Here are the steps for troubleshooting.
Client1#ping 10.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 76/101/116 ms
Client1#ping 209.65.200.225
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 209.65.200.225, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 52/91/140 ms
Client1#ping 209.65.200.226
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 209.65.200.226, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
-----------------------------------------------------------------
Ping stop responding in 209.65.200.226. By seeing this, it's clear that it might be IP access list is blocking.
Let's check in R1.
If you suspect that it can be because of BGP error, check BGP neighbours.
R1#sh ip bgp summary
BGP router identifier 1.1.1.1, local AS number 65001
BGP table version is 3, main routing table version 3
2 network entries using 234 bytes of memory
3 path entries using 156 bytes of memory
4/2 BGP path/bestpath attribute entries using 496 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 910 total bytes of memory
BGP activity 2/0 prefixes, 3/0 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
209.65.200.226 4 65002 11 10 3 0 0 00:06:22 2
Updated BGP messages and 2 prefix are receiving. It means that BGP is working properly.
Here is IP access-list from R1.
--------------------------
ip nat inside source list 10 interface Serial1/1 overload
!
access-list 10 permit 10.1.0.0 0.0.255.255
access-list 30 permit 209.65.200.241
access-list 30 deny 10.2.1.0 0.0.0.255
access-list 30 deny 10.1.4.0 0.0.0.255
access-list 30 deny 10.1.1.0 0.0.0.255
access-list 30 permit 209.65.200.224 0.0.0.3
access-list 40 permit 209.65.200.241
access-list 40 deny 10.1.0.0 0.0.255.255
access-list 40 deny 10.2.0.0 0.0.255.255
access-list 40 permit 209.65.200.224 0.0.0.3
ipv6 router ospf 6
log-adjacency-changes
-----------------------
There is no ip access list for 10.2.0.0 network in access-list 10 for NATing.
So, the error is in R1, topology in access-list and you can fix by adding 10.2.0.0 0.0.255.255 in access-list 10.
Thank you labs are awesome.....thank you you put so much time into this.However i found small glitch with this lab #3 which drive me nuts through the whole day. The solution you posted wont work till you change NAT configuration for something like this
ReplyDeleteip nat inside source list 10 int s1/1 reversible. Once again thank you so much for creating this!!!!!!!!!!!!!!!!!!!!!!!!!!!
The option you used "overload" for me did not work...
SO basically i want to know tht whts the difference betwn
ReplyDeleteaccess list 30 permit 209.65.200.224 0.0.0.3 and smple acl
access list 30 permit 209.65.200.224 0.0.0.255
pls reply as soon as possible
Hi,
ReplyDeleteSince our subnet mask is /30 so our wildcard mask should be 3. So access list 30 permit 209.65.200.224 0.0.0.3 is correct option.