11-28-2006 06:26 AM - edited 03-03-2019 02:50 PM
I have been battling with this for days now. I have posted this question before but still no answer. I have a router at a customer site. This router is used to connect to my office network and back into the customer's network. Connection to my office network and Internet is fine. Connection to customer site does not work. The customer is able to connect to my router but to devices connected to my router. I inturn am not able to see anything on the customer side. I have re-created the scenario hoping to find a fix. Still nothing.nada.zip..... please help me with this.Its a 877 ADSL router. This is an extract from the config, hope it helps. I really need to fix this.
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname brad-home-cr1
!
boot-start-marker
boot-end-marker
!
logging buffered 4096 debugging
logging console errors
enable password <removed>
!
aaa new-model
!
!
resource policy
!
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 172.18.44.1 172.18.44.128
!
ip dhcp pool brad-home
import all
network 172.18.44.0 255.255.255.0
domain-name home.brad.co.za
dns-server 172.18.18.65 172.18.16.65
default-router 172.18.44.1
netbios-name-server 172.18.18.65 172.18.16.65
!
!
ip domain name home.brad.co.za
ip name-server ISP PRI DNS
ip name-server ISP SEC DNS
!
!
!
username <removed> password <removed>
!
!
!
bridge irb
!
!
!
interface FastEthernet0
!
interface FastEthernet1
switchport access vlan 2
!
interface FastEthernet2
switchport access vlan 2
!
interface FastEthernet3
switchport access vlan 2
!
interface Dot11Radio0
no ip address
shutdown
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Vlan1
description connected to other-inside
ip address 172.20.96.3 255.255.252.0
ip nat outside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
interface Vlan2
no ip address
bridge-group 1
!
interface Dialer0
no ip address
!
interface BVI1
description home-brad-network
ip address 172.18.44.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
ip route 172.20.96.0 255.255.252.0 172.20.96.1
ip route 172.20.96.0 255.255.252.0 VLAN 1
!
!
ip http server
ip http authentication local
no ip http secure-server
ip nat inside source route-map SDM_RMAP_6 interface Vlan1 overload
!
!
ip radius source-interface BVI1
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
!
line con 0
no modem enable
line aux 0
line vty 0 4
transport input telnet
!
scheduler max-task-time 5000
!
webvpn context Default_context
ssl authenticate verify all
!
no inservice
!
end
11-28-2006 06:27 AM
I have even added route statements to this. Still did not work. There is no access list applied to any of the interfaces or anywhere on the router. What next?
11-28-2006 02:56 PM
You need to supply more info: what address block does the customer use ?? because there is no route back to the customer network as far as i can see from your config (static routing will need a route back if not running any dynamic routing). You have two equal metric routes for the 172.20.96.0 255.255.252.0 network, why is that there ? where is your default route to the internet ? unless the ISP routing is performed on 172.20.96.1.
In summary you will need to run a ISP provided VPN GRE/IPSEC tunnel over the internet (if customer site is remotly away) to the customer router inorder to estabilish IP connectivity then add static routes over that tunnel for ip routing. Please provide more info regarding the customer network and how the physical connectivity is estabilished.
Regards,
Steve Knockswell
11-28-2006 10:07 PM
We are on the customer site. No routing to customer site should take place through the internet.
We connect to the customer's switch on Fe0 on this router. Fe0 has been added to Vlan1. I have heard of ppl mentioning that I should have a route back. The funny thing is that from the customer network I can ping the ADSL router but not anything on my network.
I don't think VPN connection is needed to cust network. The default route to ISP is not needed as we connect via ethernet cable to customer, hence the routing statement.
11-29-2006 02:56 PM
I see, well you are NAT'ing inbound from this router out to customer network 172.20.96.0 255.255.252.0. where is the route-map SDM_RMAP_6 ?? you need to specify that route map inorder to reach the customer network. You might want to try static one to one NAT statements to check connectivity.
Steve
11-30-2006 01:51 AM
Steve, I have taken what you said into consideration. Added the SDM_RMAP_6 but this still did not work.
Take a look at this config. The router has been split into 2 vlans. VLAN 1 is to the customer and VLAN2 to our onsite engineer. I can ping the IP on VLAN1 but can?t ping the notebook that I have connected to Fe0. What is wrong with this config? I?ve added a route map and access-list. The minute I apply access list 107 to VLAN1, I can?t ping the ptp on VLAN1. What?s missing?
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname
!
boot-start-marker
boot-end-marker
!
logging buffered 4096 debugging
logging console errors
enable password
!
aaa new-model
!
!
!
aaa session-id common
!
resource policy
!
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 172.18.44.1 172.18.44.128
!
ip dhcp pool pool-test
import all
network 172.18.44.0 255.255.255.0
domain-name domain.com
dns-server 172.18.18.65 172.18.16.65
default-router 172.18.44.1
netbios-name-server 172.18.18.65 172.18.16.65
!
!
ip domain name home.domain.com
ip name-server 196.25.255.34 (ISP NAME SERVER 1)
ip name-server 196.25.255.3 (ISP NAME SERVER 2)
!
!
!
username
!
!
!
bridge irb
!
!
!
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
dsl operating-mode auto
!
interface FastEthernet0
!
interface FastEthernet1
switchport access vlan 2
!
interface FastEthernet2
switchport access vlan 2
!
interface FastEthernet3
switchport access vlan 2
!
interface Dot11Radio0
no ip address
shutdown
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Vlan1
description connected to CUST NETWORK
ip address 172.20.96.3 255.255.252.0
ip nat outside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
interface Vlan2
no ip address
bridge-group 1
!
interface Dialer0
no ip address
!
interface BVI1
description CONNECT TO MY NETWORK
ip address 172.18.44.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
ip route 172.20.96.0 255.255.252.0 Vlan1
ip route 172.20.96.0 255.255.252.0 172.20.96.1
!
!
ip http server
ip http authentication local
no ip http secure-server
ip nat inside source route-map SDM_RMAP_6 interface Vlan1 overload
!
ip radius source-interface BVI1
access-list 107 remark IPSec Rule
access-list 107 permit ip 172.18.44.0 0.0.0.255 any
!
!
!
route-map SDM_RMAP_6 permit 1
match ip address 107
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
!
line con 0
no modem enable
line aux 0
line vty 0 4
transport input telnet
!
scheduler max-task-time 5000
!
webvpn context Default_context
ssl authenticate verify all
!
no inservice
!
end
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide