help please: cannot ping/connect through 2651 outside to inside

[bryanlakatos]

I've tried searching around these forums and google, but apparently I can't phrase my searches right. Here's the issue:

I recently added another T1 and combined them with multilink ppp. This works great from inside my network: internet access is fast and stable. From outside, however, traffic cannot come in. I can ping the external interface of my router from off network, but cannot ping the internal interface, nor any other public IP on the inside of the 2651. I should note that I inherited this network and am kind of new to Cisco routers. Here is the config of the router; if anyone could tell me if anything is suspect or point me in a direction to look next, I'd greatly appreciate it. Thanks:

interface Multilink1
description TWTC MLPPP
ip address 66.193.28.242 255.255.255.252
ip nat outside
ppp multilink
ppp multilink fragment delay 500
ppp multilink group 1
!
interface FastEthernet0/0
description Connected to LAN
ip address 64.128.125.58 255.255.255.248
ip nat inside
duplex auto
speed auto
!
interface Serial0/0
description TWTC Multilink Interface #1
no ip address
encapsulation ppp
service-module t1 timeslots 1-24
ppp multilink
ppp multilink group 1
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/1
description TWTC multilink interface #2
no ip address
encapsulation ppp
service-module t1 timeslots 1-24
ppp multilink
ppp multilink group 1
!
ip nat inside source list 100 interface Multilink1 overload
ip http server
no ip http secure-server
ip classless
ip route 0.0.0.0 0.0.0.0 66.193.28.241
ip route 192.168.0.0 255.255.0.0 64.128.125.59
!
ip access-list extended protocol
access-list 1 permit 64.128.125.59
access-list 23 permit 64.128.125.59
access-list 100 permit ip any any

 

[Minue]

Hello
First check with your ISP to see if they are advertising you public IP subnet.

Regards

 

[brianinms]

You don't have any static nat's configured thus there is nothing that you can ping. Why do you have a public ip range on your inside interface but you are Natting?

 

[Minue]

Hi Brianinms
Some ISP used this style of assigning public IP's.I have change over to another division in my company, working directly with the customers configurations.So I am seeing quite a few of these implementation.Namely 3 types.
1.The LAN has a private address as primary and a pulic as the secondary.With NAT on public facing the WEB
2.Exactly like Bryanlakatos setup.Nat overloading the outside public,and LAN public IP's,isn't NAT and use for Web Servers.No need to NAT because the outside world can get to IP's direcly try the ISP.
3.The public IP addresses on the LAN.No Natting on the router.A firewall is on the LAN and doing the Natting in both directions.
I haven't figure out the benefits of these setup yet.But I know for sure they work.
Regards

 

[brianinms]

Typical configuration on a router is a public ip on the ISP interface and a public ip address on the interface that connects to the clients firewall. However, there is no Nat configured on the router as that function is reserved for the firewall.

Or is you are going to use the router to NAT you have a public on the ISP interface and a private ip that connects to the client internal network.

There is no reason to nat traffic on a firewall as well as a router. Additionally why would you nat a public to a public to begin with?

 

[Minue]

Hi Brianinms
Option 3 is what your'e accustom to,this is done for medium to large clients.But the other options are use for smaller clients with servers on their LAN.In any case I can see what you mention "nat a public to a public"Tomorrow I will check some more configuration to see if I can get to the bottom of this.
Regards