Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Static Routes to Multiple Public IP Addresses

I'm not sure if the title makes sense or not but here is my problem.  Cisco 1841 router currently setup with several static routes for web / email servers and such.  Inside IP scheme is 192.168.1.x 255.255.255.0, example of outside IP scheme is 24.1.1.x 255.255.255.224.  We had a block of 20 public outside IP address and ran out so our ISP issued us another block, 98.1.1.x 255.255.255.224.  Everything with my old routes still work fine but any machine that I try to give a static route to under the new IP scheme cannot access the internet.  Summary of our config is attached as a text file.

So basically my problem is that 192.168.1.162 cannot access the internet.  I can ping the router on the inside (192.168.1.115) and outside (24.172.38.162) connection with no problem but thats as far as I get.

25 REPLIES
Hall of Fame Super Silver

Re: Static Routes to Multiple Public IP Addresses

Hello Billy,

the provider has given you a second IP address block but not a second link to them?

you have added a default static route to 98.1.1.1 but I don't see any interface with ip 98.1.1.2 for example

you should simply use the new pool in NAT without attempting to add the static default route

if all above is valid you should remove the line

ip route 0.0.0.0 0.0.0.0 98.1.1.1

with:

no ip route 0.0.0.0 0.0.0.0 98.1.1.1

Hope to help

Giuseppe

Community Member

Re: Static Routes to Multiple Public IP Addresses

Here is our setup

Fiber Line Coming In From ISP ---> Cisco Switch Managed by ISP ---> Cisco 1841 Router ---> Network Switches.

I guess that answers the first thing you asked.

So are you saying I should add a secondary IP onto my fa 0/1 with ip of 98.1.1.2 and then take out the ip route statement?

Sorry you lost me a little there.

Hall of Fame Super Silver

Re: Static Routes to Multiple Public IP Addresses

Hello Bill,

one thing is to get a second public address block for NAT

another thing is routing

you need to use a reachable next-hop ip address

if you have only one link that second default route is simply wrong and meaningless

Hope to help

Giuseppe

Community Member

Re: Static Routes to Multiple Public IP Addresses

Ok so if I want a machine with ip of 192.168.1.162 to have an outside

ip of 98.1.1.5 what do I need to do?

On May 13, 2010, at 1:25 PM, "giuslar"

Re: Static Routes to Multiple Public IP Addresses

Hi,

As Giuseppe said all you will need is another nat statement whether it be a static nat or pat or an overload with a nat pool.

Community Member

Re: Static Routes to Multiple Public IP Addresses

I tried adding this statement

ip nat inside source static 192.168.1.162 98.1.1.5

But it didn't work, and I removed the extra ip route statement.

On May 13, 2010, at 2:20 PM, "KWillacey"

Re: Static Routes to Multiple Public IP Addresses

I have had issues with that a few times when you have a different subnet from what is configured on the interface, I just added a secondary IP address and that seemed to work so you can try that. If that doesnt work maybe the ISP misconfigured something on their end.

Community Member

Re: Static Routes to Multiple Public IP Addresses

Well the thing that gets me that I just found out is that on my router I can ping 98.1.1.1 which is the gateway IP of the new IP block

Community Member

Re: Static Routes to Multiple Public IP Addresses

I added the secondary interface...still not working...

Re: Static Routes to Multiple Public IP Addresses

Did you add a secondary interface or a secondary address? Giuseppe is correct in that right now, under the config that you posted, you don't have a 98.x.x.x address to route to. The default gateway can't be used. You can ping the address from your router because your OTHER gateway is routing you to it.

HTH,

John

HTH, John *** Please rate all useful posts ***
Hall of Fame Super Blue

Re: Static Routes to Multiple Public IP Addresses

Billy

As Giuseppe has said you do not need the second default route ie. ip route 0.0.0.0 0.0.0.0 98.1.1.1.

All you should need is the NAT statement and to make sure that proxy-arp is enabled on the interface connecting to the ISP.

Can you confirm that the ISP is routing this new block to the outside interface of your router ?

Jon

Community Member

Re: Static Routes to Multiple Public IP Addresses

Yea sorry I meant address I dont know why I said interface.

My outside connection (FA0/1) now has a secondary ip in the 98..x.x.x subnet

I also have tested that everything is routed correct by the ISP as if I bypass the router and statically assign an IP everything works fine.

I have also removed the extra ip route statement and it's still not working.

Hall of Fame Super Blue

Re: Static Routes to Multiple Public IP Addresses

cforce1841 wrote:

Yea sorry I meant address I dont know why I said interface.

My outside connection (FA0/1) now has a secondary ip in the 98..x.x.x subnet

I also have tested that everything is routed correct by the ISP as if I bypass the router and statically assign an IP everything works fine.

I have also removed the extra ip route statement and it's still not working.

Bit of a stupid question but have you allowed access to that new public IP in the acl on your outside interface.

Also not sure what you mean by bypassing the router it works. What you want the ISP to do is add a route on their router that looks like -

ip route 98.1.1.x 255.255.255.224 24.1.1.2

can you confirm they are doing this rather then expecting you to use a secondary interface on your router ?

Jon

Community Member

Re: Static Routes to Multiple Public IP Addresses

The acl for my outside connection is in the config I posted, I don't think that it blocks access to it but I havn't added a specific allow.  What would that statement look like and where would it go?

What I mean by bypassing the router is this...here is our setup

Fiber from ISP --> Cisco Switch owned by ISP -->Our router

The switch owned by the ISP only used 2 interfaces most of the time.  One coming in from them and one going out to our router.  If I plug up to another port on the switch with a patch cable to my laptop and assign a static ip in the 98.x.x.x subnet I can connect with no problem.

Hall of Fame Super Blue

Re: Static Routes to Multiple Public IP Addresses

cforce1841 wrote:

The acl for my outside connection is in the config I posted, I don't think that it blocks access to it but I havn't added a specific allow.  What would that statement look like and where would it go?

From your config -

ip access-list extended autosec_firewall_acl
----Various Permit and Deny Statements---------
!

could you post the actual acl ?

Jon

Community Member

Re: Static Routes to Multiple Public IP Addresses

Well its kinda long and has a lot of entries opening different ports for different servers...port 80 on webservers, 25 for exchange...etc....

example:

permit tcp any host 24.1.1.45 eq www

and the last statement in the acl is the only deny statement..

deny   ip any any log

I really havnt thought that would be it as it is applied to only inbound traffic

Hall of Fame Super Blue

Re: Static Routes to Multiple Public IP Addresses

Billy

What are you trying to do ? If you simply want to NAT the traffic outbound then why do you need a static NAT entry in the first place ie. you could simply use the overload existing NAT statement.

Jon

Community Member

Re: Static Routes to Multiple Public IP Addresses

Here is my basic purpose...assigning static outside public address to static inside addresses.  Ran out of existing numbers with the existing block so I got a new one issued.  Need to do this as we are adding new servers but they need public IPs routed to them so that people can access them (web, email etc).  Anytime I try to statically map to an IP in my new block (98.x.x.x) the machine cannot see past our router.

Community Member

Re: Static Routes to Multiple Public IP Addresses

Please help, I really need to get this working.

Hall of Fame Super Blue

Re: Static Routes to Multiple Public IP Addresses

Billy

How are you testing whether it works or not ie. are you trying to get from inside to outside or are you trying to connect from outside to inside ?

Can you post your latest config.

Jon

Community Member

Re: Static Routes to Multiple Public IP Addresses

Trying to get from the inside out...fresh load of server 2008 r2 cannot ping

past router or navigate with ie.

Is there a way I can send you my actual config so I dont have to worry about blanking out ip numbers to post it on here?

Hall of Fame Super Blue

Re: Static Routes to Multiple Public IP Addresses

Billy

Best to post config on here and mark out any sensitive info.

Troubleshooting steps -

You say without the router it works so -

1) with the router in place try to connect to device on the internet and then look at the output of "sh ip nat translations" on your router. Do you see the NAT translation entries. There will be one entry because it is static but do you see additional ones ?

2) you have inspect running + acls. It could be these that are your problem. However if it is in to out you are testing with then your inspect rules should allow it.  Need to know eaxactly what you have in place in terms of rules etc. on your router and where you are in terms of what you have configured ie. secondary address, default-route.

Also have you tried tracerouting to your new IP address range ie. just one of the IPs to make sure that it is getting to your router. Note this traceroute needs to happen from a device on the internet.

Jon

Community Member

Re: Static Routes to Multiple Public IP Addresses

1. No I only see one entry for each IP.

2. Posting current config, ACLs commented out only apply to open ports for inbound traffic (port 80, 25, etc...).

3. The tracert led to some interesting results.  If I tracert to the IP that I applied as a secondary IP to my outside interface that one makes it to me ok.  If I tracert to one of the IPs I am trying to add a static map to it goes nowhere after it leave my default gateway.

Hall of Fame Super Blue

Re: Static Routes to Multiple Public IP Addresses

Billy

The IPs in your config ie. 24.1.1.3 and 98.1.1.12, are these your real IPs or have you just used any IP so as not to reveal sensitive info ?

If you made them up can you send me the real IPs. You can send me a private message ie. click on your username so it takes you to your Profile then click on the "Private Messages" tab.

Jon

Community Member

Re: Static Routes to Multiple Public IP Addresses

Got it working!  I actually had a friend help me and here is what we discovered.  It's all in the order you add your statements.  I added the static maps and it didnt work then I added the secondary IP on my outside interface and it still didn't work.  When we took that back out and added the secondary IP then added the static statements it worked.  Don't really understand why or how that worked so if anyone has some insight I would be happy to hear it.  Thanks for all your help.

4146
Views
0
Helpful
25
Replies
CreatePlease to create content