Solved: Problems with merging two offices over gre Tunnel on ISRs

Ilya Semenov · ‎12-19-2014

Hello, everybody!

Would you please help me to solve strange difficulties that I've faced merging two offices?

I have setup the connection between two offices over tunnel using two CISCOs: isr1800 (PointB) and 881 (PointA). The confs and topology are attached.

The tunnel works fine and I can ping internal interfaces of the routers from both sides.

Also, I can ping some workstations (~5, always the same) on network B from router PointA and WorstationA, but majority is unaccessible (but could be from router PointB - All the firewall were turned off.).

From Network B I can ping only internal interface of router PointA and nothing more.

What is most likely could be the problem? I need to ping all the workstations in internal networks from both sides.

Please, share you ideas - I've spent the day totally in vain. I am excited to provide all other information required.

Many thanks in advance!

Reza Sharifi · ‎12-19-2014

Hi,

What prevents to ping them all from Network A

It could be that those PC/laptop that are not ping able have firewall software on them.

You may want to check for that.

HTH

View solution in original post

Reza Sharifi · ‎12-19-2014

Hi,

If you can ping 192.168.10.1 (the internal interface of router-A) that means you have route to that subnet.

question;

Does Workstation-A have the correct default gateway (192.168.10.1)?

Is the switch that the workstation connected to configured correctly?

Can you provide the configs from both switches?

HTH

Ilya Semenov · ‎12-19-2014

Good evening, Reza!

Unfortunately, I can't provide it right now cause I am out of office. I'll try to do it ASAP.

Thanks you.

The most strange thing is that I can ping from Network A only four of five IPs in Network B, while from router PointB they all could be pinged... =( What prevents to ping them all from Network A?

Reza Sharifi · ‎12-19-2014

Hi,

What prevents to ping them all from Network A

It could be that those PC/laptop that are not ping able have firewall software on them.

You may want to check for that.

HTH

Ilya Semenov · ‎12-19-2014

I've checked that first. There are no firewall or antivirus software enabled. I have disabled them all and checked ping between PCs in Network A. Local communication works perfectly well.

Ilya Semenov · ‎12-22-2014

Well, the problem was solved. My check wasn't good, so Windows Firewall had prevented all the communications with this host.

Reza Sharifi · ‎12-22-2014

That is why I asked to check the firewall setting on PC/laptop. This is common issue with firewalls running on hosts.

Glad to hear the problem was resolved.

Please rate and mark the post as answered so others can benefit from it.

Thanks,

Ilya Semenov · ‎12-22-2014

Many thanks to you, Reza!

Rahmat!

Ilya Semenov · ‎12-22-2014

Hello, Reza!

I've made investigation and found the following:

1) There is a stupid 5-port Dlink between Cisco1800 and NetworkB...

2) All the workstations in B have the correct gateway 192.168.11.1

3) In spite of this, I've made a loopback interface on PointB and tried to ping these workstations from PointB: "ping 192.168.11.x source 1.1.1.1" and these attempts were unsuccessful. Without "source 1.1.1.1" option PointB pings all the workstation needed.

It's unbelievable - why pings work one-way?