Re: Routing issue

mattbashara · ‎06-18-2007

I have a point to point t-1 that is currently working for traffic betweeen 192.168.0.0 and 192.168.100.0 (remote site)

I now neet to also route traffic from 192.168.51.0(remote site) and 192.158.50.0. The physical connection to this subnet is there and working and i can ping from both router interfaces but any traffic beyond that times out.

Here are the router configurations.

controller T1 0/0/0

framing esf

linecode b8zs

channel-group 0 timeslots 1-24

!

interface FastEthernet0/0

description $ETH-SW-LAUNCH$$INTF-INFO-FE 0$$ES_LAN$$FW_INSIDE$$ETH-LAN$

ip address 192.168.0.245 255.255.255.0

ip access-group Any out

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

duplex auto

speed auto

no mop enabled

!

interface FastEthernet0/1

description $ETH-LAN$

ip address 192.168.50.200 255.255.255.0

ip access-group any out

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

duplex auto

speed auto

no mop enabled

!

interface Serial0/0/0:0

ip address 192.168.254.1 255.255.255.0

no cdp enable

!

router rip

version 2

network 192.168.0.0

network 192.168.50.0

network 192.168.254.0

no auto-summary

!

ip classless

ip route 192.168.0.0 255.255.255.0 FastEthernet0/0 permanent

ip route 192.168.50.0 255.255.255.0 FastEthernet0/1 permanent

!

logging trap debugging

access-list 1 remark SDM_ACL Category=2

access-list 1 permit 192.168.0.0 0.0.0.255

disable-eadi

no cdp run

!

control-plane

!

banner login ^CAuthorized access only!

Disconnect IMMEDIATELY if you are not an authorized user!^C

!

line con 0

login local

transport output telnet

line aux 0

login local

control-plane

!

banner login ^CAuthorized access only!

Disconnect IMMEDIATELY if you are not an authorized user!^C

!

line con 0

login local

transport output telnet

line aux 0

login local

transport output telnet

line vty 0 4

privilege level 15

login local

transport input telnet

line vty 5 15

privilege level 15

login local

transport input telnet

!

scheduler allocate 4000 1000

and

controller T1 0/0/0

framing esf

linecode b8zs

channel-group 0 timeslots 1-24

!

interface FastEthernet0/0

description $ETH-SW-LAUNCH$$INTF-INFO-FE 0$$ES_LAN$$FW_INSIDE$$ETH-LAN$

ip address 192.168.100.252 255.255.255.0

ip access-group any out

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

duplex auto

speed auto

no mop enabled

!

interface FastEthernet0/1

description $ETH-LAN$

ip address 192.168.51.1 255.255.255.0

ip access-group any out

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

duplex auto

speed auto

no mop enabled

!

interface Serial0/0/0:0

ip address 192.168.254.2 255.255.255.0

no cdp enable

!

router rip

version 2

network 192.168.51.0

network 192.168.100.0

network 192.168.254.0

no auto-summary

!

ip classless

ip route 192.168.51.0 255.255.255.0 FastEthernet0/1 permanent

ip route 192.168.100.0 255.255.255.0 FastEthernet0/0 permanent

!

ip http server

ip http authentication local

ip http timeout-policy idle 60 life 86400 requests 10000

!

logging trap debugging

access-list 1 remark SDM_ACL Category=2

access-list 1 permit 192.168.0.0 0.0.0.255

access-list 2 remark SDM_ACL Category=2

access-list 2 permit 192.168.0.0 0.0.0.255

access-list 100 remark SDM_ACL Category=1

access-list 100 permit ip any any

access-list 101 remark SDM_ACL Category=2

access-list 101 permit ip any any

disable-eadi

no cdp run

!

control-plane

!

banner login ^CAuthorized access only!

Disconnect IMMEDIATELY if you are not an authorized user!^C

control-plane

!

banner login ^CAuthorized access only!

Disconnect IMMEDIATELY if you are not an authorized user!^C

!

line con 0

login local

transport output telnet

line aux 0

login local

transport output telnet

line vty 0 4

Edison Ortiz · ‎06-18-2007

1) I recommend removing those static routes you have on both routers. RIP should take care of the networks you want to advertise.

