OSPF unable to Ping Router on Different Subnet

jwood1650 · ‎03-26-2014

Below is my Home Network layout. I am having trouble pinging the 50.2.30.0 subnet. I created OSPF routes and I am able to ping from HomeLAN router to BackUpHomeLAN router. My problem is that I can not ping from my laptop connected on the 192.168.1.0 subnet to the 50.2.30.0 subnet. Attached below is my current config for both routers.

HomeLAN

HomeLAN-Rotuer#show run

Building configuration...

Current configuration : 1761 bytes

!

! Last configuration change at 07:27:14 UTC Wed Mar 26 2014

!

version 15.1

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname HomeLAN-Rotuer

!

boot-start-marker

warm-reboot

boot-end-marker

!

no aaa new-model

!

dot11 syslog

ip source-route

!

ip vrf A

!

ip cef

ip domain name jjkkcc.org

ip name-server 68.105.28.16

ip name-server 68.105.29.16

ip name-server 8.8.8.8

ip name-server 8.8.4.4

ip name-server 192.168.1.252

ip name-server 192.168.1.242

no ipv6 cef

!

multilink bundle-name authenticated

!

voice-card 0

!

crypto pki token default removal timeout 0

!

license udi pid CISCO2801 sn FTX1019Y2S4

username woodjl1650 privilege 15 password 0 henry999 secret

!

redundancy

!

interface FastEthernet0/0

ip address 10.2.10.2 255.255.255.248

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

!

interface FastEthernet0/1

ip address 192.168.1.5 255.255.255.0

ip nat inside

ip virtual-reassembly in

duplex auto

speed auto

!

interface Serial0/1/0

ip address 10.0.10.1 255.255.255.224

!

interface Serial0/2/0

ip address 10.0.10.3 255.255.255.224

!

router ospf 1

network 10.2.10.0 0.0.0.7 area 1

network 50.2.30.0 0.0.0.31 area 1

network 192.168.1.0 0.0.0.255 area 1

!

ip forward-protocol nd

no ip http server

no ip http secure-server

!

ip nat inside source list NAT interface FastEthernet0/0 overload

ip route 0.0.0.0 0.0.0.0 10.2.10.1

!

ip access-list standard NAT

permit 192.168.1.0 0.0.0.255

permit 10.2.10.0 0.0.0.7

permit 50.2.30.0 0.0.0.31

!

logging esm config

!

control-plane

!

gatekeeper

shutdown

!

line con 0

line aux 0

line vty 0 4

login local

transport input ssh

!

scheduler allocate 20000 1000

end

BackUpHomeLAN

BackUpHomeLAN#show run

Building configuration...

Current configuration : 1695 bytes

!

! Last configuration change at 06:35:05 UTC Wed Mar 26 2014

!

version 15.1

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname BackUpHomeLAN

!

boot-start-marker

warm-reboot

boot-end-marker

!

no aaa new-model

!

dot11 syslog

ip source-route

!

ip vrf A

!

ip cef

ip domain name jjkkcc.com

ip name-server 68.105.28.16

ip name-server 68.105.29.16

ip name-server 8.8.8.8

ip name-server 8.8.4.4

no ipv6 cef

!

multilink bundle-name authenticated

!

voice-card 0

!

crypto pki token default removal timeout 0

!

license udi pid CISCO2801 sn FTX1028W1PY

username woodjl1650 privilege 15 password 0 henry999 secret

!

redundancy

!

interface Loopback100

ip vrf forwarding A

no ip address

!

interface FastEthernet0/0

ip address 10.2.10.3 255.255.255.248

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

!

interface FastEthernet0/1

ip address 50.2.30.1 255.255.255.224

ip nat inside

ip virtual-reassembly in

duplex auto

speed auto

!

interface Serial0/1/0

ip address 10.0.10.2 10.2.10.1

!

router ospf 1

network 10.2.10.0 0.0.0.7 area 1

network 50.2.30.0 0.0.0.31 area 1

network 192.168.1.0 0.0.0.255 area 1

!

router ospf 3

!

ip forward-protocol nd

no ip http server

no ip http secure-server

!

ip nat inside source list NAT interface FastEthernet0/0 overload

ip route 0.0.0.0 0.0.0.0 24.234.191.225

!

ip access-list standard NAT

permit 192.168.1.0 0.0.0.255

permit 10.2.10.0 0.0.0.7

permit 50.2.30.0 0.0.0.31

!

logging esm config

!

control-plane

!

gatekeeper

shutdown

!

line con 0

line aux 0

line vty 0 4

login local

transport input ssh

!

scheduler allocate 20000 1000

end

Jon Marshall · ‎03-26-2014

Your configs need tidying up first before troubleshooting eg.

on your HomeLAN router -

router ospf 1

network 10.2.10.0 0.0.0.7 area 1

network 50.2.30.0 0.0.0.31 area 1

network 192.168.1.0 0.0.0.255 area 1

you don't need the line in bold because that is not a connected network on the HomeLAN router. You only add networks for connected interfaces.

ip access-list standard NAT

permit 192.168.1.0 0.0.0.255

permit 10.2.10.0 0.0.0.7

permit 50.2.30.0 0.0.0.31

again you don't need the line in bold as this is on the other router. You probably also don't need the 10.2.10.0 0.0.0.7 entry either.

Same sort of thing applies to BackUpHomeLan router.

Also you are doing NAT for everything which is probably confusing things.

Is there a reason you are doing NAT on both routers ?

It might be an idea to simplify the configurations and get basic connectivity working before then adding further features.

Jon

jwood1650 · ‎03-26-2014

No reason for NAT, thought it was needed since my routers are behing my pfSense box. I'll try taking those statements out and seeing if it works. I should still have internet access if I remove the NAT statements correct? The pfSense is "splitting" up my WAN to the two routers, so NAT doesn't need to be on the routers, is that correct?

jwood1650 · ‎03-26-2014

I removed the NAT statements, I was able to ping the routers from my laptop (192.168.1.0 subnet), but I loose internet connection... I was unable to ping the 10.2.10.0 subent, which is my subnet used to distrubte my internet connection.

Any ideas?

Jon Marshall · ‎03-26-2014

The only IPs that are routable on the internet are the 50.2.30.x addresses ?

Are these owned by you ie. have they been allocated to you or did you just pick them to use in your network ?

You have lost internet access from where ?

What can you ping and not ping ?

Jon

jwood1650 · ‎03-26-2014

Ok, I loose internet connection when I remove the NAT statement from my HomeLAN router. When I remove it from both routers, I loose internet connection, however, I can ping all devices, just not the pfSense box @ 10.2.10.1, thus no internet. 10.2.10.1 is my gateway to the internet, see photo above for network layout. What am I doing wrong, this is driving me crazy... LOL

Thanks for the help thus far, hopefully we can figure this out soon...

Jon Marshall · ‎03-26-2014

Lose internet connectivity from which devices ?

Do you own the 50.2.30.x addresses ?

If you don't own them then what does NAT for the internet ?

Jon

jwood1650 · ‎03-26-2014

Yes, the 50.2.30.0 is mine. If I remove NAT from the HomeLAN router, I loose internet, I don't and haven't yet gotten internet connectivity on the BackUpHomeLAN router. My pfSense box is running NAT for the outside, it has a direct connection to my modem. Could the issue be the pfSense box?

Jon Marshall · ‎03-26-2014

What is your pfSense box setup to configure NAT for ie. which addresses does it NAT ?

Jon