cannot route to server

adiparwita · ‎06-28-2012

hello all..

i've some problem routing my connection to vpn server

i've vpn connection with IP given from provider: 10.6.7.3 , subnet:255.255.255.252 , gateway:10.6.7.2

then i set up my router with IP addresed:

Ethernet0 : 10.6.7.3 / 255.255.255.252

FastEthernet0 : 10.20.0.1 / 255.255.255.0

the result is:

ping 10.20.0.1 from PC on LAN (10.20.0.100) : success

ping 10.6.7.3 from PC on LAN (10.20.0.100): success

ping 10.6.7.2 from PC on LAN (10.20.0.100): failed --> this is my problem

ping 10.6.7.2 from router : success

here is my running config:

Router1700(config)#sh run

Building configuration...

Current configuration : 708 bytes

!

version 12.2

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname Router1700

!

ip subnet-zero

!

ip audit notify log

ip audit po max-events 100

!

interface Ethernet0

description Connection_to_VPN

ip address 10.6.7.3 255.255.255.252

half-duplex

!

interface FastEthernet0

description Connection_To_LAN

ip address 10.20.0.1 255.255.255.0

speed auto

!

ip classless

ip route 0.0.0.0 0.0.0.0 10.6.7.2

no ip http server

!

line con 0

line aux 0

line vty 0 4

login local

!

no scheduler allocate

end

----------------------------------------------

Router1700#sh ip route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area

* - candidate default, U - per-user static route, o - ODR

P - periodic downloaded static route

Gateway of last resort is 10.6.7.2 to network 0.0.0.0

10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

C 10.20.0.0/24 is directly connected, FastEthernet0

C 10.6.7.1/30 is directly connected, Ethernet0

S* 0.0.0.0/0 [1/0] via 10.6.7.2

can anyone help me?

thanks

gamalielcruz · ‎06-28-2012

From how I understand your statement, 10.6.7.2 is your ISP's side already.

Check with them if they have filtering for ICMP. They may have only allowed ICMP from 10.6.7.3.

Thanks!

cadet alain · ‎06-28-2012

Hi,

IP communication is bidirectional so surely the 10.6.7.2 hasn't got a route back to 10.20.0.0/24 or it filters the ICMP.

Regards.

Alain.

Don't forget to rate helpful posts.

adiparwita · ‎06-28-2012

i'm still confused, there are no ICMP filter

i can access or ping 10.6.7.3 from PC (10.20.0.1)

i can access or ping 10.6.7.2 from router

but i cant access 10.6.7.2 from PC

Can you help me?, there may be something wrong with the current config

thankyou

cadet alain · ‎06-28-2012

Hi,

10.6.7.3 is the broadcast address and so 10.6.7.1 replies

the second ping is from router to directly connected IP

Can you sniff the nic from client while sending ping to 10.6.7.2, if 10.6.7.2 doesn't permit pings from non connected interface and icmp unreachable hasn't been disabled we should see a administratively prohibited icmp message.

Regards.

Alain.

Don't forget to rate helpful posts.

adiparwita · ‎06-28-2012

hmm weird...

i leaved for a while, it is suddenly connected himself, hahaha

thank you all..