Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Regarding private and public ip address

Okay...I am new to cisco, just preparing for my CCNA exam. I had doubt regarding public IP addressing scheme and private IP addressing scheme.

Not actually doubt but i wanted to make sure my understanding regarding it..here's what i picture about it...

ok...so when when i have my router's one interface having public IP nd all other interface private IP address. so whenever my data with packet as source address of private IP reaches to public IP...does router converts it to Public ip and sends it out...without my NAT on....because whenever i ping to my Public ip's another interface connected to another router...i recieve request timed out not destination host unreachable

Everyone's tags (5)
22 REPLIES
Hall of Fame Super Gold

Regarding private and public ip address

That happens because your router is configured to not respond to ping.

New Member

Regarding private and public ip address

Then how does it responds after NATing....and one more thing....when i dnt do NAT can my Private IP go out of public IP interface

Gold

Re: Regarding private and public ip address

Hi Arpit,

if your router is set not to respond to ping, it will not respond to ping even after NAT.

your private range ip will not go out to Public because there wouldnt be a valid route available for it, even if u manually set it to go out to public interface, the first ISP router that receives it, will drop it.

HTH,

plz Rate helpful posts.


Soroush.

Hope it Helps, Soroush.
Silver

Re: Regarding private and public ip address

Hi Soroushm,

your private range ip will not go out to Public because there wouldnt be a valid route available for it

Are you absolutely sure about this? Because it is possible that such a packet (with private range ip) will go out through public interface. The only problem is about the route back - just as you said. But I believe that it will go out through interface with public ip with no problem at all.

Best regards,

Jan

Gold

Re: Regarding private and public ip address

Ops, my bad..!!! i thought he wants to send packets with private ip as destination... sorry u r right !

5 stars to catch my fault here !

cheerZ,


Soroush.

Hope it Helps, Soroush.
Silver

Re: Regarding private and public ip address

Thank you Soroush, you are very kind! Cheers!

Best regards,

Jan

New Member

Regarding private and public ip address

Hey Jan yeah what u r saying is kinda i also thought nd wanted to confirm it....but as ive asked my question is if im able to send Private IP packet out to public , why i m not able to receive it back....my destination router(one wid public ip) does have route for private ip add.....and one more thing....i dnt get reply untill i m not doing NAT....ad soon as i do NAT....reply is der...

Silver

Re: Regarding private and public ip address

Arpit,

can you post configs of these two routers, sh ip route outputs, scheme how are they interconnected and what ping are you performing? Because it SHOULD work if routing is correct.

Best regards,

Jan

New Member

Regarding private and public ip address

I have three Routers...one is CORP where my one interface has public IP nd rest 4 has private IPs....to one private IP interface there is a router R1 and to Public IP interface R3

Private IPs 10.1.0.0   0.0.255.255  and public 68.1.0.0   0.0.255.255

CORP :-

     10.0.0.0/24 is subnetted, 8 subnets

C       10.1.1.0 is directly connected, FastEthernet0/0

C       10.1.2.0 is directly connected, Serial0/0/0

C       10.1.3.0 is directly connected, Serial0/0/1

C       10.1.4.0 is directly connected, Serial0/1/0

O       10.1.6.0 [110/65] via 10.1.2.2, 00:02:06, Serial0/0/0

O       10.1.7.0 [110/65] via 10.1.2.2, 00:02:06, Serial0/0/0

O       10.1.8.0 [110/65] via 10.1.4.2, 00:02:06, Serial0/1/0

O       10.1.9.0 [110/65] via 10.1.4.2, 00:02:06, Serial0/1/0

     68.0.0.0/30 is subnetted, 2 subnets

C       68.1.1.4 is directly connected, Serial0/1/1

O       68.1.1.8 [110/65] via 68.1.1.6, 00:02:06, Serial0/1/1

CORP>

R1 :-

     10.0.0.0/24 is subnetted, 8 subnets

O       10.1.1.0 [110/65] via 10.1.3.1, 00:05:22, Serial0/0/1

C       10.1.2.0 is directly connected, Serial0/0/0

C       10.1.3.0 is directly connected, Serial0/0/1

O       10.1.4.0 [110/128] via 10.1.3.1, 00:05:22, Serial0/0/1

C       10.1.6.0 is directly connected, FastEthernet0/0

C       10.1.7.0 is directly connected, FastEthernet0/1

O       10.1.8.0 [110/129] via 10.1.3.1, 00:05:22, Serial0/0/1

O       10.1.9.0 [110/129] via 10.1.3.1, 00:05:22, Serial0/0/1

     68.0.0.0/30 is subnetted, 2 subnets

O       68.1.1.4 [110/128] via 10.1.3.1, 00:05:22, Serial0/0/1

O       68.1.1.8 [110/129] via 10.1.3.1, 00:05:22, Serial0/0/1

R1>

R3 :-

     10.0.0.0/24 is subnetted, 10 subnets

O       10.1.1.0 [110/65] via 68.1.1.5, 00:05:53, Serial0/0/0

O       10.1.2.0 [110/128] via 68.1.1.5, 00:05:53, Serial0/0/0

O       10.1.3.0 [110/128] via 68.1.1.5, 00:05:53, Serial0/0/0

O       10.1.4.0 [110/128] via 68.1.1.5, 00:05:53, Serial0/0/0

O       10.1.6.0 [110/129] via 68.1.1.5, 00:05:53, Serial0/0/0

O       10.1.7.0 [110/129] via 68.1.1.5, 00:05:53, Serial0/0/0

O       10.1.8.0 [110/129] via 68.1.1.5, 00:05:53, Serial0/0/0

O       10.1.9.0 [110/129] via 68.1.1.5, 00:05:53, Serial0/0/0

C       10.1.11.0 is directly connected, FastEthernet0/1

O       10.1.12.0 [110/2] via 10.1.11.2, 00:05:28, FastEthernet0/1

     68.0.0.0/30 is subnetted, 2 subnets

C       68.1.1.4 is directly connected, Serial0/0/0

C       68.1.1.8 is directly connected, FastEthernet0/0

R3>

To my R1 there is HOST with 10.1.7.2 from where im pinging to R3 host 68.1.1.10....now one thing imp is that i dnt get reply without NAT but strange thing is NAT ON Reply ON

Silver

Re: Regarding private and public ip address

Arpit,

one last thing. Can you attach whole configs of routers in zip format here? And also, what is the output of

 traceroute 68.1.1.10

command on the PC? I just need to confirm something.

Thanks for your patience!

Best regards,

Jan

New Member

Re: Regarding private and public ip address

hey dnt know how to upload file oer here....and yeah when i did tracert from my pc it show

PC>tracert 68.1.1.10

Tracing route to 68.1.1.10 over a maximum of 30 hops:

  1   31 ms     31 ms     16 ms     10.1.6.1

  2   63 ms     63 ms     63 ms     10.1.3.1

  3   94 ms     65 ms     78 ms     68.1.1.10

  4   110 ms    78 ms     109 ms    68.1.1.10

Trace complete.

where 10.1.6.1 is gateway....10.1.3.1 is interface connecting CORP nd hell it didnt showed R3 directly went to pc

i think i got these because NAT is oN....but when i removed NAT then i got request timed out after two hops

Silver

Re: Regarding private and public ip address

Hi  Arpit,

yeah I meant that you do traceroute without the NAT, sorry I haven't pointed that out. The point I want to clarify is that there could be an IP mismatch or incomplete route because when you take a closer look at the routing table you will see that when NAT is on, the packet will take a different route on the way back as it would take without NAT.

On which router does the NATing take place and to what address? - just to make sure I got this right.

You can upload files when you press Use advanced editor option in right top corner of the message box and then include files at the bottom.

Best regards,

Jan

New Member

Re: Regarding private and public ip address

okk...i m uploading .pkt file ....just check nd let me know what mistake is der...

CORP is one where i m doing NAT

Silver

Re: Regarding private and public ip address

Hi Arpit,

it is very strange, but it works for me in the opposite way.

I am trying ping from PC0 with IP of 10.1.6.2 to PC4 with IP address of 68.1.1.10

It works when NAT is disabled.

-routing is OK, route from PC0 to PC4 works in either direction

Doesn't work when NAT is enabled.

-problem here is that you are translating to address 64.1.1.5 but because it is not a real interface in up state, it is not in routing updates from OSPF even though the OSPF process on the CORP router is configured with network 64.0.0.0 0.255.255.55 command!

-try to check other routers with sh ip route command and you will see that you don't have route to 64.1.1.5 but you need it if you are translating to this address!

-one possible solution is that you will create loopback interface with ip address of 64.1.1.5, then the OSPF will redistribute route back and it will work

Don't worry the packets won't even make it to the loopback interface! That is because when the packet destined for such IP address arrives, NAT will take place first and just after that the routing will take place. So the traffic will be forwarded towards the real (private) IP address, not to the loopback.

So try to issue these commands on CORP router:

CORP(config)#int lo0

CORP(config-if)#ip add 64.1.1.5 255.255.255.255

And that should do the trick...it worked for me!

