Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

Unable to ping DNS

Hi,

I am facing problem with 2821 router where if i login to the console able to ping DNS and gateway but unable to ping the dns as well access internet from host located on 10.43.12.0 network i have attached the config for ref

10 REPLIES
Hall of Fame Super Blue

Re: Unable to ping DNS

Hi

You need to NAT your internal 10.43.12.0 addresses to a public IP address as they are not routable across the Internet.

Easiest solution is to use the public IP address attached to your gi0/0 interface eg.

int g0/0

ip nat outside

int gi0/1

ip nat inside

access-list 101 permit ip any any

ip nat inside source list 101 interface gi0/0 overload

This will Nat all your 10.43.x.x addresses to 280.225.236.242

HTH

Jon

New Member

Re: Unable to ping DNS

Hi jon,

it works but what if i don't want to nat at the router and will have to do at the firewall

say for i assign a public ip 220.218.276.129/25 for outside interface of router and 220.218.276.130 at firewall how will the router be configured

Hall of Fame Super Blue

Re: Unable to ping DNS

It's a little unclear what your topology is. If your firewall is closer to the Internet than the router then yes you can get the firewall to do the Natting but your firewall would need a public IP on it's outside interface ie.

10.43.x.x (Router) 220.218.276.129 -> 220.218.276.130 firewall (public IP needed)

if this is your topology you could just readdress the link between the outside interface of your router and the inside interface of your firewall and then use the 220.218.276.128/25 subnet for the outside of the firewall.

Could you confirm exactly what you want to do ?

Jon

New Member

Re: Unable to ping DNS

Hi jon,

i am using cisco 2821 as perimeter router just for getting terminate the lease link from the router to firwall which means routers inside interface to untrust int of the fire wall the trust int of firewall is connected to private network can i configure the firewall to do natting and configure the firewall untrust and router inside with public add 220.218.276.128/25 if that is the case i will not be using

ip nat inside

ip nat outside

on the router so how will router be configured when i remove nat overload ,ip nat inside ,ip nat outside and try to ping from the host connected to private network it fails

Hall of Fame Super Blue

Re: Unable to ping DNS

Okay so you will readdress gi0/1 of 2821 router to have address of 220.218.217.130 and get rid of the "ip nat inside" and "ip nat outside" statements.

Add NAT statements to the firewall and it should all work. Am i missing the point of your question.

Jon

New Member

Re: Unable to ping DNS

hi jon,

Back after a long weekend as discussed i removed ip nat inside,outside command and did natting at the firwall but from my core switch i am able to ping the router outside interface but not the gateway i,e, 280.245.236.241 but i am able to do it at the console of the router i have attcahed the config please go through

thanksregards

prakash

Hall of Fame Super Blue

Re: Unable to ping DNS

Hi Prakash

So what is the IP address of the outside interface of the firewall ? Presumably it is a public IP address ?

If you are not getting a response from the gateway it sounds like there is no route on that router for the subnet used for the outside interface of your pix.

So you can either

1) revert back to NAT on the router

or

2) Talk to your ISP, assuming it is your ISP who owns this router and get them to add the route

or

3) Connect the ISP router directly into your firewall and take the 2800 router out of the equation which is more of a standard setup.

HTH

Jon

New Member

Re: Unable to ping DNS

Hi Jon,

I think you are not getting my point i have attached a network diagram as well as config of my 2nd router i have 2 different isp which is connected to 2 different routers currently i am concerned about my 2 nd router i have configured the core switch and firewall i do nating at the firewall i am able to ping from host A 10.43.11.55 to router 280.245.236.242

but not to public DNS OR 280.245.236.241 according to isp he says i have problem with router config but every thing seems to be okay

if i do natting at router it works if i nat it at firewall and remove natting at router it does not work

At both router and firewall i am using public ip please go through the config and diagram and revert.

ThanksRegards

prakash

Hall of Fame Super Blue

Re: Unable to ping DNS

Prakash

"I think you are not getting my point" - wouldn't be the first time, i can be a bit slow sometimes :)

Can you send diagram as it doesn't seem to be attached

Jon

New Member

Re: Unable to ping DNS

Hi Jon,

Please find the attachament.

ThanksRegards

prakash

463
Views
0
Helpful
10
Replies
CreatePlease to create content