Re: Private ip issue with sub interface in 2900 router

kazimjhon · ‎01-05-2023

hello

I have dual isp bgp single router configuration which working fine.

Now I facing issue to my local private network. I cannot ping or access directly point-to-point devices from my public lan ip.

i have assigned 192.168.169.2 255.255.255.252 to sub interface 0/1.17 which i can ping from my lan side but cannot ping 192.168.169.1 and 10.110.113.1 255.255.255.252 to sub interface 0/1.14 which i can ping from my lan side but cannot ping 10.110.113.2. May policy route-map issue. kindly help me in this issue.

C:\Users\>ping 192.168.169.2

Pinging 192.168.169.2 with 32 bytes of data:
Reply from 192.168.169.2: bytes=32 time=1ms TTL=253
Reply from 192.168.169.2: bytes=32 time=3ms TTL=253
Reply from 192.168.169.2: bytes=32 time=3ms TTL=253

Ping statistics for 192.168.169.2:
Packets: Sent = 3, Received = 3, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 3ms, Average = 2ms
Control-C
^C
C:\Users\>ping 192.168.169.1

Pinging 192.168.169.1 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 192.168.169.1:
Packets: Sent = 3, Received = 0, Lost = 3 (100% loss),
Control-C
^C
C:\Users\>ping 10.110.113.1

Pinging 10.110.113.1 with 32 bytes of data:
Reply from 10.110.113.1: bytes=32 time=6ms TTL=253
Reply from 10.110.113.1: bytes=32 time=1ms TTL=253

Ping statistics for 10.110.113.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 6ms, Average = 3ms
Control-C
^C
C:\Users\>ping 10.110.113.2

Pinging 10.110.113.2 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 10.110.113.2:
Packets: Sent = 3, Received = 0, Lost = 3 (100% loss),

kazimjhon · ‎01-05-2023

private remote host pinging from router but unreachable from LAN PC. May be Route-map policy or filter issue.

Georg Pauwen · ‎01-05-2023

Hello,

enable debugging:

debug ip policy

and check if your return traffic is routed anywhere it is not supposed to go. In any case, add a second (empty) sequence to the route map that matches everything else, and that makes sure it gets routed according to the routing table.

--> route-map 216OUT permit 20

kazimjhon · ‎01-05-2023

could you please share full configuration for 192.168.0.0/16, route-map etc

Georg Pauwen · ‎01-05-2023

Hello,

just add the line marked in bold:

route-map 216OUT permit 10
match ip address 110
set interface GigabitEthernet0/0
!
route-map 216OUT permit 20

kazimjhon · ‎01-05-2023

not understand .

how to add a second (empty) sequence to the route map that matches everything else.

kazimjhon · ‎01-05-2023

added the below but same results not pinging

route-map 216OUT permit 20

kazimjhon · ‎01-05-2023

debugging

*Jan 5 14:32:58.156: IP: s=80.76.51.7 (GigabitEthernet0/1.17), d=103.216.135.239, len 40, FIB policy rejected(no match) - normal forwarding

Georg Pauwen · ‎01-05-2023

Hello.

where are you actually pinging from ? Post a schematic drawing of your topology including all devices involved, that shows the traffic flow...

kazimjhon · ‎01-05-2023

switch ip 192.168.169.1

my router 0/1.17 interface via ( ip 192.168.169.2)

0/1.17 (103.216.135.121 secondary ip ) connected to another device having ip 103.216.135.124 and i can ping 192.168.169.2 form 124 ip but not ping to 192.168.169.1

in router i can ping 192.168.169.1

hop you got my seen.