Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
978
Views
0
Helpful
1
Replies

SR520 Routing Issue

bbbowden1013
Level 1
Level 1

‎01-26-2011 01:51 PM

Set up:

SR520 - Off Site - Static Ip - Connected to main site with site-to-site VPN

UC540 - Main Site - Static IP

Problem:

Computer behind SR520 can not browse internet.

More Info:

Up until this morning, this set up was working.  Now, the tunnel is up (which verifies the internet connectivity), but nothing can reach the internet from behind the SR520.  As a matter of fact, a ping from the SR520 external interface can reach the next hop, but no where else.  This suggests a default route issue.  When I do a Show IP Route on the console, I get:

SR520#Show IP Route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

C    192.168.75.0/24 is directly connected, Vlan75
S    192.168.10.0/24 is directly connected, Vlan75
     66.0.0.0/32 is subnetted, 1 subnets
S       66.XXX.XXX.XXX [1/0] via 75.XXX.XXX.XXX - This is a static route back to our main site, which is probably why the VPN is working
     10.0.0.0/32 is subnetted, 1 subnets
C       10.XXX.XXX.253 is directly connected, Loopback10000 - Main site IP address
     75.0.0.0/30 is subnetted, 1 subnets
C       75.XXX.XXX.228 is directly connected, FastEthernet4 - WAN connection
S*   0.0.0.0/0 [1/0] via 0.0.0.0, Virtual-Access2

That last static route is the one that I don't understand.  I would expect it to point at the next hop/default gateway for the SR520 but instead it points at the site to site virtual interface.  I tried to change it, but then the VPN tunnel closed and I lost my connection to the SR520 and had to have the guy on site reboot the router.

Thanks in advance,

Brett.

Labels:
0 Helpful
1 Reply 1

bbbowden1013
Level 1
Level 1

‎01-27-2011 08:15 AM

Resolved my own issue.

It was a default route problem but the issue was on the server end of the tunnel, not the client.  Somehow, split tunneling was turned off so all traffic was being routed through the tunnel.  In addition, the server side of the tunnel was not allowing internet access to clients coming in via VPN.  Result: No Internet Access.

Turned Split Tunneling back on and Voila, Internet access.

(I hate it when I am stupid).

0 Helpful
Customers Also Viewed These Support Documents