Re: moved a working network, now it doesn't work
- From: "kevindtimm@xxxxxxxxx" <kevindtimm@xxxxxxxxx>
- Date: Fri, 2 Jan 2009 06:51:32 -0800 (PST)
On Jan 2, 7:30 am, "kevindt...@xxxxxxxxx" <kevindt...@xxxxxxxxx>
wrote:
On Jan 2, 5:07 am, bod43 <Bo...@xxxxxxxxxxxxx> wrote:
On 2 Jan, 02:10, "kevindt...@xxxxxxxxx" <kevindt...@xxxxxxxxx> wrote:
I can ping 64.0.0.228 (fa0/0) from inside, but nothing else. From the
router I can ping the internet with no problem.
On Jan 1, 6:35 pm, "Thrill5" <nos...@xxxxxxxxxxxxx> wrote:
First you need to determine if you have a LAN, WAN or NAT problem.
From one of your Linux machines can you ping the FA 0/1 interface (default
gateway) AND ping the FA 0/0 interface. If not you have a problem with the
connectivity between you LAN and the router, and could have config problem
on the switch, or the FA0/1 interface on the router.
From the router, can you ping any internet addresses? If no, then you have
a problem with you Internet connectivity. When pinging from the router, you
are NOT natting so if CAN ping from the router, you have a NAT problem.
Without seeing the rest of the config, I can't offer any advice as to why
the NAT wouldn't be working.
<kevindt...@xxxxxxxxx> wrote in message
news:6bb7cb19-6284-41a0-99eb-c29918b88f42@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Our office moved from one facility to another (different cities).
We took a working lan from one site, and reconstituted it at the new
site. Now it only sort of works. (BTW, all linux machines)
I have a 2611 router w/VPN module, 12.2(8r) IOS:
1) fast0/0 connects to the internet (straight up, no firewall)
2) fast0/1 connects to our internal network
interface FastEthernet0/0
ip address 64.0.0.228 255.255.255.248
ip nat outside
no ip route-cache
no ip mroute-cache
speed auto
duplex auto
crypto map nolan
!
interface FastEthernet0/1
ip address 192.168.25.1 255.255.255.0
ip nat inside
speed auto
duplex auto
!
ip route 0.0.0.0 0.0.0.0 64.0.0.225
from the router console, I can ping anything I would like (yahoo
google 4.2.2.1)
from the internal network (192.168.25.47) I can ping 192.168.25.XXX
without trouble
Output of netstat is :
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.25.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
0.0.0.0 192.168.25.1 0.0.0.0 UG 0 0 0 eth0
I cannot ping anything outside (for example 4.2.2.1) . And, anytime I
try to traceroute locally (besides the router), I get very weird
results:
traceroute to 192.168.25.180 (192.168.25.180), 30 hops max, 40 byte
packets
1 * * *
2 * * *
3 * * *
4 * * *
5 * * *
6 192.168.25.180 1.544 ms 1.581 ms 1.564 ms
traceroute 4.2.2.1 to the internet returns nothing
traceroute to 4.2.2.1 (4.2.2.1), 30 hops max, 40 byte packets
1 ausrouter (192.168.25.1) 2.965 ms 4.437 ms 4.936 ms
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
....
30 * * *
I've run wireshark on this network and it doesn't appear to ever hit
the router (192.168.25.1)
I've done the same test on a functionally identical network (machine
192.168.35.120, router 192.168.35.1) and find that I get a TTL
exceeded from 192.168.35.1 after the 4th attempt
The strangest part? This worked for a couple of days two weeks ago but
someone power cycled before a write mem and so it can't be retrieved.
My only recollection from those edits was that I changed the speed and
duplex of the 0/0 and 0/1 (but I can't be sure)- Hide quoted text -
As Thrill5 says -
It looks as if NAT is not working for some reason.
Idea!
Have you changed your Internet Address for the move?
Maybe you have
ip nat inside source list xx old.internet.address overload
change it to
ip nat inside source list xx interface fa 0/0 overload
Remember and save the new config
copy runn start
or "wr" if you are typing averse:)
Failing that please post the whole config.
Obviously you should not post passwords/usernames
and most people hide their real internet addresses.
also:-
try a ping from the inside to the internet
and immediately (you have plenty time to do the
command but dont delay).
sh ip nat tr
post that too.
debug ip nat
is pretty cool.
You need to arrange to see the messages and
remember to turn it off.
logging buffered debug
log buff 100000
sh log
and/or
logg console debug
telnet to router
term monitor
term no mon
no logg console
Is good practise for production since
a lot or messages can absorb signiifcant CPU.
One interrupt per character that is attempted to be
output.
I checked it too (after I posted the above) and see that it's always
trying to go through 4.0.1.3 when I try to ping the internet. That
won't work (as I don't own that anymore). I need to do a little study
on what that nat command does (the one with 4.0.1.3) and figure out
how to replace it.
I'm the newbie (NON) cisco guy here so I'm learning on the fly. I
understand (pretty much) the VPN stuff, but the 'nat'ting is a little
out of my comfort range. I bet it won't be by the end of today.
Thanks to all, I'm very close now.
I tried to remove the swb nat pool and recv'd :
%Dynamic Mapping in Use, Cannot remove
So, I went to my trusty IOS Cookbook and found:
clear ip nat translation *
config terminal
no ip nat pool old pool name
ip nat pool new pool
.......
And now, it works like a CHARM!!!!!!!!
Thanks to all
.
- References:
- moved a working network, now it doesn't work
- From: kevindtimm
- Re: moved a working network, now it doesn't work
- From: Thrill5
- Re: moved a working network, now it doesn't work
- From: kevindtimm@xxxxxxxxx
- Re: moved a working network, now it doesn't work
- From: bod43
- Re: moved a working network, now it doesn't work
- From: kevindtimm@xxxxxxxxx
- moved a working network, now it doesn't work
- Prev by Date: Re: moved a working network, now it doesn't work
- Next by Date: Cisco ASA 5505 Licensing
- Previous by thread: Re: moved a working network, now it doesn't work
- Next by thread: Re: moved a working network, now it doesn't work
- Index(es):
Relevant Pages
|
