Re: 1721 router won't foward to a specific IP address anymore af

hstockard · ‎02-11-2006

Here is my configuration and my issue is listed after that

Remote site:

PBX: Ip Address 10.0.10.2

1721:

internal address on wic 4port:10.0.10.1 which PBX is connected to.

csu T1 adress connected to PTP:172.16.1.2

main site:

1721 router=

csu t1 on PTP:192.16.1.1

internal wic 4port=10.0.0.1

3550 ip for vlan connected to internal wic:10.0.0.2

fiber connecting 3550s

3550 ip for vlan on other end of fiber: 10.0.0.3

2950 plugged into 3550 listed just above this with ip address: 10.0.0.4

PBX at main site connected to 2950 with ip of 10.0.0.6

The PBX ip address at main site is the one I am having issue with. I took down our point to point for several minutes and restarted my routers and switches and after they came backup I could no longer connect to the IP address of the main site PBX which is 10.0.0.6. I can access, ping, and trace all other resources from the remote site accept this IP address. However, i can access this IP from the Main site network including the main site 1721. If I telnet in and ping I get full response. However, if I try to ping from the remote 1721 or remote network it times out. I did a trace and it times out on the remote IP address of the main site 1721, 192.161.1.1. I have looked all through the main site 1721. The pbx address of 10.0.0.6 is in the arp table with the correct hardware address. I can access other resources just fine that are on the same 2950 switch as the PBX from the remote site. The access lists are very simple and their is nothing blocking this IP as I stated it worked for a year before I restarted everything and the startup config is the same as the running config before I restarted the 1721s. I have tried rebooting all switches again to make sure routing and arp tables are correct. As can access this IP and ping from internal address seems very strange this issue would just start. Any thoughts would be very helpfull. Thank you and best regards. JPS

pkhatri · ‎02-11-2006

How is that PBX at the main site configured - in terms of IP address,mask and default gateway...

Paresh

hstockard · ‎02-11-2006

10.0.0.6 /255.255.255.0

gateway 10.0.0.1 this is the correct config and has alway worked. Static routes configure correctly between site and all other IPs on both sides working correctely. Again I can access IP in question from internal addresses and router on its side of the PTP. Thank for the reply pkhatri.

hstockard · ‎02-11-2006

I make one mistake in my config listed above. the main site csu t1 address is 172.16.1.1 not 192.16.1.1 sorry about. Don't want people thinking this is the cause of my problems. Also listed this address as where the ip times out....again I should have put down 172.16.1.1 not 192.161.1.1. Been a long day. Thanks

pkhatri · ‎02-11-2006

Would you be able to advise if the following work:

Ping from PBX to 172.16.1.1

Ping from PBX to 172.16.1.2

Thanks,

Paresh

hstockard · ‎02-11-2006

traffic from the PBX in the other direction is working. So yes I can ping from the main office PBX to 172.16.1.1 and 172.16.1.2 and to the remote PBX just can't go the other direction with this IP. I have checked all access-lists and nothing blocking. Thanks.

hstockard · ‎02-11-2006

traffic from the PBX in the other direction is working. So yes I can ping from the main office PBX to 172.16.1.1 and 172.16.1.2 and to the remote PBX just can't go the other direction with this IP. I have checked all access-lists and nothing blocking. Thanks.

hstockard · ‎02-11-2006

Please ignore this last post. I cannot ping from the PBX to these IP address. I was in a different telnet sorry. I can ping the internal interface of the router on the PBX side but not the outside interface or the remote IPs. Sorry about the mistake. Thanks

pkhatri · ‎02-11-2006

That's interesting.. so you have two-way comms but pings initiated from the remote end don't work, huh ?

It means that either:

* something is blocking ICMP echo requests from the remote end to the main office

OR

* something is blocking ICMP echo replies from the main office to the remote end

You could try one thing: at your head office, on the interface to the 10.0.0.x network, add an entry to the outbound ACL that matches on ICMP packets to 10.0.0.6

Then, ping 10.0.0.6 from your remote PBX and view 'sh ip access-list' to see if there have been any matches against this ACL. That will show you whether or not the pings are getting this far...

Paresh

pkhatri · ‎02-11-2006

Ok, then ignore my last post too...

Is there any chance you could enable 'debug ip icmp' on your remote-end router and then try the ping from your main office PBX ? Just to see whether the ping gets that far or not ?

Paresh

hstockard · ‎02-11-2006

no entries seen on the remote router from this host. I used several other machines to ping across which were noted.

pkhatri · ‎02-11-2006

Ok, that means the pings aren't even getting across the WAN link.

Could you try the same debug on the main router and attempt to ping the 172.16.1.2 from the main PBX ?

Paresh.

pkhatri · ‎02-11-2006

You did say that you could ping 172.16.1.1 from the main office PBX, didn't you ?

Paresh

1721 router won't foward to a specific IP address anymore after restart