Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Public IP's Behind Static IP

Hello, I have a 827 router with a assigned static ip of xxx.xxx.xxx.142 255.255.255.0 as well as a block of public IP's which have a net mask of 255.255.255.248 . I would like all the hosts with the block of public ip's to be visible to the internet. I don't wish to use DHCP or NAT/PAT, just straight routing. Thanks.

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Public IP's Behind Static IP

Hi there,

I can see that the NAT configuration is still there, kindly remove the "ip nat outside" from the dialer interface, and "ip nat inside" from the LAN interface (ethernet0), using "no ip nat outside" and "no ip nat inside" on the respective interface.

HTH, please rate if helpful,

Mohammed Mahmoud.

26 REPLIES

Re: Public IP's Behind Static IP

Need more information.

IS this router your border router conencted to the ISP?

Are the hosts with the public IP block directly connected to the border router?

Is the IP block assigned by the service provider or your own?

A brief topology would help to provide a suitable solution

Narayan

New Member

Re: Public IP's Behind Static IP

Yes the router is connected to the ISP. Yes the IP block has been assigned by the service provider. The hosts are connected to a 2924 switch then to the router. They are in a VLAN on the switch. When attempting to connect to one of the hosts from a separate ISP the packets make it as far as the static ip of the WAN on the router. Hope this helps.

Thanks.

Re: Public IP's Behind Static IP

Hi there,

If i understand well your scenario should look like this:

hosts -> 2924 Switch --> 827 router --> Internet

To do it routing all the way with no NAT --> You'll need 2 public IP subnets, 1 for LAN and 1 for WAN, and your ISP shall route your LAN IPs to your WAN ips and you should use default route towards your provider, then you should configure the public IPs on your hosts manually, but here comes the most important question, how many hosts do u have (and accordingly the LAN subnet that you need).

HTH,

Mohammed Mahmoud.

Re: Public IP's Behind Static IP

What is the gateway of the ip hosts. Is it the static ip address of the WAN router?

hosts-->switch--->router--->ISP

If the topology looks something like the above, then make sure you have a default route configured on your edge router.

HTH,

Narayan

New Member

Re: Public IP's Behind Static IP

I have six usable ips for my LAN with a subnet of 255.255.255.248 I have assigned one of those ips to the LAN side of my router. I have also manually configured the ips of the hosts with default gateway listed as the ip of the LAN port of the router. Your topology of my network is correct. Is the problem the different subnets of the LAN vs WAN ie. x.248 x.255 ?

Re: Public IP's Behind Static IP

Friend,

Your Gateway IP should have the same Subnet mask as that of the configured hosts.

Change the LAN IP of the router to x.x.x.142 255.255.255.248 and confgiure the default route to the ISP

HTH, rate if it does

Narayan

New Member

Re: Public IP's Behind Static IP

Did you mean change the WAN netmask to 255.255.255.248 ? The LAN netmask is already 255.255.255.248 And by default route to the ISP do you mean the IP of the next hop after my router ?

Thanks

Re: Public IP's Behind Static IP

Hi there,

No the subnet mask of the LAN and the WAN should not match, what are the LAN and WAN subnets you acquired from your ISP ?

regards,

Mohammed Mahmoud.

New Member

Re: Public IP's Behind Static IP

The LAN subnet is 255.255.255.248 The WAN subnet is 255.255.255.0

Thanks

Re: Public IP's Behind Static IP

Hi there,

Weird, the WAN is /24, are both LAN ips and WAN ips public ips ?

regards,

Mohammed Mahmoud.

Re: Public IP's Behind Static IP

Let me give an example

host-->switch-->(lan)router(wan)-->ISP

Host: - 10.10.10.2/29

router LAN:-10.10.10.1/29

router WAN:-20.20.20.2/30

ISP WAN:- 20.20.20.1/30

your host should have a gateway configured as 10.10.10.1

How many VLANs have been configured on the switch and the public hosts belong to which VLAN?

