05-06-2005 07:29 AM - edited 03-03-2019 09:29 AM
My equipment is a cisco 2610 IOS c2600-i-mz.122-10b.
I configured the following static route:
ip route 172.16.104.0 255.255.254.0 172.16.32.2
Ethernet 0/0 address is 172.16.32.1/20
I can ping the gateway 172.16.32.2 and the router is applying the static route:
xxx#sh ip route 172.16.104.0
Routing entry for 172.16.104.0/23
Known via "static", distance 1, metric 0
Redistributing via ospf 99
Advertised by ospf 99 subnets route-map static_ospf_ge
Routing Descriptor Blocks:
* 172.16.32.2
Route metric is 0, traffic share count is 1
However a trace to the remote host 172.16.104.12 always fails:
Tracing the route to 172.16.104.12
1 * * *
2 * * *
No acl seems be blocking my trace on my router:
xxx#sh ip access-lists
Standard IP access list 25
permit 192.168.0.0, wildcard bits 0.0.255.255
permit 204.231.97.0, wildcard bits 0.0.0.255
Standard IP access list static_to_ospf_ge
permit 172.16.48.0, wildcard bits 0.0.1.255 (1 match) check=74
permit 172.16.50.0, wildcard bits 0.0.1.255 (1 match) check=73
permit 172.16.104.0, wildcard bits 0.0.1.255 (3 matches) check=70
permit 172.16.88.0, wildcard bits 0.0.3.255 (10 matches) check=60
Extended IP access list 101
deny ospf any any
permit ip any any (48 matches)
I asked to the customer to check if this gateway 172.16.32.2 which should be a router has implemented some acl that are stopping my trace or if there could be a firewall somewhere.Am I right in your opinion?
05-06-2005 10:30 AM
Can you ping 172.16.104.12 ? Probably the router 172.16.104.12 does not know how to get back to you. Or routers in between 172.16.104.12 and your router does not know about the source address of the ping or traceroute packets.
If the above works, then its quiet possible, icmp is being blocked somewhere in between. Try different protocols such as telnet and see if communication works.
The output of sh ip accesss-list is just not enough to troubleshoot, as it does not show where each acl is applied. So I would suggest you to paste sh run output masking confidential info such as passwords and public IPs.
05-08-2005 11:43 PM
I tried with a telnet but it failed too:
xxx#telnet 172.16.104.12
Trying 172.16.104.12 ...
*Mar 6 17:11:22 UTC: Telnet66: 1 1 251 1
*Mar 6 17:11:22 UTC: TCP66: Telnet sent WILL ECHO (1)
*Mar 6 17:11:22 UTC: Telnet66: 2 2 251 3
*Mar 6 17:11:22 UTC: TCP66: Telnet sent WILL SUPPRESS-GA (3)
*Mar 6 17:11:22 UTC: Telnet66: 80000 80000 253 24
*Mar 6 17:11:22 UTC: TCP66: Telnet sent DO TTY-TYPE (24)
*Mar 6 17:11:22 UTC: Telnet66: 10000000 10000000 253 31
*Mar 6 17:11:22 UTC: TCP66: Telnet sent DO WINDOW-SIZE (31)
% Connection timed out; remote host not responding
I'm attaching my router config
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide