01-12-2006 05:29 AM - edited 03-03-2019 11:26 AM
hi
i have a main router in the center and a lot of branch . all the branch connect to the main router with adsl (dialer 0 )
and nat too.
in all branch router i have interface loopback.
the problem is that i want to arrive from the main router to all the loopback with ping ang i can't.
what i need to config? i dont wan't to config tunnels.
thanks.
01-12-2006 05:38 AM
Hi
If both ur lan subnets belong to the inside network which comes under the private ip subnets and if u dont have the reachablitiy/communication between the private ip subnet of both ur main office and the branch office then u need to think of tunneling over the public space (thts over thru ur primary connectivitiy).
I feel more relevant info is reqd to suggest like the kinda ip scheme deployed both in ur main,branch office router.
Also exactly the place where Natting is getting done either in the branch router itself or in the main router..
regds
01-12-2006 05:46 AM
Hello,
you probably have to include the IP address of the loopback interface in the access list you define for the NAT eligible addresses. So, let' s say the configuration of your branch looks like this:
Branch1
!
interface Loopback0
ip address 1.1.1.1 255.255.255.0
ip nat inside
!
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
ip nat inside
Then the NAT configuration should look like this:
ip nat inside source list 1 interface Dialer0 overload
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 1.1.1.1 0.0.0.0
Can you try to configure this and see if that works ?
Regards,
GP
01-12-2006 06:26 AM
i try this and it's don't work .
i didn't mantion that the main router work with bgp.
thanks.
01-12-2006 06:30 AM
Hello,
can you post the configs of both the main and one of the branch routers ?
Regards,
GP
01-12-2006 06:40 AM
This is the branch router configuratin:
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname sfrra_maiter
!
boot-start-marker
boot-end-marker
!
memory-size iomem 5
enable password fprxct
!
no aaa new-model
ip subnet-zero
!
ip dhcp pool sfira
network 192.168.10.0 255.255.255.0
default-router 192.168.10.254
!
ip ips po max-events 100
no ftp-server write-enable
!
!
interface loopback0
ip address 192.168.198.198 255.255.255.255
!
interface Ethernet0
ip address 192.168.10.254 255.255.255.0
ip nat inside
ip virtual-reassembly
hold-queue 100 out
!
interface Ethernet2
no ip address
shutdown
hold-queue 100 out
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
pvc 8/48
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet1
no ip address
duplex auto
speed auto
!
interface FastEthernet2
no ip address
duplex auto
speed auto
!
interface FastEthernet3
no ip address
duplex auto
speed auto
!
interface FastEthernet4
no ip address
duplex auto
speed auto
!
interface Dialer0
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp pap sent-username xxx password xxx
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
no ip http secure-server
!
no ip nat service sip tcp port 5060
no ip nat service sip udp port 5060
ip nat inside source list 1 interface Dialer0 overload
!
access-list 1 permit 192.168.10.0 0.0.0.255
access-list 1 permit 192.168.198.198
dialer-list 1 protocol ip permit
!
!
control-plane
!
!
line con 0
no modem enable
transport preferred all
transport output all
line aux 0
line vty 0 4
password fprxct
login
transport preferred all
transport input all
transport output all
!
scheduler max-task-time 5000
end
01-12-2006 06:52 AM
Hello,
try and add 'ip nat inside' to the configuration of the loopback interface:
interface loopback0
ip address 192.168.198.198 255.255.255.255
--> ip nat inside
Regards,
GP
01-12-2006 06:54 AM
This is the main router configuration:
!
hostname sion_gibui_adsl
!
boot-start-marker
boot system flash flash:c2801-advipservicesk9-mz.123-8.T8.bin
boot system flash flash:c2801-ipbase-mz.123-8.T6.bin
boot-end-marker
!
logging buffered 51200 warnings
enable secret xxx
enable password xxx
!
mmi polling-interval 60
mmi snmp-timeout 180
no aaa new-model
ip subnet-zero
ip cef
!
no ip domain lookup
ip domain name yourdomain.com
ip ips po max-events 100
no ftp-server write-enable
!
policy-map Shape-4M
class class-default
shape average 4000000 500000
fair-queue 256
queue-limit 1024
!
!
interface Null0
no ip unreachables
!
interface FastEthernet0/0
description description IPVPN-Main-Link-82-8389850
ip address 10.2.55.38 255.255.255.252
ip nat outside
ip virtual-reassembly
service-policy output Shape-4M
duplex auto
speed auto
no cdp enable
!
interface FastEthernet0/1
description Lan
ip address 162.21.1.80 255.255.255.0
ip nat inside
ip virtual-reassembly
speed 100
full-duplex
no cdp enable
!
interface FastEthernet0/1/0
description IPVPN-BackUp-Link-82-8343394
no ip address
service-policy output Shape-4M
no cdp enable
!
interface FastEthernet0/1/1
no ip address
shutdown
no cdp enable
!
interface FastEthernet0/1/2
no ip address
shutdown
no cdp enable
!
interface FastEthernet0/1/3
no ip address
shutdown
no cdp enable
!
interface Vlan1
description IPVPN-BackUp-Link-82-8979394
ip address 10.2.55.42 255.255.255.252
ip nat outside
ip virtual-reassembly
!
router bgp 65500
no synchronization
bgp log-neighbor-changes
network 162.20.2.0 mask 255.255.255.0
network 162.21.1.0 mask 255.255.255.0
network 162.24.2.0 mask 255.255.255.0
network 162.25.2.0 mask 255.255.255.0
network 162.26.2.0 mask 255.255.255.0
network 162.27.2.0 mask 255.255.255.0
network 162.28.2.0 mask 255.255.255.0
network 152.168.250.248 mask 255.255.255.255
timers bgp 20 61
neighbor 10.2.55.37 remote-as 6810
neighbor 10.2.55.37 description IPVPN-Main-Link-82-8303850
neighbor 10.2.55.37 prefix-list Local-Networks out
neighbor 10.2.55.37 route-map Set-Local-Prefernce-200 in
neighbor 10.2.55.41 remote-as 6810
neighbor 10.2.55.41 description IPVPN-BackUp-Link-82-8309394
neighbor 10.2.55.41 prefix-list Local-Networks out
neighbor 10.2.55.41 route-map Backup-Link-AS-Prepend out
no auto-summary
!
ip classless
ip route 162.20.2.0 255.255.255.0 162.21.1.1
ip route 162.24.2.0 255.255.255.0 162.21.1.2
ip route 162.25.2.0 255.255.255.0 162.21.1.2
ip route 162.26.2.0 255.255.255.0 162.21.1.2
ip route 162.27.2.0 255.255.255.0 162.21.1.2
ip route 162.28.2.0 255.255.255.0 162.21.1.2
ip route 152.168.250.248 255.255.255.255 Null0
!
no ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
ip nat pool david 192.168.250.248 192.168.250.248 netmask 255.255.255.0
ip nat inside source list 1 pool david overload
!
ip prefix-list Local-Networks seq 5 permit 162.20.2.0/24
ip prefix-list Local-Networks seq 10 permit 162.24.2.0/24
ip prefix-list Local-Networks seq 15 permit 162.25.2.0/24
ip prefix-list Local-Networks seq 20 permit 162.26.2.0/24
ip prefix-list Local-Networks seq 25 permit 162.27.2.0/24
ip prefix-list Local-Networks seq 30 permit 162.28.2.0/24
ip prefix-list Local-Networks seq 35 permit 152.168.250.248/32
ip prefix-list Local-Networks seq 40 permit 162.21.1.0/24
access-list 1 permit 162.21.1.0 0.0.0.255
access-list 1 permit 192.168.19.0 0.0.0.255
access-list 23 permit 162.21.1.0 0.0.0.255
!
route-map Set-Local-Prefernce-200 permit 10
set local-preference 200
!
route-map Backup-Link-AS-Prepend permit 10
match ip address prefix-list Local-Networks
set as-path prepend 65500 65500
!
route-map Backup-Link-AS-Prepend permit 20
!
end
01-12-2006 07:01 AM
i added ip nat to interface loopback0
it's don't work
01-12-2006 09:27 AM
Is ping to the remote LAN interface going? I'm suspecting that the problem might not be with the NAT. If pings to the remote LAN interface is not going, then you could confirm from your provider if the connection is up
01-14-2006 09:50 PM
i ping to the wan interface of the remote router but not to his lan (loopback) why?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide