10-09-2013 04:39 AM - edited 03-07-2019 03:56 PM
I have problem with my router.
In my topology ISP connected with my router and then swithces connected to routers.This is simple topology.
from router i can`t ping outside.For example ping 8.8.8.8 and ping failed.While Pc from internal can ping 8.8.8.8
also from routee i can`t ping it`s own external interface.while Pcs also can ping it
All Pcs have internet connection ,while router haven`t
there is my configuration
interface GigabitEthernet0/0
description Link To Internet
ip address 146.255.XX.XX 255.255.XX.XX
ip access-group 110 in
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
ip nat inside source route-map nat interface GigabitEthernet0/0 overload
route-map nat permit 10
match ip address 135
access-list 135 permit ip 172.16.87.0 0.0.0.127 any
When in configuration i delete command ip nat outside .then i can ping from router outside.after it i write command ip nat inside.
while 1-3 hours i can ping outside.but then can`t ping outside and it`s own external interface
I
Can anyone meet with this problem ?
Solved! Go to Solution.
10-09-2013 04:59 AM
Hi,
Can you get rid of ip nat enable command on both interfaces and let us know and if it still ain't working could you post sh access-list 110 output.
Regards
Alain
Don't forget to rate helpful posts.
10-09-2013 06:10 AM
Hi,
Can you post the entire config and also do this:
access-list 99 permit icmp host x.x.x.x 8.8.8.8 where x.x.x.x is your WAN IP
logging monitor 7
logging console 7
no serv timestamp debug
do debug ip pack detail 99
do debug ip nat 99 detailed
Then do your ping from the router to 8.8.8.8 and post results.
Regards
Alain
Don't forget to rate helpful posts.
10-09-2013 04:44 AM
Hi,
Can you post your sanitized running config.
Regards
Alain
Don't forget to rate helpful posts.
10-09-2013 04:47 AM
hi
This is my working configuration
interface GigabitEthernet0/0
description Link To Internet
ip address XXXXXXXXXXX
ip access-group 110 in
ip nat outside
ip nat enable
ip virtual-reassembly in
duplex auto
speed auto
interface GigabitEthernet0/1.1
encapsulation dot1Q 85
ip address 172.XXXXXX 255.XXXXXXX.0
ip nat inside
ip nat enable
ip virtual-reassembly in
no keepalive
ip nat inside source route-map nat interface GigabitEthernet0/0 overload
route-map nat permit 10
match ip address 135
access-list 135 permit ip 172.16.87.0 0.0.0.127 any
10-09-2013 04:59 AM
Hi,
Can you get rid of ip nat enable command on both interfaces and let us know and if it still ain't working could you post sh access-list 110 output.
Regards
Alain
Don't forget to rate helpful posts.
10-09-2013 05:07 AM
I delete command ip nat enable on both interfaces.
There is ACL 110
access-list 110 permit ip host XXXXXx any
access-list 110 permit ip host XXXXXX any
access-list 110 permit ip host XXXXX any
access-list 110 deny tcp any any eq 1720
access-list 110 deny tcp any any eq 5060
access-list 110 deny tcp any any eq 5061
access-list 110 deny udp any any eq 5061
access-list 110 deny udp any any eq 5060
access-list 110 deny tcp any any eq 1719
access-list 110 deny tcp any any eq 1718
access-list 110 deny tcp any any eq 2099
access-list 110 deny udp any any eq 1720
access-list 110 deny udp any any eq 1719
access-list 110 deny udp any any eq 1718
access-list 110 deny udp any any eq 2099
access-list 110 deny tcp any any eq telnet
access-list 110 deny tcp any any eq www
access-list 110 deny tcp any any eq 22
access-list 110 permit ip any any
10-09-2013 05:08 AM
Hi,
So I conclude it is still not working with both ip nat inside and ip nat outside on corresponding interfaces for router to internet communication ?
Regards
Alain
Don't forget to rate helpful posts.
10-09-2013 05:12 AM
Hi.You are right
I still can`t ping outside from router while users inside can ping outside and have internet.
Yesterday also was this issue.I deleted command ip nat outside ,then ping 8.8.8.8 and again write command ip nat outside.It was working till today.I try to do same but it wasn`t helpful
10-09-2013 05:33 AM
also i have statis nat
ip nat inside source static XXXXX interface GigabitEthernet0/0
10-09-2013 06:10 AM
Hi,
Can you post the entire config and also do this:
access-list 99 permit icmp host x.x.x.x 8.8.8.8 where x.x.x.x is your WAN IP
logging monitor 7
logging console 7
no serv timestamp debug
do debug ip pack detail 99
do debug ip nat 99 detailed
Then do your ping from the router to 8.8.8.8 and post results.
Regards
Alain
Don't forget to rate helpful posts.
10-10-2013 06:44 AM
I do same. in access list 99 there is no permit icmp because of it i choose acl 100
IP: s=146.255.241.58 (local), d=8.8.8.8, len 100, local feature
ICMP type=8, code=0, NAT(2), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
FIBipv4-packet-proc: route packet from (local) src 146.255.241.58 dst 8.8.8.8
FIBfwd-proc: packet routed by adj to GigabitEthernet0/0 146.255.241.57
FIBipv4-packet-proc: packet routing succeeded
IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, sending
ICMP type=8, code=0
IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, output feature
ICMP type=8, code=0, Post-routing NAT Outside(24), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, output feature
ICMP type=8, code=0, Common Flow Table(27), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, output feature
ICMP type=8, code=0, Stateful Inspection(28), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, output feature
ICMP type=8, code=0, IPSec output classification(34), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, output feature
ICMP type=8, code=0, NAT ALG proxy(59), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, output feature
ICMP type=8, code=0, IPSec: to crypto engine(76), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, output feature
ICMP type=8, code=0, Post-encryption output features(77), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, pre-encap feature
ICMP type=8, code=0, IPSec Output Encap(1), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, pre-encap feature
ICMP type=8, code=0, Crypto Engine(3), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, sending full packet
ICMP type=8, code=0.
IP: s=146.255.241.58 (local), d=8.8.8.8, len 100, local feature
ICMP type=8, code=0, NAT(2), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
FIBipv4-packet-proc: route packet from (local) src 146.255.241.58 dst 8.8.8.8
FIBfwd-proc: packet routed by adj to GigabitEthernet0/0 146.255.241.57
FIBipv4-packet-proc: packet routing succeeded
IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, sending
ICMP type=8, code=0
IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, output feature
ICMP type=8, code=0, Post-routing NAT Outside(24), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, output feature
ICMP type=8, code=0, Common Flow Table(27), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, output feature
ICMP type=8, code=0, Stateful Inspection(28), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, output feature
ICMP type=8, code=0, IPSec output classification(34), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, output feature
ICMP type=8, code=0, NAT ALG proxy(59), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, output feature
ICMP type=8, code=0, IPSec: to crypto engine(76), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, output feature
ICMP type=8, code=0, Post-encryption output features(77), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, pre-encap feature
ICMP type=8, code=0, IPSec Output Encap(1), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, pre-encap feature
ICMP type=8, code=0, Crypto Engine(3), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, sending full packet
ICMP type=8, code=0.
IP: s=146.255.241.58 (local), d=8.8.8.8, len 100, local feature
ICMP type=8, code=0, NAT(2), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
FIBipv4-packet-proc: route packet from (local) src 146.255.241.58 dst 8.8.8.8
FIBfwd-proc: packet routed by adj to GigabitEthernet0/0 146.255.241.57
FIBipv4-packet-proc: packet routing succeeded
IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, sending
ICMP type=8, code=0
IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, output feature
ICMP type=8, code=0, Post-routing NAT Outside(24), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, output feature
ICMP type=8, code=0, Common Flow Table(27), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, output feature
ICMP type=8, code=0, Stateful Inspection(28), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, output feature
ICMP type=8, code=0, IPSec output classification(34), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, output feature
ICMP type=8, code=0, NAT ALG proxy(59), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, output feature
ICMP type=8, code=0, IPSec: to crypto engine(76), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, output feature
ICMP type=8, code=0, Post-encryption output features(77), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, pre-encap feature
ICMP type=8, code=0, IPSec Output Encap(1), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, pre-encap feature
ICMP type=8, code=0, Crypto Engine(3), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, sending full packet
ICMP type=8, code=0.
IP: s=146.255.241.58 (local), d=8.8.8.8, len 100, local feature
ICMP type=8, code=0, NAT(2), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
FIBipv4-packet-proc: route packet from (local) src 146.255.241.58 dst 8.8.8.8
FIBfwd-proc: packet routed by adj to GigabitEthernet0/0 146.255.241.57
FIBipv4-packet-proc: packet routing succeeded
IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, sending
ICMP type=8, code=0
IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, output feature
ICMP type=8, code=0, Post-routing NAT Outside(24), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, output feature
ICMP type=8, code=0, Common Flow Table(27), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, output feature
ICMP type=8, code=0, Stateful Inspection(28), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, output feature
ICMP type=8, code=0, IPSec output classification(34), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, output feature
ICMP type=8, code=0, NAT ALG proxy(59), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, output feature
ICMP type=8, code=0, IPSec: to crypto engine(76), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, output feature
ICMP type=8, code=0, Post-encryption output features(77), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, pre-encap feature
ICMP type=8, code=0, IPSec Output Encap(1), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, pre-encap feature
ICMP type=8, code=0, Crypto Engine(3), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, sending full packet
ICMP type=8, code=0.
IP: s=146.255.241.58 (local), d=8.8.8.8, len 100, local feature
ICMP type=8, code=0, NAT(2), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
FIBipv4-packet-proc: route packet from (local) src 146.255.241.58 dst 8.8.8.8
FIBfwd-proc: packet routed by adj to GigabitEthernet0/0 146.255.241.57
FIBipv4-packet-proc: packet routing succeeded
IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, sending
ICMP type=8, code=0
IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, output feature
ICMP type=8, code=0, Post-routing NAT Outside(24), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, output feature
ICMP type=8, code=0, Common Flow Table(27), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, output feature
ICMP type=8, code=0, Stateful Inspection(28), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, output feature
ICMP type=8, code=0, IPSec output classification(34), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, output feature
ICMP type=8, code=0, NAT ALG proxy(59), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, output feature
ICMP type=8, code=0, IPSec: to crypto engine(76), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, output feature
ICMP type=8, code=0, Post-encryption output features(77), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, pre-encap feature
ICMP type=8, code=0, IPSec Output Encap(1), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, pre-encap feature
ICMP type=8, code=0, Crypto Engine(3), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, sending full packet
ICMP type=8, code=0.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide