09-24-2019 06:55 AM
Current configuration : 2363 bytes
!
! Last configuration change at 21:17:11 UTC Tue Sep 24 2019
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
!
!
no ip domain lookup
no ipv6 cef
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
!
track 10 ip sla 10 reachability
delay down 5 up 5
!
track 20 ip sla 20 reachability
delay down 5 up 5
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 192.168.55.2 255.255.255.0
ip nat outside
speed auto
duplex auto
!
interface FastEthernet0/1
ip address 192.168.56.2 255.255.255.0
ip nat outside
speed auto
duplex auto
!
interface FastEthernet1/0
ip address 192.168.12.1 255.255.255.252
ip nat inside
ip policy route-map LOCAL
speed auto
duplex auto
!
interface FastEthernet1/1
no ip address
shutdown
speed auto
duplex auto
!
router ospf 1
network 192.168.12.0 0.0.0.3 area 0
network 192.168.55.0 0.0.0.255 area 0
network 192.168.56.0 0.0.0.255 area 0
!
ip nat inside source route-map ISP1 interface FastEthernet0/0 overload
ip nat inside source route-map ISP2 interface FastEthernet0/1 overload
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 192.168.55.1 track 10
ip route 0.0.0.0 0.0.0.0 192.168.56.1 track 20
!
ip access-list extended LAN
permit ip 192.168.10.0 0.0.0.255 any
permit ip 192.168.20.0 0.0.0.255 any
permit ip 192.168.30.0 0.0.0.255 any
permit ip 192.168.12.0 0.0.0.3 any
ip access-list extended NET1
permit ip any any
ip access-list extended NET2
permit ip any any
!
ip sla 10
icmp-echo 192.168.55.1
frequency 5
ip sla schedule 10 life forever start-time now
ip sla 20
icmp-echo 192.168.56.1
frequency 5
ip sla schedule 20 life forever start-time now
!
route-map LOCAL permit 30
set ip next-hop verify-availability 192.168.55.1 10 track 10
set ip next-hop verify-availability 192.168.56.1 20 track 20
!
route-map ISP2 permit 10
match ip address NET2
match interface FastEthernet0/1
!
route-map ISP1 permit 10
match ip address NET1
match interface FastEthernet0/0
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
!
!
end
09-24-2019 06:59 AM - edited 09-24-2019 07:01 AM
Hi,
Share your remote end configuration also. It seems two-way communication is not happening with the remote end. Is it in the same subnet or any blocking etc?
09-24-2019 07:07 AM
Remote end configuration
Building configuration...
Current configuration : 1801 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R3
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
!
!
ip cef
ip name-server 8.8.8.8
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
!
interface FastEthernet0/0
ip address 192.168.55.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address dhcp
shutdown
duplex auto
speed auto
!
interface FastEthernet1/0
!
interface FastEthernet1/1
no switchport
ip address 192.168.15.2 255.255.255.252
!
interface FastEthernet1/2
!
interface FastEthernet1/3
!
interface FastEthernet1/4
!
interface FastEthernet1/5
!
interface FastEthernet1/6
!
interface FastEthernet1/7
!
interface FastEthernet1/8
!
interface FastEthernet1/9
!
interface FastEthernet1/10
!
interface FastEthernet1/11
!
interface FastEthernet1/12
!
interface FastEthernet1/13
!
interface FastEthernet1/14
!
interface FastEthernet1/15
!
interface Ethernet2/0
no ip address
shutdown
half-duplex
!
interface Ethernet2/1
no ip address
shutdown
half-duplex
!
interface Ethernet2/2
no ip address
shutdown
half-duplex
!
interface Ethernet2/3
no ip address
shutdown
half-duplex
!
interface Vlan1
no ip address
!
router ospf 1
log-adjacency-changes
network 192.168.15.0 0.0.0.3 area 0
network 192.168.55.0 0.0.0.255 area 0
!
no ip http server
no ip http secure-server
ip forward-protocol nd
!
!
!
no cdp log mismatch duplex
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
!
end
09-24-2019 07:14 AM
Hi,
I didn't find any issue with configuration. Is it LAB or real devices? Are both devices are pingable from each other?
09-24-2019 09:20 PM
This is LAB simulation. and Yes, they can ping each other.
09-24-2019 08:32 AM - edited 09-24-2019 08:35 AM
Hello
Can you apply a simple acl to initiate a debug for failing multicast hello packets then post results of it.
ip-access-list extended 110
oermit up 192.168.55.0 0.0.0.3 host 224.0.0.5
debug up packet detail 110
09-24-2019 09:23 PM
Both sides can ping multicast address
09-24-2019 09:31 PM
09-24-2019 10:10 PM
Hi,
could you share debug ip ospf events &debug ip ospf hello from both devices?
09-24-2019 10:18 PM
R1 debugs
R1#
*Sep 25 13:16:00.383: OSPF-1 HELLO Fa0/0: Rcv hello from 192.168.55.1 area 0 192.168.55.1
*Sep 25 13:16:00.383: OSPF-1 HELLO Fa0/0: No more immediate hello for nbr 192.168.55.1, which has been sent on this intf 2 times
R1#
*Sep 25 13:16:02.431: OSPF-1 HELLO Fa0/1: Rcv hello from 192.168.56.1 area 0 192.168.56.1
*Sep 25 13:16:02.431: OSPF-1 HELLO Fa0/1: No more immediate hello for nbr 192.168.56.1, which has been sent on this intf 2 times
*Sep 25 13:16:03.391: OSPF-1 HELLO Fa0/1: Send hello to 224.0.0.5 area 0 from 192.168.56.2
R1#
*Sep 25 13:16:05.727: OSPF-1 HELLO Fa0/0: Send hello to 224.0.0.5 area 0 from 192.168.55.2
*Sep 25 13:16:05.787: OSPF-1 HELLO Fa1/0: Send hello to 224.0.0.5 area 0 from 192.168.12.1
R1#
*Sep 25 13:16:06.735: OSPF-1 HELLO Fa1/0: Rcv hello from 192.168.30.1 area 0 192.168.12.2
R1#
*Sep 25 13:16:10.379: OSPF-1 HELLO Fa0/0: Rcv hello from 192.168.55.1 area 0 192.168.55.1
*Sep 25 13:16:10.379: OSPF-1 HELLO Fa0/0: No more immediate hello for nbr 192.168.55.1, which has been sent on this intf 2 times
R1#
*Sep 25 13:16:12.435: OSPF-1 HELLO Fa0/1: Rcv hello from 192.168.56.1 area 0 192.168.56.1
*Sep 25 13:16:12.435: OSPF-1 HELLO Fa0/1: No more immediate hello for nbr 192.168.56.1, which has been sent on this intf 2 times
*Sep 25 13:16:12.439: OSPF-1 HELLO Fa0/1: Send hello to 224.0.0.5 area 0 from 192.168.56.2
R1#
*Sep 25 13:16:15.463: OSPF-1 HELLO Fa0/0: Send hello to 224.0.0.5 area 0 from 192.168.55.2
*Sep 25 13:16:15.475: OSPF-1 HELLO Fa1/0: Send hello to 224.0.0.5 area 0 from 192.168.12.1
R1#
*Sep 25 13:16:16.731: OSPF-1 HELLO Fa1/0: Rcv hello from 192.168.30.1 area 0 192.168.12.2
R1#
*Sep 25 13:16:20.375: OSPF-1 HELLO Fa0/0: Rcv hello from 192.168.55.1 area 0 192.168.55.1
*Sep 25 13:16:20.375: OSPF-1 HELLO Fa0/0: No more immediate hello for nbr 192.168.55.1, which has been sent on this intf 2 times
R3 debugs
*Mar 1 18:50:43.871: OSPF: Send hello to 224.0.0.5 area 0 on FastEthernet0/0 from 192.168.55.1
*Mar 1 18:50:43.871: OSPF: Send hello to 224.0.0.5 area 0 on FastEthernet1/1 from 192.168.15.2
R3#
*Mar 1 18:50:50.855: OSPF: Rcv hello from 192.168.16.1 area 0 from FastEthernet1/1 192.168.15.1
*Mar 1 18:50:50.855: OSPF: End of hello processing
R3#
*Mar 1 18:50:53.871: OSPF: Send hello to 224.0.0.5 area 0 on FastEthernet0/0 from 192.168.55.1
*Mar 1 18:50:53.871: OSPF: Send hello to 224.0.0.5 area 0 on FastEthernet1/1 from 192.168.15.2
R3#
*Mar 1 18:51:00.839: OSPF: Rcv hello from 192.168.16.1 area 0 from FastEthernet1/1 192.168.15.1
*Mar 1 18:51:00.839: OSPF: End of hello processing
R3#
*Mar 1 18:51:03.871: OSPF: Send hello to 224.0.0.5 area 0 on FastEthernet0/0 from 192.168.55.1
*Mar 1 18:51:03.871: OSPF: Send hello to 224.0.0.5 area 0 on FastEthernet1/1 from 192.168.15.2
R3#
*Mar 1 18:51:10.835: OSPF: Rcv hello from 192.168.16.1 area 0 from FastEthernet1/1 192.168.15.1
*Mar 1 18:51:10.835: OSPF: End of hello processing
R3#
*Mar 1 18:51:13.871: OSPF: Send hello to 224.0.0.5 area 0 on FastEthernet0/0 from 192.168.55.1
*Mar 1 18:51:13.871: OSPF: Send hello to 224.0.0.5 area 0 on FastEthernet1/1 from 192.168.15.2
09-24-2019 10:56 PM
09-24-2019 11:15 PM
Hi,
As per debug logs, I noticed that R1 is not finishing Hello packet process means there is drop or some ACL is making an issue. And second logs which I am looking on R1 is:
*Sep 25 12:30:59.992: IP: s=192.168.55.2 (local), d=224.0.0.5 (FastEthernet0/0), len 80, output feature, proto=89, packet consumed, Post-routing NAT Outside(24), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
I hope NAT is making an issue for you.
09-24-2019 11:22 PM
Yes, I think you are right about the NAT. Can you tell me how can I fix the issue ?
09-25-2019 12:14 AM
Hi,
I found below issue:
DB packet reply is getting failed on router1 (where we configured NAT).
here are the logs:
NAT logs:
*Sep 25 07:11:45.707: mapping pointer available mapping:0
*Sep 25 07:11:45.707: NAT: translation failed (A), dropping packet s=1.1.1.1 d=1.1.1.2
R1#
*Sep 25 07:11:50.223: mapping pointer available mapping:0
*Sep 25 07:11:50.223: NAT: translation failed (A), dropping packet s=1.1.1.1 d=1.1.1.2
R1#
*Sep 25 07:11:54.759: mapping pointer available mapping:0
*Sep 25 07:11:54.759: NAT: translation failed (A), dropping packet s=1.1.1.1 d=1.1.1.2
R1#
*Sep 25 07:11:59.663: mapping pointer available mapping:0
*Sep 25 07:11:59.663: NAT: translation failed (A), dropping packet s=1.1.1.1 d=1.1.1.2
R1#
*Sep 25 07:12:04.251: mapping pointer available mapping:0
*Sep 25 07:12:04.255: NAT: translation failed (A), dropping packet s=1.1.1.1 d=1.1.1.2
R1#
*Sep 25 07:12:09.039: mapping pointer available mapping:0
*Sep 25 07:12:09.043: NAT: translation failed (A), dropping packet s=1.1.1.1 d=1.1.1.2
R1#
*Sep 25 07:12:13.611: mapping pointer available mapping:0
*Sep 25 07:12:13.611: NAT: translation failed (A), dropping packet s=1.1.1.1 d=1.1.1.2
R1#
*Sep 25 07:12:18.595: mapping pointer available mapping:0
*Sep 25 07:12:18.595: NAT: translation failed (A), dropping packet s=1.1.1.1 d=1.1.1.2
R1#
*Sep 25 07:12:23.235: mapping pointer available mapping:0
*Sep 25 07:12:23.239: NAT: translation failed (A), dropping packet s=1.1.1.1 d=1.1.1.2
R1#
*Sep 25 07:12:27.907: mapping pointer available mapping:0
*Sep 25 07:12:27.907: NAT: translation failed (A), dropping packet s=1.1.1.1 d=1.1.1.2
R1#
*Sep 25 07:12:32.703: mapping pointer available mapping:0
*Sep 25 07:12:32.707: NAT: translation failed (A), dropping packet s=1.1.1.1 d=1.1.1.2
R1#
*Sep 25 07:12:37.447: mapping pointer available mapping:0
*Sep 25 07:12:37.447: NAT: translation failed (A), dropping packet s=1.1.1.1 d=1.1.1.2
R1#
*Sep 25 07:12:45.915: mapping pointer available mapping:0
*Sep 25 07:12:45.915: NAT: translation failed (A), dropping packet s=1.1.1.1 d=1.1.1.2
R1#
*Sep 25 07:12:55.059: mapping pointer available mapping:0
*Sep 25 07:12:55.059: NAT: translation failed (A), dropping packet s=1.1.1.1 d=1.1.1.2
R1#
Packet capture:
09-25-2019 01:23 AM
True, It is dropping my NAT packet. How can i fix this ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide