1. Home
  2. Cisco Systems
  3. Setting up a router with 29 Global IPs, BUT can't ping router internal interface from server or server interface from router

Setting up a router with 29 Global IPs, BUT can't ping router internal interface from server or server interface from router

I just ordered FIOS from Verizon and received 29 distinct IP addresses. I have a Cisco 2600 with 4 interfaces (FE 0/0, FE 0/1, Eth 1/0 and Serial 1/0., but only the FastEthernet interfaces are configured. I configured interface FE 0/0 with the global IP address 71.B.C.66 /24 and interface FE 0/1 with the reserved IP address of 172.18.8.66/16.

The router is connected to a Cisco 3500 switch as are the servers. The routers default gateway is 71.B.C.6 and I can ping out to the Internet. The switch has three VLANs defined, but all of the ports are part of VLAN 1. The switche's default gateway is the same as the server(s)

192.168.2.1.

When connected to the router's console port, I can ping the Internet but I can't ping the internal network. The oppsite is true for the switch the switch can ping the internal network, but not the internal interface of the router. The switches and servers arp tables don't reference the routers internal network. Also the router acknowledges that it is directly connected to the internal subnet 172.18..0.0/16.

I have attached the following files for reference - router's 'show config', 'show ip route' and 'show arp, switches 'show config' and 'show arp' and the server's 'config /all' and 'netstat -r'.

Lastly, I can ping the router's external interface from the server(s). Yet if I tracert to it the trace goes out the 192.168.2.1 server default gateway and out over the Internel even though I have a persistent route pointing to the 172.18.0.0 network on the server(s)

Router, Switch and Server Configuration Files

=========================================================== CT_Router1#s config

version 12.0

hostname CT_Router1

clock timezone EDT -5 clock summer-time EDT recurring ip subnet-zero no ip source-route no ip finger no ip domain-lookup ip domain-name fake.net ip name-server 151.202.0.84 ip name-server 151.198.0.38 !

interface FastEthernet0/0 description INTERNET FACING INTERFACE ip address 71.B.C .66 255.255.255.0 ip access-group 151 in no ip directed-broadcast full-duplex no cdp enable ! interface FastEthernet0/1 description INTERNAL INTERFACE VLAN 10 ip address 172.18.8.66 255.255.0.0 ip access-group 111 in no ip redirects no ip directed-broadcast no cdp enable ! interface Ethernet1/0 NOT Connected ! ip classless ip route 0.0.0.0 0.0.0.0 71.125.24.6 ip route 192.168.2.0 255.255.255.0 172.18.8.200 * This is the server's address ! access-list 111 remark *** INDSIDE INTERFACE (FA 0/1 172.18.8.66/16)

*** access-list 111 remark * ALLOW SPECIFIC TRAFFIC TO ROUTERS access-list 111 permit icmp 172.18.0.0 0.0.255.255 host 71.124.25.66 access-list 111 permit icmp 172.18.0.0 0.0.255.255 host 172.18.8.66 access-list 111 permit udp host 172.18.8.200 host 71.125.24.66 eq tftp access-list 111 permit udp host 172.18.8.200 host 172.18.8.66 eq tftp access-list 111 permit udp host 192.168.2.200 host 71.125.24.66 eq tftp access-list 111 permit udp host 192.168.2.200 host 172.18.8.66 eq tftp access-list 111 permit tcp host 172.18.8.200 host 71.125.24.66 range 22 telnet access-list 111 permit tcp host 192.168.2.200 host 172.18.8.66 range 22 telnet access-list 111 permit icmp 192.168.2.0 0.0.0.255 host 172.18.8.66 access-list 111 remark * DENY OTHER TRAFFIC TO ROUTERS access-list 111 deny ip any host 63.251.25.66 log-input access-list 111 deny ip any host 63.251.25.67 log-input access-list 111 deny ip any host 63.251.25.65 log-input access-list 111 deny ip any host 172.18.8.2 log-input access-list 111 deny ip any host 172.18.8.3 log-input access-list 111 remark * ALLOW ALL OTHER TRAFFIC access-list 111 permit ip any any access-list 131 permit ip any any access-list 131 remark * ICMP rules access-list 131 permit icmp any 0.0.0.66 255.255.255.0 echo access-list 131 permit icmp any 0.0.0.66 255.255.255.0 echo-reply access-list 131 permit icmp any 0.0.0.66 255.255.255.0 administratively-prohibited access-list 131 permit icmp any 0.0.0.66 255.255.255.0 packet-too-big access-list 131 permit icmp any 63.251.25.64 0.0.0.31 traceroute access-list 131 permit icmp any 0.0.0.66 255.255.255.0 unreachable access-list 131 permit icmp any 0.0.0.66 255.255.255.0 time-exceeded access-list 131 deny ip any any log-input access-list 151 remark * Peter Home access-list 151 permit ip host 66.B.C.62 any access-list 151 remark * GLOBAL INBOUND RULES access-list 151 remark * ANTI-SPOOFING RULES access-list 151 deny ip host 0.0.0.0 any log-input access-list 151 deny ip 10.0.0.0 0.255.255.255 any log-input access-list 151 deny ip 172.16.0.0 0.15.255.255 any log-input access-list 151 deny ip 192.168.0.0 0.0.255.255 any log-input access-list 151 deny ip host 255.255.255.255 any log-input access-list 151 deny ip 0.0.0.66 255.255.255.0 any log-input access-list 151 remark * ICMP rules access-list 151 permit icmp any 0.0.0.66 255.255.255.0 echo access-list 151 permit icmp any 0.0.0.66 255.255.255.0 echo-reply access-list 151 permit icmp any 0.0.0.66 255.255.255.0 administratively-prohibited access-list 151 permit icmp any 0.0.0.66 255.255.255.0 packet-too-big access-list 151 permit icmp any 63.251.25.64 0.0.0.31 traceroute access-list 151 permit icmp any 0.0.0.66 255.255.255.0 unreachable access-list 151 permit icmp any 0.0.0.66 255.255.255.0 time-exceeded access-list 151 deny ip any any log-input no cdp run =========================================================== CT_Router1#s arp Protocol Address Age (min) Hardware Addr Type Interface Internet 71.125.24.1 0 0090.1a41.03ea ARPA FastEthernet0/0 Internet 71.125.24.6 239 0090.1a41.03ea ARPA FastEthernet0/0 Internet 71.125.24.66 - 0030.94d3.a280 ARPA FastEthernet0/0 Internet 192.168.30.1 - 0030.94d3.a288 ARPA Ethernet1/0 Internet 172.18.8.66 - 0030.94d3.a281 ARPA FastEthernet0/1 =========================================================== CT_Router1#s route

