Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
577
Views
0
Helpful
10
Replies

nat

amenash123
Level 1
Level 1

‎01-12-2006 05:29 AM - edited ‎03-03-2019 11:26 AM

hi

i have a main router in the center and a lot of branch . all the branch connect to the main router with adsl (dialer 0 )

and nat too.

in all branch router i have interface loopback.

the problem is that i want to arrive from the main router to all the loopback with ping ang i can't.

what i need to config? i dont wan't to config tunnels.

thanks.

Labels:
0 Helpful
10 Replies 10

spremkumar
Level 9
Level 9

‎01-12-2006 05:38 AM

Hi

If both ur lan subnets belong to the inside network which comes under the private ip subnets and if u dont have the reachablitiy/communication between the private ip subnet of both ur main office and the branch office then u need to think of tunneling over the public space (thts over thru ur primary connectivitiy).

I feel more relevant info is reqd to suggest like the kinda ip scheme deployed both in ur main,branch office router.

Also exactly the place where Natting is getting done either in the branch router itself or in the main router..

regds

0 Helpful

Georg Pauwen
VIP
VIP

‎01-12-2006 05:46 AM

Hello,

you probably have to include the IP address of the loopback interface in the access list you define for the NAT eligible addresses. So, let' s say the configuration of your branch looks like this:

Branch1

!

interface Loopback0

ip address 1.1.1.1 255.255.255.0

ip nat inside

!

interface FastEthernet0/0

ip address 192.168.1.1 255.255.255.0

ip nat inside

Then the NAT configuration should look like this:

ip nat inside source list 1 interface Dialer0 overload

access-list 1 permit 192.168.1.0 0.0.0.255

access-list 1 permit 1.1.1.1 0.0.0.0

Can you try to configure this and see if that works ?

Regards,

GP

0 Helpful

amenash123
Level 1
Level 1
In response to Georg Pauwen

‎01-12-2006 06:26 AM

i try this and it's don't work .

i didn't mantion that the main router work with bgp.

thanks.

0 Helpful

Georg Pauwen
VIP
VIP
In response to amenash123

‎01-12-2006 06:30 AM

Hello,

can you post the configs of both the main and one of the branch routers ?

Regards,

GP

0 Helpful

amenash123
Level 1
Level 1
In response to Georg Pauwen

‎01-12-2006 06:40 AM

This is the branch router configuratin:

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname sfrra_maiter

!

boot-start-marker

boot-end-marker

!

memory-size iomem 5

enable password fprxct

!

no aaa new-model

ip subnet-zero

!

ip dhcp pool sfira

network 192.168.10.0 255.255.255.0

default-router 192.168.10.254

!

ip ips po max-events 100

no ftp-server write-enable

!

!

interface loopback0

ip address 192.168.198.198 255.255.255.255

!

interface Ethernet0

ip address 192.168.10.254 255.255.255.0

ip nat inside

ip virtual-reassembly

hold-queue 100 out

!

interface Ethernet2

no ip address

shutdown

hold-queue 100 out

!

interface ATM0

no ip address

no atm ilmi-keepalive

dsl operating-mode auto

pvc 8/48

encapsulation aal5mux ppp dialer

dialer pool-member 1

!

!

interface FastEthernet1

no ip address

duplex auto

speed auto

!

interface FastEthernet2

no ip address

duplex auto

speed auto

!

interface FastEthernet3

no ip address

duplex auto

speed auto

!

interface FastEthernet4

no ip address

duplex auto

speed auto

!

interface Dialer0

ip address negotiated

ip nat outside

ip virtual-reassembly

encapsulation ppp

dialer pool 1

dialer-group 1

ppp pap sent-username xxx password xxx

!

ip classless

ip route 0.0.0.0 0.0.0.0 Dialer0

!

ip http server

no ip http secure-server

!

no ip nat service sip tcp port 5060

no ip nat service sip udp port 5060

ip nat inside source list 1 interface Dialer0 overload

!

access-list 1 permit 192.168.10.0 0.0.0.255

access-list 1 permit 192.168.198.198

dialer-list 1 protocol ip permit

!

!

control-plane

!

!

line con 0

no modem enable

transport preferred all

transport output all

line aux 0

line vty 0 4

password fprxct

login

transport preferred all

transport input all

transport output all

!

scheduler max-task-time 5000

end

0 Helpful

Georg Pauwen
VIP
VIP
In response to amenash123

‎01-12-2006 06:52 AM

Hello,

try and add 'ip nat inside' to the configuration of the loopback interface:

interface loopback0

ip address 192.168.198.198 255.255.255.255

--> ip nat inside

Regards,

GP

0 Helpful

amenash123
Level 1
Level 1
In response to Georg Pauwen

‎01-12-2006 06:54 AM

This is the main router configuration:

!

hostname sion_gibui_adsl

!

boot-start-marker

boot system flash flash:c2801-advipservicesk9-mz.123-8.T8.bin

boot system flash flash:c2801-ipbase-mz.123-8.T6.bin

boot-end-marker

!

logging buffered 51200 warnings

enable secret xxx

enable password xxx

!

mmi polling-interval 60

mmi snmp-timeout 180

no aaa new-model

ip subnet-zero

ip cef

!

no ip domain lookup

ip domain name yourdomain.com

ip ips po max-events 100

no ftp-server write-enable

!

policy-map Shape-4M

class class-default

shape average 4000000 500000

fair-queue 256

queue-limit 1024

!

!

interface Null0

no ip unreachables

!

interface FastEthernet0/0

description description IPVPN-Main-Link-82-8389850

ip address 10.2.55.38 255.255.255.252

ip nat outside

ip virtual-reassembly

service-policy output Shape-4M

duplex auto

speed auto

no cdp enable

!

interface FastEthernet0/1

description Lan

ip address 162.21.1.80 255.255.255.0

ip nat inside

ip virtual-reassembly

speed 100

full-duplex

no cdp enable

!

interface FastEthernet0/1/0

description IPVPN-BackUp-Link-82-8343394

no ip address

service-policy output Shape-4M

no cdp enable

!

interface FastEthernet0/1/1

no ip address

shutdown

no cdp enable

!

interface FastEthernet0/1/2

no ip address

shutdown

no cdp enable

!

interface FastEthernet0/1/3

no ip address

shutdown

no cdp enable

!

interface Vlan1

description IPVPN-BackUp-Link-82-8979394

ip address 10.2.55.42 255.255.255.252

ip nat outside

ip virtual-reassembly

!

router bgp 65500

no synchronization

bgp log-neighbor-changes

network 162.20.2.0 mask 255.255.255.0

network 162.21.1.0 mask 255.255.255.0

network 162.24.2.0 mask 255.255.255.0

network 162.25.2.0 mask 255.255.255.0

network 162.26.2.0 mask 255.255.255.0

network 162.27.2.0 mask 255.255.255.0

network 162.28.2.0 mask 255.255.255.0

network 152.168.250.248 mask 255.255.255.255

timers bgp 20 61

neighbor 10.2.55.37 remote-as 6810

neighbor 10.2.55.37 description IPVPN-Main-Link-82-8303850

neighbor 10.2.55.37 prefix-list Local-Networks out

neighbor 10.2.55.37 route-map Set-Local-Prefernce-200 in

neighbor 10.2.55.41 remote-as 6810

neighbor 10.2.55.41 description IPVPN-BackUp-Link-82-8309394

neighbor 10.2.55.41 prefix-list Local-Networks out

neighbor 10.2.55.41 route-map Backup-Link-AS-Prepend out

no auto-summary

!

ip classless

ip route 162.20.2.0 255.255.255.0 162.21.1.1

ip route 162.24.2.0 255.255.255.0 162.21.1.2

ip route 162.25.2.0 255.255.255.0 162.21.1.2

ip route 162.26.2.0 255.255.255.0 162.21.1.2

ip route 162.27.2.0 255.255.255.0 162.21.1.2

ip route 162.28.2.0 255.255.255.0 162.21.1.2

ip route 152.168.250.248 255.255.255.255 Null0

!

no ip http server

ip http authentication local

no ip http secure-server

ip http timeout-policy idle 600 life 86400 requests 10000

ip nat pool david 192.168.250.248 192.168.250.248 netmask 255.255.255.0

ip nat inside source list 1 pool david overload

!

ip prefix-list Local-Networks seq 5 permit 162.20.2.0/24

ip prefix-list Local-Networks seq 10 permit 162.24.2.0/24

ip prefix-list Local-Networks seq 15 permit 162.25.2.0/24

ip prefix-list Local-Networks seq 20 permit 162.26.2.0/24

ip prefix-list Local-Networks seq 25 permit 162.27.2.0/24

ip prefix-list Local-Networks seq 30 permit 162.28.2.0/24

ip prefix-list Local-Networks seq 35 permit 152.168.250.248/32

ip prefix-list Local-Networks seq 40 permit 162.21.1.0/24

access-list 1 permit 162.21.1.0 0.0.0.255

access-list 1 permit 192.168.19.0 0.0.0.255

access-list 23 permit 162.21.1.0 0.0.0.255

!

route-map Set-Local-Prefernce-200 permit 10

set local-preference 200

!

route-map Backup-Link-AS-Prepend permit 10

match ip address prefix-list Local-Networks

set as-path prepend 65500 65500

!

route-map Backup-Link-AS-Prepend permit 20

!

end

0 Helpful

amenash123
Level 1
Level 1
In response to amenash123

‎01-12-2006 07:01 AM

i added ip nat to interface loopback0

it's don't work

0 Helpful

olorunloba
Level 5
Level 5
In response to amenash123

‎01-12-2006 09:27 AM

Is ping to the remote LAN interface going? I'm suspecting that the problem might not be with the NAT. If pings to the remote LAN interface is not going, then you could confirm from your provider if the connection is up

0 Helpful

amenash123
Level 1
Level 1
In response to olorunloba

‎01-14-2006 09:50 PM

i ping to the wan interface of the remote router but not to his lan (loopback) why?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card