Solved: Network data flow not going out

ilse.v.rooyen · ‎01-13-2013

Hi, I am relly new to Cisco and having a hard time with my Cisco 2800 series.

I have two sites connected with each other SiteA and SiteB (Using the same Cisco 2800). Now site A can connect to site B on the cisco and the internal network, but site B can only see the cisco and not the internal network of site A. So all the traffic is coming in to site B but can't break out of site B.

I have tried everything I can think of but again my knowledge of Cisco is not good at all.

If anyone can help me on this it will be much appreciated.

Ilse,

Abzal · ‎01-13-2013

Yes, cisco routers configuration looks ok :). Even without much experience.
You can simply check it by pinging from any host on SiteB to any IP address of SiteA router. If the ping succeeds then your current configuration is ok.

Sent from Cisco Technical Support iPhone App

Best regards,
Abzal

View solution in original post

Peter Paluch · ‎01-13-2013

Hello,

There are lots of reasons why site B can not reach site A so any suggestions at this point would be shooting in the dark. Can you post a sanitized version of your running-config, plus the output of the show ip route and a traceroute from site B to site A showing that the packets get lost past a certain point? This will help us narrow down the list of possible causes.

Thank you!

Best regards,

Peter

ilse.v.rooyen · ‎01-13-2013

Ok here we go hope i have everything you need.

SITE B traceroute

Tracing route to 192.168.80.2 over a maximum of 30 hops

1 <1 ms <1 ms <1 ms 192.168.81.1

2 1 ms <1 ms <1 ms 10.10.81.2

3 32 ms 32 ms 32 ms 10.11.81.1

4 33 ms 33 ms 33 ms 10.10.80.1

5 * * ^C

SITE B show ip route

SITEB#show ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

S 192.168.80.0/24 [1/0] via 10.11.81.1

10.0.0.0/30 is subnetted,

S 10.10.80.0 [1/0] via 10.11.81.1

S 10.0.80.0 [1/0] via 10.11.81.1

S 10.11.80.0 [1/0] via 10.11.81.1

C 10.10.81.0 is directly connected, FastEthernet0/0

S 10.0.81.0 [1/0] via 10.10.81.1

C 10.11.81.0 is directly connected, Serial0/1/0

S 192.168.81.0/24 [1/0] via 10.10.81.1

SITE B Running config

Current configuration : 1466 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname SITEB

!

boot-start-marker

boot-end-marker

!

logging buffered 4096

enable secret 5 $1$vAcJ$9r5nU4DFJ5A5xuj1aNnBu/

!

no aaa new-model

ip cef

!

multilink bundle-name authenticated

!

archive

log config

hidekeys

!

interface FastEthernet0/0

ip address 10.10.80.2 255.255.255.252

duplex auto

speed auto

!

interface FastEthernet0/1

description $ES_LAN$

no ip address

shutdown

duplex auto

speed auto

!

interface Serial0/1/0

ip address 10.11.81.1 255.255.255.252

!

interface Serial0/1/1

no ip address

shutdown

clock rate 2000000

!

ip forward-protocol nd

ip route 10.0.80.0 255.255.255.252 10.10.80.1

ip route 10.0.81.0 255.255.255.252 10.11.81.2

ip route 10.10.81.0 255.255.255.0 10.11.81.2

ip route 192.168.80.0 255.255.255.0 10.10.80.1

ip route 192.168.81.0 255.255.255.0 10.11.19.1

!

ip http server

no ip http secure-server

!

control-plane

!

Abzal · ‎01-13-2013

Hi,

If I understood you correctly you network might look like this:

192.168.81.0/24 192.168.80.0/24

Router <----------> SiteB <--------> SiteA <--------> Router

Because SiteA router does not have correct return route information about 192.168.81.0/24 so your traceroute to subnets on SiteA fails.

Try to change this static route on SiteA:

no ip route 192.168.81.0 255.255.255.0 10.11.19.1

I think it should be like this on SiteA:

ip route 192.168.81.0 255.255.255.0 10.11.81.2

What device does have IP 10.11.19.1?

Also if my simple diagram is correct, check static routes on router behind SiteA. Because it might has a static routes too. It should be pointing to SiteA IPs 10.10.80.2.

Hope it will help.

Best regards,
Abzal

Best regards,
Abzal

ilse.v.rooyen · ‎01-13-2013

Hi, sorry that is a typo on my side. The 192.168.81.0 255.255.255.0 10.11.81.2 IP is the correct one that i do have in the route's on siteA

ip forward-protocol nd

ip route 10.0.80.0 255.255.255.252 10.10.80.1

ip route 10.0.81.0 255.255.255.252 10.11.81.2

ip route 10.10.81.0 255.255.255.0 10.11.81.2

ip route 192.168.80.0 255.255.255.0 10.10.80.1

ip route 192.168.81.0 255.255.255.0 10.11.81.2

Abzal · ‎01-13-2013

Ok I see. Then you need to check static routes on router(L3 switch) behind SiteA router. Can you show configuration on that router?
Is there any firewall or ACL configured on that router?

Sent from Cisco Technical Support iPhone App

Best regards,
Abzal

ilse.v.rooyen · ‎01-13-2013

Behind the Cisco on site A I have a Fortigate that handels the traffic befor it goes to the internal network....

SiteA Internal network(192.168.80/24)

|

| 192.168.80.1

Fortigate

| 10.10.80.1

|

|10.10.80.2

Site A Cisco

|10.11.81.1

|

|10.11.81.2

SiteB Cisco

|10.10.81.2

Abzal · ‎01-13-2013

Now it's better to understand. So as I said you need to check configuration on Fortigate. It is a firewall as I understood. It might be blocking traffic from SiteB subnets or static routes back to SiteB subnets configured incorrectly. I don't know much about Fortigate so I can't help you with it. But the reason of your problem definitely on Fortigate.

Sent from Cisco Technical Support iPhone App

Best regards,
Abzal

ilse.v.rooyen · ‎01-13-2013

Thank you very much, so you are sure that all the configs on both sides are correct as it should be?

(Sorry i'm just making sure because i have no experiance on cisco so I can't see if im correct on the configs)

Will have a look on the Fortigate.

Thank you again for your troubles.

Abzal · ‎01-13-2013

Yes, cisco routers configuration looks ok :). Even without much experience.
You can simply check it by pinging from any host on SiteB to any IP address of SiteA router. If the ping succeeds then your current configuration is ok.

Sent from Cisco Technical Support iPhone App

Best regards,
Abzal

ilse.v.rooyen · ‎01-13-2013

Hi just an update it was the Fortigate, some how it did not translate the 10.10.81.0/255.255.255.252 and 10.11.81.0/255.255.255.252 IP's into the network so it did not recognize the internal IP of site B.

Thank you so much im over the moon!!

Abzal · ‎01-13-2013

Hi,

You're welcome! I'm glad that it helped you!

Hope it will help.

Best regards,
Abzal

Best regards,
Abzal