Naayan

Re: Public IP's Behind Static IP

Are multiple VLANS configured on the switch?

if yes then i think i understand your problem

You have to create a trunk connection from the router to the switch with subinterfaces

HTH

Narayan

New Member

Re: Public IP's Behind Static IP

I eliminated the switch and connected the server directly to the router. Still unable to connect with the server on the LAN side from another ISP. Or able to ping out beyond the LAN interface.

version 12.2

no service pad

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

ip subnet-zero

ip name-server xxx.xxx.xxx.xxx

ip name-server xxx.xxx.xxx.xxx

!

vpdn enable

vpdn-group 1

request-dialin

protocol pppoe

!

partition flash 2 6 2

!

!

!

!

interface Ethernet0

ip address xxx.xxx.xxx.xxx 255.255.255.248

ip nat inside

ip tcp adjust-mss 1452

hold-queue 100 out

!

interface ATM0

no ip address

no atm ilmi-keepalive

pvc 0/35

pppoe-client dial-pool-number 1

!

dsl operating-mode auto

interface Dialer1

ip address yyy.yyy.yyy.yyy 255.255.255.0

ip mtu 1492

ip nat outside

encapsulation ppp

ip tcp adjust-mss 1452

dialer pool 1

dialer-group 1

ppp authentication chap pap callin

ppp chap hostname xxxxxxxxxxxxxxxxxxxx

ppp chap password yyyyyyyyyyyyyyyyyyyy

ppp pap sent-username xxxxxx password yyyyyyy

!

ip nat inside source list 102 interface Dialer1 overload

ip classless

ip route 0.0.0.0 0.0.0.0 Dialer1

ip http server

ip http access-class 23

!

!

access-list 23 permit xxx.xxx.xxx.0 0.0.0.7

access-list 102 permit ip xxx.xxx.xxx.0 0.0.0.7 any

dialer-list 1 protocol ip permit

!

line con 0

stopbits 1

line vty 0 4

access-class 23 in

exec-timeout 120 0

login

length 0

!

scheduler max-task-time 5000

end

Re: Public IP's Behind Static IP

Hi there,

Can you ping from the router to the internet ?

/24 public ip on WAN is a weired thing, are you sure its a public ip ?

regards,

Mohammed.

New Member

Re: Public IP's Behind Static IP

Hello, thanks to a quick fix to a faulty NIC, I can now access the internet from the server as well as access the server from another host on the same LAN/Netmask. I however cannot access the server from another ISP on the WAN side. I also went over the firewall on the server. It doesn't seem to be a issue. I double checked the netmask for the static WAN, it is what the ISP gave me.

Thanks

Re: Public IP's Behind Static IP

Hi there,

This /24 WAN IPs is still a weired thing, anyway u can't reach the server from another provider because of the NAT configuration, try access "http://whatsmyip.org/" from your server to see th ip address that your server goes to the outside world with (it should be your WAN ip not the manually configured server ip).

HTH,

Mohammed Mahmoud.

New Member

Re: Public IP's Behind Static IP

Yes the IP address did come up with the WAN ip. How do I configure it so that the server is reachable with its own public IP ? And also any other servers behind the router with their own public ips ?

Thanks

Re: Public IP's Behind Static IP

Hi there,

I am glade that we are reaching somewhere. In order to make it reachable to the internet with its public ip address you'll have to:

Remove the NAT configuration.

Make sure that your ISP has routed your LAN IPs to your WAN IPs or to your router.

Use default route at your router.

HTH, please rate if helpful,

Mohammed Mahmoud.

New Member

Re: Public IP's Behind Static IP

NAT configuration is removed. (See post config above)

ISP has routed Block of public IPs to static WAN. If I do a trace route to the public IP of the server it stops at the WAN side of the router with the LAN side unreachable. I am not sure what you mean by default route at the router ?

Thanks

Re: Public IP's Behind Static IP

Hi there,

If the servers on the LAN are unreachable from the internet:

Check connectivity problems between the server and the router, simply ping the router from the server.

