I am trying to get out to the Internet using a PC that routes through two separate networks (10.1.13.0, 220.127.116.11) and it is not happening.
Here is my setup.
Edge Router = 18.104.22.168/24
LAN Router G0/0 = 22.214.171.124/24
LAN Router G0/1 = 10.1.13.1/24
PC = 10.1.13.30/24
My PC can ping both interfaces on my LAN Router.
My LAN Router can ping my PC, my Edge Router, and www.yahoo.com.
My PC cannot ping my Edge Router or anything outside of it.
My PC IP settings are as follows:
Default gateway: 10.1.13.1
My LAN router has the following entry:
Ip route 0.0.0.0 0.0.0.0 126.96.36.199
What am I missing? I was assuming the "Ip route 0.0.0.0 0.0.0.0 188.8.131.52" entry would forward any packets that are destined to somewhere unknown to it's next hop (184.108.40.206).
Are you NATing your internal IP range 10.1.13.0/24 before the packets leave towards the internet?
Another possibility is that your edge router doesn't have a route back to 10.1.13.0/24 network. What is the routing table of the edge router?
I agree that NAT is a likely cause of problems in getting to the Internet. But I believe that James has correctly identified the problem as the edge router not having a route back. Especially when the original post includes this:"My PC cannot ping my Edge Router". Ping to the edge router would not need NAT but would need a return route.
Well, his LAN router has a public routable IP so NAT can be configured in the LAN router and the Edge router does not need the internal subnet routing information.
Is it poor methodology from a security standpoint that I did not use a private address on the LAN router, and instead used a public address that is in the public IP scope of my LAN?
I am just trying to setup a test network, and learn a little more about routing.
It's not about security - it all depends how far out you want to extend your internal subnet information.
You have not provided much information about your topology but based on the initial post, I assumed your LAN router was yours and the Edge router was ISP owned.
Often, the ISP manages their own router and provides the customer with public IP addresses to assign to their routers.
If you have that scenario, then the NAT must be performed in your LAN router - which is the router with non-routable private subnet along with routable public subnet - instead of the Edge router which based in your post has public IP addressing on both interfaces.
Sorry, I am very much a novice....
I added the following route on the edge router:
ip route 10.1.13.0 255.255.255.0 220.127.116.11
Now I DO receive a reply from the edge router to my PC.
The natting aspect eluded me all together. Just to verify, I am going to NAT everything from the 10.1.13.0 to the 18.104.22.168 address, correct?
You do not need to NAT traffic to the 22.214.171.124 but you need to NAT traffic that will go out to the Internet.
You need to NAT the source address of internal traffic behind IP 126.96.36.199. It should be something like this
ip access-list 10 10.1.13.0 0.0.0.255
ip nat inside source list 10 interface g0/0 overload
ip nat outside
ip nat inside
I hope this helps