CT_Router1#s ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default U - per-user static route, o - ODR, P - periodic downloaded static route T - traffic engineered route

Gateway of last resort is 71.125.24.6 to network 0.0.0.0

71.0.0.0/24 is subnetted, 1 subnets C 71.125.24.0 is directly connected, FastEthernet0/0 C 192.168.40.0/24 is directly connected, Loopback0 C 172.18.0.0/16 is directly connected, FastEthernet0/1 S 192.168.2.0/24 [1/0] via 172.18.8.200 S* 0.0.0.0/0 [1/0] via 71.125.24.6 =========================================================== CT_Switch1#s config

version 12.0

hostname CT_Switch1 ! ip subnet-zero ! interface FastEthernet0/1 * ALL INTERFACES ARE CONFIGURED THE SAME ! interface VLAN1 ip address 192.168.2.230 255.255.255.0 ! interface VLAN10 description INSIDE Interface 192.168.10.0 shutdown ! interface VLAN20 description OUTSIDE Interface to Test NLB 192.168.20.0 shutdown ! ip default-gateway 192.168.2.1 =========================================================== CT_Switch1#s arp Protocol Address Age (min) Hardware Addr Type Interface Internet 192.168.2.1 115 0030.bd9d.1b10 ARPA VLAN1 Internet 192.168.2.230 - 0006.287f.e040 ARPA VLAN1 Internet 192.168.2.203 1 0007.e911.4c7a ARPA VLAN1 Internet 192.168.2.200 30 0009.6bf1.d4a9 ARPA VLAN1 =========================================================== SERVER(S) CONFIG Microsoft Windows [Version 5.2.3790] (C) Copyright 1985-2003 Microsoft Corp.

C:\\Documents and Settings\\war>cd \\

C:\\>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : INCTWPD02 Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : Yes WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Intel-Upper (192.168.2.203) Server Adapter #2:

Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Dual Port Server Adapter #2 Physical Address. . . . . . . . . : 00-07-E9-11-4C-7A DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 192.168.2.203 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.2.1 DNS Servers . . . . . . . . . . . : 192.168.2.1

Ethernet adapter Intel-Lower (192.168.2.201) Server Adapter:

Media State . . . . . . . . . . . : Media disconnected Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Dual Port Server Adapter Physical Address. . . . . . . . . : 00-07-E9-11-4C-7B

Ethernet adapter IBM-Left (192.168.2.202) Network Adapter:

Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Dual Port Network Connection Physical Address. . . . . . . . . : 00-09-6B-F1-D4-A8 DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 192.168.2.202 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.2.1 DNS Servers . . . . . . . . . . . : 192.168.2.1

Ethernet adapter IBM-Right (192.168.2.200) Network Adapter #2:

Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Dual Port Network Connection #2 Physical Address. . . . . . . . . : 00-09-6B-F1-D4-A9 DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 172.18.8.200 Subnet Mask . . . . . . . . . . . : 255.255.0.0 IP Address. . . . . . . . . . . . : 192.168.2.200 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.2.1 DNS Servers . . . . . . . . . . . : 192.168.2.1

Reply to
war_wheelan
Loading thread data ...

PLEASE DISREGARD - I FIGURED IT OUT

Reply to
war_wheelan

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.