Check the default gateway on the server (must be the IP address of the router's LAN interface facing the server)

Check that the router has a default route pointing either to the outgoing interface connecting to the internet, or to the next-hop ip address which is the ip address of the first hop (router) facing you in your ISP.

HTH,

Mohammed Mahmoud.

New Member

Re: Public IP's Behind Static IP

No connectivity issues between the server and router. Ping successful. Server default gateway is the LAN interface on the router. Please see posted config for possible errors. This is the only router. i.e. the WAN interface is facing the ISP.

version 12.2

no service pad

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

ip subnet-zero

ip name-server xxx.xxx.xxx.xxx

ip name-server xxx.xxx.xxx.xxx

!

vpdn enable

vpdn-group 1

request-dialin

protocol pppoe

!

partition flash 2 6 2

!

!

!

!

interface Ethernet0

ip address xxx.xxx.xxx.xxx 255.255.255.248

ip nat inside

ip tcp adjust-mss 1452

hold-queue 100 out

!

interface ATM0

no ip address

no atm ilmi-keepalive

pvc 0/35

pppoe-client dial-pool-number 1

!

dsl operating-mode auto

interface Dialer1

ip address yyy.yyy.yyy.yyy 255.255.255.0

ip mtu 1492

ip nat outside

encapsulation ppp

ip tcp adjust-mss 1452

dialer pool 1

dialer-group 1

ppp authentication chap pap callin

ppp chap hostname xxxxxxxxxxxxxxxxxxxx

ppp chap password yyyyyyyyyyyyyyyyyyyy

ppp pap sent-username xxxxxx password yyyyyyy

!

ip nat inside source list 102 interface Dialer1 overload

ip classless

ip route 0.0.0.0 0.0.0.0 Dialer1

ip http server

ip http access-class 23

!

!

access-list 23 permit xxx.xxx.xxx.0 0.0.0.7

access-list 102 permit ip xxx.xxx.xxx.0 0.0.0.7 any

dialer-list 1 protocol ip permit

!

line con 0

stopbits 1

line vty 0 4

access-class 23 in

exec-timeout 120 0

login

length 0

!

scheduler max-task-time 5000

end

Thanks

New Member

Re: Public IP's Behind Static IP

Hi Frosty.

By default route we mean this part of your router configuration.

<<

ip route 0.0.0.0 0.0.0.0 Dialer1

>>

I don't get your wan connection. This is a ADSL connection ? Ip address of your router is dynamically assigned by your ISP. This interface, Dialer1 is the interface that gets the ip address of wan connection ?

Anyway, you can do a test pinging any other address on internet using the ip address of your ethernet interface.

The command is:

ping x.x.x.x source ethernet 0

or if you IOS dont't supoort this commmand

ping ip

Target IP address: x.x.x.x

Repeat count [5]:

Datagram size [100]:

Timeout in seconds [2]:

Extended commands [n]: y

Source address or interface: Ethernet0

With this you can exclude your lan network connectivity.

Hope helpfully.

Best Regards.

New Member

Re: Public IP's Behind Static IP

It is a 827 router with a ADSL connection.

The WAN IP address is static.

I have a block of 6 public IP's on the LAN side I wish to make accessible from the internet. One of those IP's is assigned to the LAN port. I can access the internet from the server on the LAN, but I can not access the server from the internet. If I traceroute to the server's IP from a separate ISP it stops at the WAN side of the router.

Thanks

Re: Public IP's Behind Static IP

Hi there,

I can see that the NAT configuration is still there, kindly remove the "ip nat outside" from the dialer interface, and "ip nat inside" from the LAN interface (ethernet0), using "no ip nat outside" and "no ip nat inside" on the respective interface.

HTH, please rate if helpful,

Mohammed Mahmoud.

New Member

Re: Public IP's Behind Static IP

That solved the problem.

Thank you very much for your help.

Re: Public IP's Behind Static IP

Hi John,

You are more than welcomed.

best regards,

Mohammed Mahmoud.

201
Views
0
Helpful
26
Replies
CreatePlease login to create content