I have routing issue and unable to ping google dns

R Manjunatha · ‎08-03-2023

Hi

I can be able to ping IP address 192.168.29.180 from host-VCP 18 to R5, but unable to ping the gateway of the internet or google DNS.

There is no issue with inside and outside FW policy (even I can't be able to ping Google DNS from the firewall as well)

VPCS> ping 192.168.29.180

84 bytes from 192.168.29.180 icmp_seq=1 ttl=253 time=4.735 ms
84 bytes from 192.168.29.180 icmp_seq=2 ttl=253 time=3.412 ms
84 bytes from 192.168.29.180 icmp_seq=3 ttl=253 time=3.687 ms
84 bytes from 192.168.29.180 icmp_seq=4 ttl=253 time=3.219 ms
84 bytes from 192.168.29.180 icmp_seq=5 ttl=253 time=3.415 ms

VPCS> ping 8.8.8.8

*192.168.10.1 icmp_seq=1 ttl=255 time=1.009 ms (ICMP type:3, code:1, Destination host unreachable)
*192.168.10.1 icmp_seq=2 ttl=255 time=1.099 ms (ICMP type:3, code:1, Destination host unreachable)
*192.168.10.1 icmp_seq=3 ttl=255 time=0.954 ms (ICMP type:3, code:1, Destination host unreachable)
*192.168.10.1 icmp_seq=4 ttl=255 time=1.151 ms (ICMP type:3, code:1, Destination host unreachable)
*192.168.10.1 icmp_seq=5 ttl=255 time=0.972 ms (ICMP type:3, code:1, Destination host unreachable)

Router-5

Edge-Core-1#ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 10/10/11 ms
Edge-Core-1#

Edge-Core-1#sh ip rou
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR

Gateway of last resort is 192.168.29.1 to network 0.0.0.0

S* 0.0.0.0/0 [1/0] via 192.168.29.1
10.0.0.0/8 is variably subnetted, 5 subnets, 3 masks
O IA 10.10.10.0/29 [110/20] via 10.10.30.1, 00:31:31, Ethernet0/0
C 10.10.30.0/29 is directly connected, Ethernet0/0
L 10.10.30.2/32 is directly connected, Ethernet0/0
C 10.10.40.0/30 is directly connected, Ethernet0/2
L 10.10.40.1/32 is directly connected, Ethernet0/2
O IA 192.168.10.0/24 [110/21] via 10.10.30.1, 00:31:31, Ethernet0/0
O IA 192.168.20.0/24 [110/21] via 10.10.30.1, 00:31:31, Ethernet0/0
192.168.29.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.29.0/24 is directly connected, Ethernet0/3
L 192.168.29.180/32 is directly connected, Ethernet0/3
O IA 192.168.30.0/24 [110/21] via 10.10.30.1, 00:31:31, Ethernet0/0
O IA 192.168.40.0/24 [110/21] via 10.10.30.1, 00:31:31, Ethernet0/0
O IA 192.168.50.0/24 [110/21] via 10.10.30.1, 00:31:31, Ethernet0/0
O IA 192.168.60.0/24 [110/21] via 10.10.30.1, 00:31:31, Ethernet0/0

interface Ethernet0/0
ip address 10.10.30.2 255.255.255.248
duplex auto
!
interface Ethernet0/1
no ip address
duplex auto
!
interface Ethernet0/2
ip address 10.10.40.1 255.255.255.252
duplex auto
!
interface Ethernet0/3
ip address 192.168.29.180 255.255.255.0
duplex auto

!
router ospf 1
router-id 2.2.2.2
redistribute connected subnets
redistribute static subnets
network 10.10.30.0 0.0.0.7 area 0.0.0.1
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 192.168.29.

Flavio Miranda · ‎08-03-2023

Hi @R Manjunatha

Run trace route from the VPCS and see where it is stops. Then, check that device routing table.

