cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
692
Views
0
Helpful
4
Replies

Weird routing/traceroute problem

OliverDarvall
Level 1
Level 1

Guys,

Routing.jpg

When I do a traceroute from PC2 to PC1 it does not resolve successfully and follows the following steps:

     PC2

     2851/2

     2851/1

     * * *

     * * *

     * * *

When I do a traceroute from 2851/2 to PC1 it does resolve successfully and follows the following steps:

     2851/2

     2851/1

     PC1 Public IP

     PC1 Loopback IP

When I do a traceroute from 2851/1 to PC1 it does resolve successfully and follows the following steps:

     2851/1

     PC1 Public IP

     PC1 Loopback IP

When I do a traceroute from PC3 to PC1 it does resolve successfully and follows the following steps:

     2851/1

     PC1 Public IP

     PC1 Loopback IP

2851/2 has the following static routes:

     ip route 0.0.0.0 0.0.0.0 gateway1_ip 100 permanent

     ip route 40.0.0.0 255.0.0.0 192.168.1.81 30

     ip route 50.0.0.0 255.0.0.0 192.168.1.81 30

     ip route 192.168.11.0 255.255.255.0 192.168.1.81 30

     ip route 192.168.21.0 255.255.255.0 192.168.1.81 30

     ip route 192.168.31.0 255.255.255.0 192.168.1.81 30

     ip route 192.168.51.0 255.255.255.0 192.168.1.81 30

2851/1 has the following static routes:

     ip route 0.0.0.0 0.0.0.0 gateway2_ip 100 permanent

     ip route 40.0.0.0 255.0.0.0 192.168.1.80 30

     ip route 50.0.0.0 255.0.0.0 192.168.1.80 30

     ip route 192.168.11.0 255.255.255.0 192.168.1.80 30

     ip route 192.168.21.0 255.255.255.0 192.168.1.80 30

     ip route 192.168.31.0 255.255.255.0 192.168.1.80 30

     ip route 192.168.51.0 255.255.255.0 192.168.1.80 30

I am stumped ! Why would PC2 to PC1 not resolve ?

4 Replies 4

cadet alain
VIP Alumni
VIP Alumni

Hi,

when  2851/2 receives a packet destined to PC1 it sends to 2851/1 according to this routing entry:

ip route 40.0.0.0 255.0.0.0 192.168.1.81 30

when 2851/1 receives the packet it sends back to 2851/2 according to this route entry:

ip route 40.0.0.0 255.0.0.0 192.168.1.80 30

So you are experiencing a routing loop.

If you are using EZVPN you should use the Reverse Route injection feature to install the route to PC1 and not use this static route pointing back to the other router.

Can you show us the output of sh ip route on 2851/1 ?

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

Alain, that is not quite correct. The "directly connected" routes will be used/tried first before the static routes come into play. So the PC's that are connected through the Easy Vpn connections will be routed to first, if none can be found then only does it get routed to the static routes. This is a simple form of fail over and is working quite well for us.

Hi,

Correct, I had not read the post as I should have, sorry.

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

OliverDarvall
Level 1
Level 1

I solved my problem, phew !

Someone made a change to the crypto acl on the main router and changed the mask from 0.0.255.255 to 0.0.0.255. I am not entirely sure why it only affected a select few of my clients, but at least everything is working now again.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: