E1000 *should be* doing ip routing...

I think it must be okay as some addresses on the B network can be accessed.

On network A, no VLANs are in use.

Network B has a voice VLAN and a default VLAN... we are only interested in the default data VLAN.

I think I will simplify tomorrow... I will use a real switch (probably an HP one) instead of the built in on on the 'LAN side' of the E1000. I will also replace that with a 871 suitable setup.

Maybe we will get somewhere then.

Thanks to all, for your help so far.

Netmask on both servers is correct 255.255.255.0

Both servers have the correct ASA as their default gateway... ie. ServerA has ASA at 192.168.88.254

ServerB has ASA at 192.168.0.254

From earlier post i though you had the default gateway as E1000 and not ASA

Regards

Najaf

The default gateway for all devices on networkA (88.0) is the ASA at 88.254

The default gateway for all devices on networkB (0.0) is the ASA at 0.254

The ASA hopefully learns its route via RIP.

As it happens I did earlier try a static route on the ASA for the other network (via the router at x.253)... but that didn't work for me either.

Try to add static route on the server 0.128

route add 192.168.88.0 mask 255.255.255.0 192.168.0.253

Hope it will help.

If you are running sh ip route command in 871 router , That is the correct output it will show connected routes only.

Could update the current topolgy diagram.

Is ASA1,ASA2,and 871 are part RIP right. ?

if it is the Case you

Will update the drawing in a moment.

ASA1, ASA2 and 871 all have RIP enabled.

router rip

version 2

network 192.168.0.0

network 192.168.88.0

no auto-summary

Diagram updated... has to be the simplest configuration for a router.

what is the sh ip route output on ASA1 and ASA2

On ASA 1 we see

Result of the command: "sho route"

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area

       * - candidate default, U - per-user static route, o - ODR

       P - periodic downloaded static route

Gateway of last resort is xxxxxxrouter ipxxxx to network 0.0.0.0

C    192.168.88.0 255.255.255.0 is directly connected, inside

C    xxxxxxour outside ipxxxx 255.255.255.252 is directly connected, outside

R    192.168.0.0 255.255.255.0 [120/1] via 192.168.88.253, 0:00:06, inside

S*   0.0.0.0 0.0.0.0 [2/0] via xxxour outside router ipxxxxx, outside

Which looks right to me, RIP route to the other network via the 871

On ASA2 we see

Result of the command: "sho route"

Gateway of last resort is 194.xx.xx.xx to network 0.0.0.0

R    192.168.88.0 255.255.255.0 [120/1] via 192.168.0.253, 0:00:05, inside

C    network.outside 255.255.255.248 is directly connected, outside

C    192.168.0.0 255.255.255.0 is directly connected, inside

S*   0.0.0.0 0.0.0.0 [2/0] via 194.xx.xx.xx, outside

Which again looks right to me.

Main point of my confusion now is why the 871 doesn't seem to show any routes leaned by RIP... in fact to me it looks like it is refusing to route anything.

Hi,

The reason 871 is not showiny any RIP route is due to the fact that it has both network as directly connected.ie 192.168.88.0/24 and 192.168..0.0/24.

Directly connected networks always shows as connected and not through routing protocol (RIP in your case)

Also after changing from E1000 to 871 what is the reachabilty status between devices in both network. Is it same like what you had before?

Regards

Najaf

Okay, I now understand the output of the sho ip route on the 871.

Next part of investigation is;

from network A (88.0) I can ping 192.168.88.253 (network A side of the 871)

but can NOT ping 192.168.0.253 (network B side of 871)

That surely means the problem is within the 871... again it looks like it isn't routing anything at all.

Posting config below;

Current configuration : 2125 bytes

!

version 12.3

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

service password-encryption

service sequence-numbers

!

hostname router1

!

boot-start-marker

boot-end-marker

!

logging buffered 51200 debugging

logging console critical

enable secret 5 $1$6Dat$gYL95JVQCJoAuVFcVbr.w0

!

username root privilege 15 secret 5 $1$7Lum$WaC.KWbxa.n/y7uhbOtI11

clock timezone PCTime 0

clock summer-time PCTime date Mar 30 2003 1:00 Oct 26 2003 2:00

no aaa new-model

ip subnet-zero

no ip source-route

ip cef

!

!

ip tcp synwait-time 10

no ip bootp server

no ip domain lookup

ip ssh time-out 60

ip ssh authentication-retries 2

no ftp-server write-enable

!

!

!

!

!

!

!

interface FastEthernet0

no ip address

!

interface FastEthernet1

no ip address

!

interface FastEthernet2

no ip address

!

interface FastEthernet3

no ip address

!

interface FastEthernet4

description $ES_WAN$$FW_OUTSIDE$

ip address 192.168.0.253 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

duplex auto

speed auto

!

interface Vlan1

description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$

ip address 192.168.88.253 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

ip tcp adjust-mss 1452

!

router rip

version 2

network 192.168.0.0

network 192.168.88.0

no auto-summary

!

ip classless

!

ip http server

ip http authentication local

ip http secure-server

ip http timeout-policy idle 5 life 86400 requests 10000

!

logging trap debugging

!

control-plane

!

banner login ^CAuthorized access only!

Disconnect IMMEDIATELY if you are not an authorized user!^C

!

line con 0

login local

no modem enable

transport preferred all

transport output telnet

line aux 0

login local

transport preferred all

transport output telnet

line vty 0 4

privilege level 15

login local

transport preferred all

transport input telnet ssh

transport output all

!

scheduler max-task-time 5000

scheduler allocate 4000 1000

scheduler interval 500

end

Hi,

I think you have a problem here. Try modifying the configuration as below.

interface Vlan1

no ip address

interface FastEthernet3   ---------------------> Connect this port to HP Switch

ip address 192.168.88.253 255.255.255.0

interface FastEthernet4 ---------------------> Connect this port to B side Switch
ip address 192.168.0.253 255.255.255.0
!

ip route 192.168.0.0 255.255.255.0 192.168.0.254

ip route 192.168.88.0 255.255.255.0 192.168.88.254

NOTE:- Personally i have not worked on 871. But im assuming that we can set individual ip address of both FasEhternet interface of 871.

If router does not accept ip address on both fastEthernet please modify configuration as below

interface Vlan1

ip address 192.168.88.253 255.255.255.0

interface FastEthernet3   ---------------------> Connect this port to HP Switch

As i understand it by default FasEthernet 3 would be under vlan 1.

First check from router you are able to reach Side A and Side B networks

Then check if Server A can reach till up to 192.168.0.254 and rest of the network

Regards

Najaf