Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
387
Views
0
Helpful
4
Replies

Basic Routing Issue

Pete
Level 1
Level 1

‎09-03-2006 09:57 AM - edited ‎03-03-2019 01:51 PM

Hi,

I have 2 routers with a pix in the middle, the pix has an ip of 192.168.1.7 there is then a VPN connection to a remote site with the address range 192.168.254.0

I have added the route as shown below for the 192.168.254.0 network and I can ping Servers on the network from the Router but not from a client on the LAN (address range 192.168.0.0). I know this is basic but my tired mind is getting annoyed! Help!

interface FastEthernet0/0

ip address 192.168.0.254 255.255.255.0

ip access-group 102 in

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

ip virtual-reassembly

ip route-cache flow

duplex auto

speed auto

no mop enabled

!

interface FastEthernet0/1

ip address 192.168.1.254 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip ips sdm_ips_rule in

ip route-cache flow

duplex auto

speed auto

no mop enabled

ROUTES

ip classless

ip route 0.0.0.0 0.0.0.0 Dialer0

ip route 192.168.254.0 255.255.255.0 192.168.1.7

Labels:
0 Helpful
4 Replies 4

ajagadee
Cisco Employee
Cisco Employee

‎09-03-2006 10:30 AM

Hi,

What are the Access-List Entries for "ip access-group 102 in" on Fa0/0. Are you allowing traffic from 192.168.0.x to go to 192.168.254.x.

And can you post the full configuration. Make sure that you remove all sensitive information, like passwords and public IP's before posting the configuration.

Regards,

Arul

0 Helpful

mheusinger
Level 10
Level 10

‎09-04-2006 06:59 AM

Hi,

I would check for a couple of things more:

Is there a route pointing back to 192.168.0.0/24 ? It should be available on all routers/firewalls inbetween the client and servers. To check this, use an extended ping with source IP 192.168.0.254. Per default a router sets the outgoing interface IP as source IP in ICMP packets. So 192.168.1.0/24 might be known to the rest of your network 192.168.0.0/24 might be not (and thus follow the default route into the internet, where it is discarded.).

Second I would check wether the desired traffic is allowed in the VPN tunnel from both sides. My guess however is, that one or two static routes to 192.168.0.0/24 are missing here and there ;-)

Hope this helps! Please rate all posts.

Regards, Martin

0 Helpful

jackyoung
Level 6
Level 6
In response to mheusinger

‎09-04-2006 05:13 PM

Could you please provide the tracert from your PC ? I suspect there is default GW issue or static for return traffic issue.

And please try to ping from the router but use FE0/0 & FE0/1 as the source interface and test again. e.g. Don't type IP address after the "ping" command and hit enter then follow each row to enter the destination IP & source IP.

Hope this helps.

0 Helpful

cisconoval
Level 1
Level 1
In response to jackyoung

‎09-04-2006 09:17 PM

It sounds the problem might be in Access list. Can u post the Access List to troubleshoot?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card