2) Remove those ip access-group under the interfaces. You don't have any corresponding ACL.

mohammedmahmoud · ‎06-18-2007

Hi,

You should have a route for the ".100" and the ".51" on the local router to the remote ip of the p-to-p "192.168.254.2", and vice versa on the remote router (2 ip routes for ".0" and ".50" back to the wan ip of the local router "192.168.254.1") and not the opposite.

P.S RIP should do it !! you won't be needing static routes.

HTH,

Mohammed Mahmoud.

Richard Burts · ‎06-18-2007

Matt

I have checked the configs that you posted and they mostly look good to me. I do note that all of the FastEthernet interfaces apply an access list called any to outbound traffic but that access list does not show up in the configs that you posted. It seems unlikely that it is the cause but it would be helpful to know what is in that access list.

From the configs it looks to me like all the networks/subnets should be in the routing table and things should work. Perhaps you can be a bit more specific about what is not working. Can end stations in 192.168.0.0 network access stations in 192.168.51.0? I would make a guess at this point that it may be an issue with configuration of default gateway on the end stations. One way to check this would be to do an expended ping from your router. In the extended ping specify the destination of the ping as 192.168.51.1 and specify the source of the extended ping as FastEthernet0/1. This will check to be sure that routing between the new networks/subnets is working ok on the router.

HTH

Rick

HTH

Rick

oj88 · ‎06-18-2007

My take on this:

1. Remove the static routes to the Fa0/0 and Fa0/1 interfaces. They're unnecessary IMHO.

2. Check if the hosts on the other network that you're trying to ping has its firewall turned on and if it's blocking ICMP.

3. Post the output of sh ip route from both routers.

mattbashara · ‎06-19-2007

I removed the static routes (thanks for that)

Here are the sh ip results

69.0.0.0/30 is subnetted, 1 subnets

R 69.146.238.216 [120/1] via 192.168.100.1, 00:00:28, FastEthernet0/0

R 192.168.30.0/24 [120/2] via 192.168.254.1, 00:00:10, Serial0/0/0:0

R 192.168.200.0/24 [120/2] via 192.168.254.1, 00:00:10, Serial0/0/0:0

R 199.2.253.0/24 [120/2] via 192.168.254.1, 00:00:10, Serial0/0/0:0

R 10.0.0.0/8 [120/2] via 192.168.254.1, 00:00:10, Serial0/0/0:0

C 192.168.51.0/24 is directly connected, FastEthernet0/1

R 192.168.0.0/24 [120/1] via 192.168.254.1, 00:00:10, Serial0/0/0:0

C 192.168.254.0/24 is directly connected, Serial0/0/0:0

R 192.168.50.0/24 [120/1] via 192.168.254.1, 00:00:10, Serial0/0/0:0

R 192.168.1.0/24 [120/2] via 192.168.254.1, 00:00:10, Serial0/0/0:0

C 192.168.100.0/24 is directly connected, FastEthernet0/0

Other router

Gateway of last resort is not set

69.0.0.0/30 is subnetted, 1 subnets

R 69.146.238.216 [120/2] via 192.168.254.2, 00:00:10, Serial0/0/0:0

R 192.168.30.0/24 [120/1] via 192.168.0.1, 00:00:02, FastEthernet0/0

R 192.168.200.0/24 [120/1] via 192.168.0.1, 00:00:02, FastEthernet0/0

R 199.2.253.0/24 [120/1] via 192.168.0.1, 00:00:02, FastEthernet0/0

R 10.0.0.0/8 [120/1] via 192.168.0.1, 00:00:02, FastEthernet0/0

R 192.168.51.0/24 [120/1] via 192.168.254.2, 00:00:10, Serial0/0/0:0

C 192.168.0.0/24 is directly connected, FastEthernet0/0

C 192.168.254.0/24 is directly connected, Serial0/0/0:0

C 192.168.50.0/24 is directly connected, FastEthernet0/1

R 192.168.1.0/24 [120/1] via 192.168.0.1, 00:00:02, FastEthernet0/0

R 192.168.100.0/24 [120/1] via 192.168.254.2, 00:00:10, Serial0/0/0:0

I have verified the ip address I am trying to get to is pingable. (192.168.50.2)

thanks for all lthe help