Are you absolutely sure it works with NAT enabled? Because when I opened your pkt scheme NAT was enabled and it didn't work for me.

One more thing: It would be more correct if you would configure your nat pool like this:

ip nat pool Arpit 64.1.1.5 64.1.1.5 netmask 255.255.255.255

because now you have it with netmask 255.255.255.252, but it doesn't matter right now...this is not the cause of the problem.

Best regards,

Jan

New Member

Re: Regarding private and public ip address

Hey !!!

thanx a lot for ur efforts....i just removed NAT cumpltly....all pool....modified interfaces everything

and poof nw i m able to ping widout any NAT....i think i just made diz complex...thing was pretty simple....but i m just newbie to Networking world and really amazed to see diz forum...u guys are awesome....so much to learn here...really thnx a lot....and yah i m going for first step to enter cisco...dat is goin to takin CCNA  604-802 composite exam...ive read Todd lammle's study guide for once...nw what should i do further

Silver

Re: Regarding private and public ip address

Arpit,

you're welcome and don't hesitate if you have some more questions!

Good luck with the exam!

Cheers!!!

Best regards,

Jan

New Member

Re: Regarding private and public ip address

Yeah i forgot to ask u in the same network der is one more thing i didnt understood ive enabled Ospf in all routers yet I m not getting cumplete table in last router R5....i think there is some problem with process no. or i dnt knw...just check nd let me knw

Silver

Re: Regarding private and public ip address

Hi Arpit,

the problem is that you have configured more OSPF processes on just one interface.

Here is an explanation, why it is not possible - from Peter Paluch :

In OSPF for IPv4, an interface can be a part of a single OSPF process  only. The OSPF packets do not have any identification into which process  they belong, and if an interface was active in several OSPF processes,  the OSPF packets sent out that interface could not be properly  distinguished and sorted among process instances. 

As I have seen, your routers will form adjacency for process 2 (there is also process 1 running on both devices, but not exchanging routing information), but I just can't tell you right now what would happen between two real devices configured this way. Maybe if you give me some extra time, like half an hour I will could do some tests.

It just seems that R5 will not receive any other networks than one that is configured by network 10.1.0.0 0.0.255.255 area 0 command for process 2. As it is directly connected network and has lower administrative distance, the update from R3 is ignored. That's why it seems that OPSF is not working. But if you issue the show ip ospf neighbors command you will see that neighborship is established.

For now - just remove the OSPF process number 2 from R3 and also R5. It will work fine.

R3(config)#no router ospf 2

R5(config)#no router ospf 2

Try to save it, close and then open. Packet tracer likes to NOT work properly...

Best regards,

Jan

Silver

Re: Regarding private and public ip address

Arpit,

one more update regarding more OSPF processes. Peter Paluch has just recently confirmed to me that one interface can be just in one OSPF process. You can verify this when you issue command

show ip ospf 1 interface brief

show ip ospf 2 interface brief

The other thing is that two processes with different numbers running on one router does not share information between themselves. Their link-state databases (LSDB) are separated.

That's why you haven't seen networks learned via OSPF process 1. Because interface between R3 and R5 was in OPSF process 2 with completely different database where only network 10.11.1.0 /24 resides and since this network is directly connected (and has better AD) the one displayed in the routing table is showed as C not O.

Best regards,

Jan

Silver

Re: Regarding private and public ip address

Hi Arpit,

I believe that your problem can be in something else.

 whenever i ping to my Public ip's another interface connected to  another router...i recieve request timed out not destination host  unreachable

Can you try executing command sh ip route x.x.x.x on the other router (one with the public address that you are pinging) where x.x.x.x is the source private ip address? Maybe it just hasn't got route back to source! If it has blank output then problem is in routing, not in NAT at all!

when i dnt do NAT can my Private IP go out of public IP interface

I believe it is possible simply just because when basic routing occurs you just need the destination address to make routing decision. But it is not reccomended, you can imagine why.

Best regards,

Jan

New Member

Regarding private and public ip address

No actually i cnt ping before NAT is on...when I do NAT then i do get reply to my ping...my simple question is when I dnt do NAT then how does router with public IP interface behave with private IP packet

Silver

Re: Regarding private and public ip address

Hi Arpit,

my simple question is when I dnt do NAT then how does router with public IP interface behave with private IP packet

just like I have said before! - Normal basic routing occurs.

I believe you don't have response from the other router just because of missing ip route leading back to the source.

But as Soroush has suggested - in real life, the ISP could drop such traffic, because he doesn't want your private IP addresses in his routing table.

Best regards,

Jan

964
Views
16
Helpful
22
Replies