R Manjunatha · ‎08-03-2023

It's stopping from the R5 router when I trace router from SW11 and from the VPCS gateway of the SVI interface of the S11 switch

PCS> trace 8.8.8.8
trace to 8.8.8.8, 8 hops max, press Ctrl+C to stop
1 192.168.10.1 0.907 ms 0.847 ms 0.755 ms
2 * * *
3 * * *

DSW-1#trace
DSW-1#traceroute 8.8.8.8
Type escape sequence to abort.
Tracing the route to dns.google (8.8.8.8)
VRF info: (vrf in name/id, vrf out name/id)
1 10.10.10.1 2 msec 1 msec 1 msec
2 10.10.30.2 2 msec 4 msec 2 msec
3 * * *
4 * * *
5 * * *
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *

DSW-1#sh ip rou
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR

Gateway of last resort is 10.10.10.1 to network 0.0.0.0

O*E2 0.0.0.0/0 [110/1] via 10.10.10.1, 00:05:20, Ethernet0/1
10.0.0.0/8 is variably subnetted, 4 subnets, 3 masks
C 10.10.10.0/29 is directly connected, Ethernet0/1
L 10.10.10.2/32 is directly connected, Ethernet0/1
O IA 10.10.30.0/29 [110/20] via 10.10.10.1, 00:51:59, Ethernet0/1
O E2 10.10.40.0/30 [110/20] via 10.10.10.1, 00:50:14, Ethernet0/1
192.168.10.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.10.0/24 is directly connected, Vlan10
L 192.168.10.1/32 is directly connected, Vlan10
192.168.20.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.20.0/24 is directly connected, Vlan20
L 192.168.20.1/32 is directly connected, Vlan20
O E2 192.168.29.0/24 [110/20] via 10.10.10.1, 00:41:47, Ethernet0/1
192.168.30.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.30.0/24 is directly connected, Vlan30
L 192.168.30.1/32 is directly connected, Vlan30
192.168.40.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.40.0/24 is directly connected, Vlan40
L 192.168.40.1/32 is directly connected, Vlan40
192.168.50.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.50.0/24 is directly connected, Vlan50
L 192.168.50.1/32 is directly connected, Vlan50
192.168.60.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.60.0/24 is directly connected, Vlan60
L 192.168.60.1/32 is directly connected, Vlan60

Flavio Miranda · ‎08-03-2023

It stops at R5? But where is 8.8.8.8 connected to? And the what is 10.10.10.1 ?

R5 is DSW?

R Manjunatha · ‎08-04-2023

8.8.8.8 is connected to my home WIFI network and 10.10.10.1 is FW inside interface IP address.

R5 is edge routers towards internet facing.

paul driver · ‎08-03-2023

Hello
You need to enable NAT/PAT on R5/R6 so it dynamically translates your private addressing traffic in to a public routed ip address,
Can you share the run cfg of both wan rtrs

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

R Manjunatha · ‎08-04-2023

Yes. I tried NAT Option as well.

Is this because the WIFI internet router doesn't have a default route towards the R5 router?

Router 5
Edge-Core-1#sh
Aug 4 07:50:27.000: %SYS-5-CONFIG_I: Configured from console by console
Edge-Core-1#sh run
Building configuration...

Current configuration : 1772 bytes
!
! Last configuration change at 07:50:27 UTC Fri Aug 4 2023
! NVRAM config last updated at 07:50:25 UTC Fri Aug 4 2023
!
version 15.7
service config
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Edge-Core-1

interface Ethernet0/0
ip address 10.10.30.2 255.255.255.248
ip nat inside
ip virtual-reassembly in
duplex auto
!
interface Ethernet0/1
no ip address
shutdown
duplex auto
!
interface Ethernet0/2
ip address 10.10.40.1 255.255.255.252
duplex auto
!
interface Ethernet0/3
no ip address
duplex auto
!
interface Ethernet1/0
ip address 192.168.29.75 255.255.255.0
ip nat outside
no ip virtual-reassembly in
duplex auto
!

!
router ospf 1
router-id 2.2.2.2
redistribute connected subnets
redistribute static subnets
network 10.10.30.0 0.0.0.7 area 0.0.0.1
default-information originate
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip nat source list 1 interface Ethernet1/0 overload
ip route 0.0.0.0 0.0.0.0 192.168.29.1
!

access-list 1 permit any
!
control-plane
!

con 0
logging synchronous
line aux 0
line vty 0 4
login
transport input none
!
ntp server 34.208.249.133
ntp server pool.ntp.org
!
end

Georg Pauwen · ‎08-04-2023

Hello,

not sure if this has already been mentioned, but a NAT access list with 'permit any' is usually not a good idea. Change the ACL from:

access-list 1 permit any

to

access-list 1 permit 10.10.30.0 0.0.0.7