03-04-2014 12:40 AM - edited 03-04-2019 10:29 PM
Guys,
When I do a traceroute from PC2 to PC1 it does not resolve successfully and follows the following steps:
PC2
2851/2
2851/1
* * *
* * *
* * *
When I do a traceroute from 2851/2 to PC1 it does resolve successfully and follows the following steps:
2851/2
2851/1
PC1 Public IP
PC1 Loopback IP
When I do a traceroute from 2851/1 to PC1 it does resolve successfully and follows the following steps:
2851/1
PC1 Public IP
PC1 Loopback IP
When I do a traceroute from PC3 to PC1 it does resolve successfully and follows the following steps:
2851/1
PC1 Public IP
PC1 Loopback IP
2851/2 has the following static routes:
ip route 0.0.0.0 0.0.0.0 gateway1_ip 100 permanent
ip route 40.0.0.0 255.0.0.0 192.168.1.81 30
ip route 50.0.0.0 255.0.0.0 192.168.1.81 30
ip route 192.168.11.0 255.255.255.0 192.168.1.81 30
ip route 192.168.21.0 255.255.255.0 192.168.1.81 30
ip route 192.168.31.0 255.255.255.0 192.168.1.81 30
ip route 192.168.51.0 255.255.255.0 192.168.1.81 30
2851/1 has the following static routes:
ip route 0.0.0.0 0.0.0.0 gateway2_ip 100 permanent
ip route 40.0.0.0 255.0.0.0 192.168.1.80 30
ip route 50.0.0.0 255.0.0.0 192.168.1.80 30
ip route 192.168.11.0 255.255.255.0 192.168.1.80 30
ip route 192.168.21.0 255.255.255.0 192.168.1.80 30
ip route 192.168.31.0 255.255.255.0 192.168.1.80 30
ip route 192.168.51.0 255.255.255.0 192.168.1.80 30
I am stumped ! Why would PC2 to PC1 not resolve ?
03-04-2014 02:28 AM
Hi,
when 2851/2 receives a packet destined to PC1 it sends to 2851/1 according to this routing entry:
ip route 40.0.0.0 255.0.0.0 192.168.1.81 30
when 2851/1 receives the packet it sends back to 2851/2 according to this route entry:
ip route 40.0.0.0 255.0.0.0 192.168.1.80 30
So you are experiencing a routing loop.
If you are using EZVPN you should use the Reverse Route injection feature to install the route to PC1 and not use this static route pointing back to the other router.
Can you show us the output of sh ip route on 2851/1 ?
Regards
Alain
Don't forget to rate helpful posts.
03-05-2014 01:17 AM
Alain, that is not quite correct. The "directly connected" routes will be used/tried first before the static routes come into play. So the PC's that are connected through the Easy Vpn connections will be routed to first, if none can be found then only does it get routed to the static routes. This is a simple form of fail over and is working quite well for us.
03-05-2014 02:02 AM
Hi,
Correct, I had not read the post as I should have, sorry.
Regards
Alain
Don't forget to rate helpful posts.
03-06-2014 10:59 PM
I solved my problem, phew !
Someone made a change to the crypto acl on the main router and changed the mask from 0.0.255.255 to 0.0.0.255. I am not entirely sure why it only affected a select few of my clients, but at least everything is working now again.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide