Hello. Thanks in advance for read this.

It must be something very basic but somehow I can't see it. I have a couple routers connected as follows (simplified layout as there are way more routers on the FR cloud):

[Internet] <-- ATM --> [Router_A] <-- Ethernet --> [Router_B] <-- Frame Relay --> [Router_C]

On Router_A I have:

• Vlan100 as 192.168.0.1
• Vlan200 as 192.168.2.1
• Gi0/0 as switchport access vlan100, no IP address
• Gi0/1 as switchport access vlan200, no IP address

On Router_B I have:

• Gi0/0 as 192.168.2.2
• S0/0/0 as 192.168.255.1

On Router_C I have:

• S0/0/0 as 192.168.255.10
• Gi0/0 as 192.168.10.1

The ACLs on router A are very basic:

Int ATM0

ip nat outside

Int Vlan100

ip nat inside

Int Vlan 200

ip nat inside

access-list 100 permit ip 192.168.0.0 0.0.0.255 any

access-list 100 permit ip 192.168.2.0 0.0.0.255 any

access-list 100 permit ip 192.168.255.0 0.0.0.255 any

access-list 100 deny ip any any

ip nat inside source list 100 interface ATM0 overload

There are no ACLs on routers B and C.

All network routes are visible on the routers via multiple OSPF areas. Also, routers B and C use A as NTP server, and yes, clocks can sync!

- Both B and C can ping and traceroute any Internet address.

- Both B and C can talk to a netflow collector machine on Vlan100.

- Router A can SSH to B, but cannot to C.

- Router B can SSH to A.

- Router C cannot SSH to A.

- Both B and C can ping A, but none ca traceroute to A.

I tried to mirror the Vlan100 and Vlan200 traffic on router A using the "ip traffic-export" command. On the Wireshark machine all I could see were the ICMP echo request/reply packets and the traceroute UDP packets being sent, but no responses were being sent from my Vlan100 address on router A back to either B or C.

What am I missing?