[lug] cisco678 - PPP - /29

Frank Whiteley techzone at greeleynet.com
Sun Nov 3 18:23:54 MST 2002 

----- Original Message -----
From: "j davis" <davis_compz at hotmail.com>
To: <lug at lug.boulder.co.us>
Sent: Sunday, November 03, 2002 2:23 PM
Subject: Re: [lug] cisco678 - PPP - /29


>
> >Using eth0 and vip0, the only way I could finally get it to both NAT and
> >route was to add the following to configure the outside port for NAT.  I
> >assume you want to keep NAT enabled.  Qwest 2nd tier support and ISP were
> >not helpful and I had to dig this out of CISCO docs and even that wasn't
> >clear that it was the issue. (FWIW, Cisco 675s did this fine out of the
> >box).
> >
> >set int wan0-0 outside-ip 209.155.171.204 (in your case)
> >
> >Also do
> >show int eth0
> >and
> >show int vip0
> >
> >Your public subnet should be set to outside.  Your rfc1918 subnets should
> >be
> >set to inside.  I recently added a second rfc1918 subnet to vip1 and had
to
> >issue
> >set int vip1 inside
> >to get NAT working on that subnet.  It defaulted to outside for some
> >reason.
> >
> >Remember
> >write
> >reboot
> >following any changes.
> >
> >I assume you've added the route for your subnet then.  If not, you'll
need
> >to.
> >
> >Frank Whiteley
> >Greeley
>
>
> Hi Frank,
> I think i did all that you said. But my connection for the non nat-ed
> public ips on vip0 comes and goes.I did not add any routes though.
> Below are the outputs of sho run and sho route and sho int. Could
> you tell me if everything looks right....Also, when i ping
> out from a ip on the vip0 subnet (ie 209.155.171.213) I can see
> that the trafffic is making the internet...i think, i feel the problem
> is getting a route back in. I dont reall care to have nat working..
> just the only way i have gotten any connection at all.
>
> Thanks for your time,
> jd
>
>
> sho route....
> cbos#sho route
> [TARGET]         [MASK]           [GATEWAY]       [M][P] [TYPE]    [IF]
> [AGE]
> 0.0.0.0          0.0.0.0          0.0.0.0          1     SA        WAN0-0
> 0
> 209.155.168.208  255.255.255.248  0.0.0.0          1     LA        VIP0
> 0
> 10.0.0.0         255.255.255.0    0.0.0.0          1     LA        ETH0
> 0
> 209.155.171.0    255.255.255.0    0.0.0.0          1     A         WAN0-0
> 0
>
> WAN Interfaces...
> 209.155.171.1    255.255.255.255  0.0.0.0          1     HA        WAN0-0
> 0
>
This looks fine.

> sho run.....
> cbos#sho run
> Warning: traffic may pause while NVRAM is being accessed
> [[ CBOS = Section Start ]]
> NSOS MD5 Enable Password =
> NSOS Virtual IP Address = 00, 209.155.168.209
> NSOS Virtual Netmask = 00, 255.255.255.248
> NSOS MD5 Root Password =
> NSOS MD5 Commander Password =
> [[ PPP Device Driver = Section Start ]]
> PPP Port Option = 00, IPCP,IP Address,3,Auto,Negotiation Not
> Required,Negotiable,IP,209.155.171.204
> PPP Port Option = 00, IPCP,Primary DNS Server,129,Auto,Negotiation Not
> Required,Negotiable,IP,0.0.0.0
> PPP Port Option = 00, IPCP,Secondary DNS Server,131,Auto,Negotiation Not
> Required,Negotiable,IP,0.0.0.0
> PPP Port User Name = 00, jdavis
> PPP Port User Password = 00, ****
> [[ ATM WAN Device Driver = Section Start ]]
> ATM WAN Virtual Connection Parms = 00, 0, 32, 0
> [[ IP Routing = Section Start ]]
> IP NAT = enabled
> IP NAT Outside IP = 209.155.171.204
>
I'll assume you've changed your passwords;^)

This looks okay, however, I'm using a different CBOS version and get
different info displayed.  I was seeing something odd a few minutes ago
while running Matt's traceroute to your 210 and 212 public IPs, but I
suspect you were rebooting.  I have seen odd routing when the ISP
inadvertently assigned the SAME subnet to two users.  We could do some
things, but not all things.  Your userID is crl?  If not, there could be a
problem.  CNSP seems large enough to have the inadvertant routing problem.
A quick ARIN check was inconclusive other than the assigned IPs were in a
range allocated to CNSP.  This is just something to double check if other
ideas don't work out.  It can absorb a lot of time.

> sho int...
>
> cbos#sho int
>            IP Address         Mask
> eth0       10.0.0.1           255.255.255.0
>
> vip0       209.155.168.209    255.255.255.248
>
> vip1       0.0.0.0            255.255.255.0
>
> vip2       0.0.0.0            255.255.255.0
>
> wan0       Physical Port: Trained
>
>            Dest IP Address    Mask
> wan0-0     209.155.171.1      255.255.255.255
>
What does show int vip0 return?  Though I doubt it, is there any chance of
MTU mismatch?

> sho nat....
>
> cbos#sho nat
>
> NAT is currently enabled
>
> Port      Network        Global
> eth0      Inside
> wan0-0    Outside      209.155.171.204
> vip0      Outside      209.155.168.209
> vip1      Outside
> vip2      Outside
>
>       Local IP : Port      Global IP : Port      Timer Flags    Proto
> Interface
>        10.0.0.2:32808 209.155.168.209:10001    86400   0x00046  tcp   eth0
> vip0
>        10.0.0.2:32769 209.155.171.204:10001       90   0x00046  udp   eth0
> wan0-0
>        10.0.0.2:40744 209.155.171.204:40744       30   0x00046  icmp  eth0
> wan0-0
>        10.0.0.1:1329  209.155.171.204:1329        30   0x0004A  icmp  eth0
> wan0-0
>
AHA! vip0 Global appears wrong.  I have no value in mine and all of my
global IPs poinnt to my static IP  You seem to have a mismatch on with the
global IP 209.166.168.209 assignment.

Frank

More information about the LUG mailing list