, at 2:20 PM, "KWillacey"

I have had issues with that a few times when you have a different subnet from what is configured on the interface, I just added a secondary IP address and that seemed to work so you can try that. If that doesnt work maybe the ISP misconfigured something on their end.

Well the thing that gets me that I just found out is that on my router I can ping 98.1.1.1 which is the gateway IP of the new IP block

I added the secondary interface...still not working...

Did you add a secondary interface or a secondary address? Giuseppe is correct in that right now, under the config that you posted, you don't have a 98.x.x.x address to route to. The default gateway can't be used. You can ping the address from your router because your OTHER gateway is routing you to it.

HTH,

John

HTH, John *** Please rate all useful posts ***

Billy

As Giuseppe has said you do not need the second default route ie. ip route 0.0.0.0 0.0.0.0 98.1.1.1.

All you should need is the NAT statement and to make sure that proxy-arp is enabled on the interface connecting to the ISP.

Can you confirm that the ISP is routing this new block to the outside interface of your router ?

Jon

Yea sorry I meant address I dont know why I said interface.

My outside connection (FA0/1) now has a secondary ip in the 98..x.x.x subnet

I also have tested that everything is routed correct by the ISP as if I bypass the router and statically assign an IP everything works fine.

I have also removed the extra ip route statement and it's still not working.

cforce1841 wrote:

Yea sorry I meant address I dont know why I said interface.

My outside connection (FA0/1) now has a secondary ip in the 98..x.x.x subnet

I also have tested that everything is routed correct by the ISP as if I bypass the router and statically assign an IP everything works fine.

I have also removed the extra ip route statement and it's still not working.

Bit of a stupid question but have you allowed access to that new public IP in the acl on your outside interface.

Also not sure what you mean by bypassing the router it works. What you want the ISP to do is add a route on their router that looks like -

ip route 98.1.1.x 255.255.255.224 24.1.1.2

can you confirm they are doing this rather then expecting you to use a secondary interface on your router ?

Jon

The acl for my outside connection is in the config I posted, I don't think that it blocks access to it but I havn't added a specific allow.  What would that statement look like and where would it go?

What I mean by bypassing the router is this...here is our setup

Fiber from ISP --> Cisco Switch owned by ISP -->Our router

The switch owned by the ISP only used 2 interfaces most of the time.  One coming in from them and one going out to our router.  If I plug up to another port on the switch with a patch cable to my laptop and assign a static ip in the 98.x.x.x subnet I can connect with no problem.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: