Solved: Router can`t ping outside while Inside users can ping outside - Cisco Community

5696

Views

0

Helpful

9

Replies

I have problem with my router.

In my topology ISP connected with my router and then swithces connected to routers.This is simple topology.

from router i can`t ping outside.For example ping 8.8.8.8 and ping failed.While Pc from internal can ping 8.8.8.8

also from routee i can`t ping it`s own external interface.while Pcs also can ping it

All Pcs have internet connection ,while router haven`t

there is my configuration

interface GigabitEthernet0/0

description Link To Internet

ip address 146.255.XX.XX 255.255.XX.XX

ip access-group 110 in

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

ip nat inside source route-map nat interface GigabitEthernet0/0 overload

route-map nat permit 10

match ip address 135

access-list 135 permit ip 172.16.87.0 0.0.0.127 any

When in configuration i delete command ip nat outside .then i can ping from router outside.after it i write command ip nat inside.
while 1-3 hours i can ping outside.but then can`t ping outside and it`s own external interface
I

Can anyone meet with this problem ?

2 Accepted Solutions

Accepted Solutions

Hi,

Can you get rid of ip nat enable command on both interfaces and let us know and if it still ain't working could you post sh access-list 110 output.

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

View solution in original post

Hi,

Can you post the entire config and also do this:

access-list 99 permit icmp host x.x.x.x 8.8.8.8 where x.x.x.x is your WAN IP

logging monitor 7

logging console 7

no serv timestamp debug

do debug ip pack detail 99

do debug ip nat 99 detailed

Then do your ping from the router to 8.8.8.8 and post results.

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

View solution in original post

9 Replies 9

Hi,

Can you post your sanitized running config.

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

hi
This is my working configuration

interface GigabitEthernet0/0

description Link To Internet

ip address XXXXXXXXXXX

ip access-group 110 in

ip nat outside

ip nat enable

ip virtual-reassembly in

duplex auto

speed auto

interface GigabitEthernet0/1.1

encapsulation dot1Q 85

ip address 172.XXXXXX 255.XXXXXXX.0

ip nat inside

ip nat enable

ip virtual-reassembly in

no keepalive

ip nat inside source route-map nat interface GigabitEthernet0/0 overload

route-map nat permit 10

match ip address 135

access-list 135 permit ip 172.16.87.0 0.0.0.127 any

Hi,

Can you get rid of ip nat enable command on both interfaces and let us know and if it still ain't working could you post sh access-list 110 output.

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

I delete command ip nat enable on both interfaces.
There is ACL 110

access-list 110 permit ip host XXXXXx any

access-list 110 permit ip host XXXXXX any

access-list 110 permit ip host XXXXX any

access-list 110 deny tcp any any eq 1720

access-list 110 deny tcp any any eq 5060

access-list 110 deny tcp any any eq 5061

access-list 110 deny udp any any eq 5061

access-list 110 deny udp any any eq 5060

access-list 110 deny tcp any any eq 1719

access-list 110 deny tcp any any eq 1718

access-list 110 deny tcp any any eq 2099

access-list 110 deny udp any any eq 1720

access-list 110 deny udp any any eq 1719

access-list 110 deny udp any any eq 1718

access-list 110 deny udp any any eq 2099

access-list 110 deny tcp any any eq telnet

access-list 110 deny tcp any any eq www

access-list 110 deny tcp any any eq 22

access-list 110 permit ip any any

Hi,

So I conclude it is still not working with both ip nat inside and ip nat outside on corresponding interfaces for router to internet communication ?

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

Hi.You are right

I still can`t ping outside from router while users inside can ping outside and have internet.

Yesterday also was this issue.I deleted command ip nat outside ,then ping 8.8.8.8 and again write command ip nat outside.It was working till today.I try to do same but it wasn`t helpful

also i have statis nat

ip nat inside source static XXXXX interface GigabitEthernet0/0

Hi,

Can you post the entire config and also do this:

access-list 99 permit icmp host x.x.x.x 8.8.8.8 where x.x.x.x is your WAN IP

logging monitor 7

logging console 7

no serv timestamp debug

do debug ip pack detail 99

do debug ip nat 99 detailed

Then do your ping from the router to 8.8.8.8 and post results.

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

I do same. in access list 99 there is no permit icmp because of it i choose acl 100

IP: s=146.255.241.58 (local), d=8.8.8.8, len 100, local feature

ICMP type=8, code=0, NAT(2), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE

FIBipv4-packet-proc: route packet from (local) src 146.255.241.58 dst 8.8.8.8

FIBfwd-proc: packet routed by adj to GigabitEthernet0/0 146.255.241.57

FIBipv4-packet-proc: packet routing succeeded

IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, sending

ICMP type=8, code=0

IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, output feature

ICMP type=8, code=0, Post-routing NAT Outside(24), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE

IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, output feature

ICMP type=8, code=0, Common Flow Table(27), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE

IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, output feature

ICMP type=8, code=0, Stateful Inspection(28), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE

IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, output feature

ICMP type=8, code=0, IPSec output classification(34), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE

IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, output feature

ICMP type=8, code=0, NAT ALG proxy(59), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE

IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, output feature

ICMP type=8, code=0, IPSec: to crypto engine(76), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE

IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, output feature

ICMP type=8, code=0, Post-encryption output features(77), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE

IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, pre-encap feature

ICMP type=8, code=0, IPSec Output Encap(1), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE

IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, pre-encap feature

ICMP type=8, code=0, Crypto Engine(3), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE

IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, sending full packet

ICMP type=8, code=0.

IP: s=146.255.241.58 (local), d=8.8.8.8, len 100, local feature

ICMP type=8, code=0, NAT(2), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE

FIBipv4-packet-proc: route packet from (local) src 146.255.241.58 dst 8.8.8.8

FIBfwd-proc: packet routed by adj to GigabitEthernet0/0 146.255.241.57

FIBipv4-packet-proc: packet routing succeeded

IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, sending

ICMP type=8, code=0

IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, output feature

ICMP type=8, code=0, Post-routing NAT Outside(24), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE

IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, output feature

ICMP type=8, code=0, Common Flow Table(27), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE

IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, output feature

ICMP type=8, code=0, Stateful Inspection(28), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE

IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, output feature

ICMP type=8, code=0, IPSec output classification(34), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE

IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, output feature

ICMP type=8, code=0, NAT ALG proxy(59), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE

IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, output feature

ICMP type=8, code=0, IPSec: to crypto engine(76), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE

IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, output feature

ICMP type=8, code=0, Post-encryption output features(77), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE

IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, pre-encap feature

ICMP type=8, code=0, IPSec Output Encap(1), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE

IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, pre-encap feature

ICMP type=8, code=0, Crypto Engine(3), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE

IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, sending full packet

ICMP type=8, code=0.

IP: s=146.255.241.58 (local), d=8.8.8.8, len 100, local feature

ICMP type=8, code=0, NAT(2), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE

FIBipv4-packet-proc: route packet from (local) src 146.255.241.58 dst 8.8.8.8

FIBfwd-proc: packet routed by adj to GigabitEthernet0/0 146.255.241.57

FIBipv4-packet-proc: packet routing succeeded

IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, sending

ICMP type=8, code=0

IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, output feature

ICMP type=8, code=0, Post-routing NAT Outside(24), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE

IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, output feature

ICMP type=8, code=0, Common Flow Table(27), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE

IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, output feature

ICMP type=8, code=0, Stateful Inspection(28), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE

IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, output feature

ICMP type=8, code=0, IPSec output classification(34), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE

IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, output feature

ICMP type=8, code=0, NAT ALG proxy(59), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE

IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, output feature

ICMP type=8, code=0, IPSec: to crypto engine(76), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE

IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, output feature

ICMP type=8, code=0, Post-encryption output features(77), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE

IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, pre-encap feature

ICMP type=8, code=0, IPSec Output Encap(1), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE

IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, pre-encap feature

ICMP type=8, code=0, Crypto Engine(3), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE

IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, sending full packet

ICMP type=8, code=0.

IP: s=146.255.241.58 (local), d=8.8.8.8, len 100, local feature

ICMP type=8, code=0, NAT(2), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE

FIBipv4-packet-proc: route packet from (local) src 146.255.241.58 dst 8.8.8.8

FIBfwd-proc: packet routed by adj to GigabitEthernet0/0 146.255.241.57

FIBipv4-packet-proc: packet routing succeeded

IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, sending

ICMP type=8, code=0

IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, output feature

ICMP type=8, code=0, Post-routing NAT Outside(24), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE

IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, output feature

ICMP type=8, code=0, Common Flow Table(27), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE

IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, output feature

ICMP type=8, code=0, Stateful Inspection(28), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE

IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, output feature

ICMP type=8, code=0, IPSec output classification(34), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE

IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, output feature

ICMP type=8, code=0, NAT ALG proxy(59), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE

IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, output feature

ICMP type=8, code=0, IPSec: to crypto engine(76), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE

IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, output feature

ICMP type=8, code=0, Post-encryption output features(77), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE

IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, pre-encap feature

ICMP type=8, code=0, IPSec Output Encap(1), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE

IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, pre-encap feature

ICMP type=8, code=0, Crypto Engine(3), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE

IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, sending full packet

ICMP type=8, code=0.

IP: s=146.255.241.58 (local), d=8.8.8.8, len 100, local feature

ICMP type=8, code=0, NAT(2), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE

FIBipv4-packet-proc: route packet from (local) src 146.255.241.58 dst 8.8.8.8

FIBfwd-proc: packet routed by adj to GigabitEthernet0/0 146.255.241.57

FIBipv4-packet-proc: packet routing succeeded

IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, sending

ICMP type=8, code=0

IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, output feature

ICMP type=8, code=0, Post-routing NAT Outside(24), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE

IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, output feature

ICMP type=8, code=0, Common Flow Table(27), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE

IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, output feature

ICMP type=8, code=0, Stateful Inspection(28), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE

IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, output feature

ICMP type=8, code=0, IPSec output classification(34), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE

IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, output feature

ICMP type=8, code=0, NAT ALG proxy(59), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE

IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, output feature

ICMP type=8, code=0, IPSec: to crypto engine(76), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE

IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, output feature

ICMP type=8, code=0, Post-encryption output features(77), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE

IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, pre-encap feature

ICMP type=8, code=0, IPSec Output Encap(1), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE

IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, pre-encap feature

ICMP type=8, code=0, Crypto Engine(3), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE

IP: s=146.255.241.58 (local), d=8.8.8.8 (GigabitEthernet0/0), len 100, sending full packet

ICMP type=8, code=0.

Learn, share, save

Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.

New here? Get started with these tips. How to use Community New member guide

Log in to Community

Review Cisco Networking products for a $25 gift card