01-25-2013 04:03 PM - edited 03-04-2019 06:50 PM
So I have two networks that are connected together via a 2851 router running PAT as well as several static NATs. Their network is a 192.168.x.x addressing scheme and mine is 172.21.x.x addressing scheme. The other day the old router takes a dump and stops working (it was a 2600) so i get someone to run over and drop this 2851 in. Everything works just fine with the exception of 4 machines that communicate with a server exclusively on port 2000. Packet captures show the packets coming in from the 192.168.x.x address reaching the server but the packets the server sends out hit the router and just disappear. I've never seen anything like it. Anyone have any idea what might be going on. Any help would be greatly appreciated!
01-25-2013 09:27 PM
HI
can you paste the config.
01-25-2013 09:28 PM
Hi,
Configuration of 2851 would be very helpful.
Also output:
show ip route
Is default gateway on servers configured correctly?
Is there any ACL that might block ports?
Is there any firewall between routers?
Hope it will help.
Best regards,
Abzal
01-28-2013 06:02 AM
Below is the config. the devices i am having issues with can communicate via ICMP, RDP and everything else except the app they run which uses port 2000. I have confirmed routing and there no firewalls or ACLs. When I do a packet capture I see the packets coming back from the server but they are not forwarded through the router back to the devices.
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname sr01-sah-mrmc
!
boot-start-marker
boot system flash:c2800nm-advipservicesk9-mz.151-4.M5.bin
boot-end-marker
!
!
logging buffered 4096
enable secret 5 XXXXXXX
!
no aaa new-model
!
!
dot11 syslog
ip source-route
!
!
ip cef
!
!
!
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
voice-card 0
!
crypto pki token default removal timeout 0
!
!
!
!
license udi pid CISCO2851 sn FTX1129A2A8
!
redundancy
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0
ip address 192.168.2.11 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex full
speed 10
!
interface GigabitEthernet0/1
ip address 172.21.190.2 255.255.255.192
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface Serial0/1/0
no ip address
shutdown
no fair-queue
!
!
router eigrp 2784
distribute-list 30 in GigabitEthernet0/1
network 172.20.0.0
network 172.21.0.0
no eigrp log-neighbor-changes
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source list 1 interface GigabitEthernet0/1 overload
ip nat inside source static 10.2.0.19 172.21.190.39
ip nat inside source static 10.2.0.11 172.21.190.40
ip nat inside source static 10.2.0.12 172.21.190.41
ip nat inside source static 10.2.0.13 172.21.190.42
ip nat inside source static 10.2.0.14 172.21.190.43
ip nat inside source static 192.168.2.34 172.21.190.44
ip nat inside source static 192.168.2.35 172.21.190.45
ip nat inside source static 192.168.2.36 172.21.190.46
ip nat inside source static 192.168.2.37 172.21.190.47
ip nat inside source static 192.168.2.42 172.21.190.48
ip nat inside source static 192.168.2.8 172.21.190.49 extendable
ip nat inside source static 192.168.4.21 172.21.190.50
ip nat inside source static 192.168.4.22 172.21.190.51
ip nat inside source static 192.168.4.23 172.21.190.52
ip nat inside source static 192.168.4.27 172.21.190.53
ip nat inside source static 192.168.4.30 172.21.190.54
ip nat inside source static 192.168.4.41 172.21.190.55
ip nat inside source static 192.168.4.42 172.21.190.56 extendable
ip nat inside source static 192.168.4.43 172.21.190.57 extendable
ip nat inside source static 192.168.99.11 172.21.190.58
ip nat inside source static 10.2.0.15 172.21.190.59
ip nat inside source static 10.2.0.16 172.21.190.60
ip nat inside source static 10.2.0.17 172.21.190.61
ip nat inside source static 10.2.0.18 172.21.190.62
ip route 0.0.0.0 0.0.0.0 192.168.2.254
!
access-list 1 permit 192.168.14.0 0.0.0.255
access-list 1 permit 192.168.15.0 0.0.0.255
access-list 1 permit 192.168.16.0 0.0.0.255
access-list 1 permit 192.168.17.0 0.0.0.255
access-list 1 permit 192.168.18.0 0.0.0.255
access-list 1 permit 10.0.0.0 0.255.255.255
access-list 1 permit 192.168.2.0 0.0.0.255
access-list 1 permit 192.168.3.0 0.0.0.255
access-list 1 permit 192.168.4.0 0.0.0.255
access-list 1 permit 192.168.5.0 0.0.0.255
access-list 1 permit 192.168.6.0 0.0.0.255
access-list 1 permit 192.168.7.0 0.0.0.255
access-list 1 permit 192.168.8.0 0.0.0.255
access-list 1 permit 192.168.13.0 0.0.0.255
access-list 30 deny 172.16.0.0 0.0.255.255
access-list 30 deny 172.17.0.0 0.0.255.255
access-list 30 deny 172.18.0.0 0.0.255.255
access-list 30 deny 172.19.0.0 0.0.255.255
access-list 30 deny 172.22.0.0 0.0.255.255
access-list 30 deny 172.23.0.0 0.0.255.255
access-list 30 deny 172.24.0.0 0.0.255.255
access-list 30 deny 172.25.0.0 0.0.255.255
access-list 30 deny 172.26.0.0 0.0.255.255
access-list 30 deny 172.27.0.0 0.0.255.255
access-list 30 deny 192.168.1.0 0.0.0.255
access-list 30 permit any
access-list 101 permit tcp any any eq 8888 log
access-list 101 permit udp any any eq 8888 log
access-list 101 permit tcp any any eq www log
access-list 101 permit ip any any
access-list 102 permit tcp any any eq 8888 log
access-list 102 permit udp any any eq 8888 log
access-list 102 permit tcp any any eq www log
access-list 102 permit ip any any
access-list 144 permit ip host 192.168.4.42 host 172.20.24.57
access-list 144 permit ip host 172.20.24.57 host 192.168.4.42
access-list 144 permit ip host 172.21.190.56 host 172.20.24.57
access-list 144 permit ip host 172.20.24.57 host 172.21.190.56
!
!
!
!
snmp-server community antvs5 RO
snmp-server community chevron RW
snmp-server location SAH Comm Room
snmp-server contact Network Services Team
!
!
control-plane
!
!
voice-port 0/0/0
!
voice-port 0/0/1
!
voice-port 0/0/2
!
voice-port 0/0/3
!
!
!
mgcp profile default
!
!
!
!
!
!
line con 0
password 7 XXXXXXX
login
line aux 0
line vty 0 4
password 7 XXXXXXX
login
transport input all
line vty 5 15
password 7 XXXXXXX
login
transport input all
!
scheduler allocate 20000 1000
ntp server 172.28.1.34
end
01-28-2013 08:37 AM
Hi,
Can you show output:
show ip route
What is exactly server's IP address that you have problem with?
Hope it will help.
Best regards,
Abzal
01-28-2013 08:46 AM
Our routing table is massive. several hundred routes. the address of the server is 172.20.24.57. below is a sh ip route for that subnet.
sr01-sah-mrmc#sh ip route 172.20.24.57
Routing entry for 172.20.24.0/22
Known via "eigrp 2784", distance 90, metric 2563584, type internal
Redistributing via eigrp 2784
Last update from 172.21.190.1 on GigabitEthernet0/1, 02:33:53 ago
Routing Descriptor Blocks:
* 172.21.190.1, from 172.21.190.1, 02:33:53 ago, via GigabitEthernet0/1
Route metric is 2563584, traffic share count is 1
Total delay is 100040 microseconds, minimum bandwidth is 1000000 Kbit
Reliability 255/255, minimum MTU 1500 bytes
Loading 34/255, Hops 4
sr01-sah-mrmc#
01-28-2013 09:00 AM
Ok.
So if I understood you correctly there are 4 devices that cannot communicate with server 172.20.24.57?
If yes,
Check on router if it has route for that subnets.
sh ip route 192.168.x.x
Try to ping those machines from the router.
Hope it will help.
Best regards,
Abzal
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide