cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3731
Views
0
Helpful
7
Replies

Point to Point T1 Routing issue

eweber1234
Level 1
Level 1

Hello,

We are in the process of joining a new remote branch to our institution by connecting them to our networks (six branches with Star Schema). We have installed a Point to Point T1 from Main branch where I’m located to (Site A) to the remote branch (Site B). My goal is to backup the T1 by utilizing the VPN through the fast Internet connections that we have at both locations. I have started to configure the P2P and have encountered a routing challenge. The routers through Serial Interface 0/0/0 can talk to each other and ping each other’s interfaces. Moreover, the routers at both sites can ping/talk to the entire resources local to them but not to the nodes on the other side. So, any traffic from Router/ Site A to a node on Site B is not getting routed and the same for traffic from Router/Site B to Site A. I have attached both routers configuration to this port, please give a look and let me know what I’m doing wrong/missing. Remember, my ultimate goal is to connect these two branches for back using VPN too, but that comes next (or maybe I should do them both at the same time).

I really appreciate any comments/suggestions,

Best

E

2 Accepted Solutions

Accepted Solutions

Hello Eweber,

you have used static routes on the T1 link you need to propagate the same static routes on all devices that are in each site.

But also of the subnet used on the T1 link itself

if you don't specify a source the ip address of the interface to destination is used

so you need to check if 10.31.1.85 device knows that it has to send the answer back to the right router for ip address 10.31.100.1

this applies to all devices in the two sites (main site and new branch)

I would suggest you to use a dynamic routing protocol in order to have automatic propagation of routes and failure detection.

I see also some strange ping of devices in the same ip subnet not working like

Site B#  ping 192.168.45.210  <---------a local node to Site B

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.45.210, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5) <--------???????????????????? Why this local to the router

to be noted you have also implemented zone based firewall


Hope to help

Giuseppe

View solution in original post

droeun141
Level 1
Level 1

If you can ping something locally but not from remote, you might have a bad mask or gateway configured on the host (10.31.1.85).  Do you have any ARP entries for 192.168.45.210? if you do, and the MAC is correct then there might be a host firewall blocking ICMP.

Also, I think ip classless is on by default so it won't show up in the running config.

View solution in original post

7 Replies 7

Ganesh Hariharan
VIP Alumni
VIP Alumni

Hello,

We are in the process of joining a new remote branch to our institution by connecting them to our networks (six branches with Star Schema). We have installed a Point to Point T1 from Main branch where I’m located to (Site A) to the remote branch (Site B). My goal is to backup the T1 by utilizing the VPN through the fast Internet connections that we have at both locations. I have started to configure the P2P and have encountered a routing challenge. The routers through Serial Interface 0/0/0 can talk to each other and ping each other’s interfaces. Moreover, the routers at both sites can ping/talk to the entire resources local to them but not to the nodes on the other side. So, any traffic from Router/ Site A to a node on Site B is not getting routed and the same for traffic from Router/Site B to Site A. I have attached both routers configuration to this port, please give a look and let me know what I’m doing wrong/missing. Remember, my ultimate goal is to connect these two branches for back using VPN too, but that comes next (or maybe I should do them both at the same time).

I really appreciate any comments/suggestions,

Best

E

Hi,

If you ar not able to ping from site B router to local node ,Just clarify few things in your configuration you have mentioned under the interface MH_security zone is there any firewall located between the nodes and router.If yes then check the policy and routing configuration for subnet towards the site A subnets and policy for ICMP in firewall also.

Hope to Help !!

Ganesh.H

Thanks for commenting on my case,

I don't have any firewall between Site B and Site B’s router or Site A and Site’s A router; SiteA is connected to Site B through a P2P T1. I have planned to connect the sites using VPN for DR mode.

Since posing my case, I have discovered that I can't enable activate "ip classless" command; when I enter the command doesn't give me any kind of error, but it will not list it under the running configuration? Maybe that is a clue!!!

Thanks

E.

This issue is still dragging on the top of my to do list. Anyone any comments???

Hello Eweber,

you have used static routes on the T1 link you need to propagate the same static routes on all devices that are in each site.

But also of the subnet used on the T1 link itself

if you don't specify a source the ip address of the interface to destination is used

so you need to check if 10.31.1.85 device knows that it has to send the answer back to the right router for ip address 10.31.100.1

this applies to all devices in the two sites (main site and new branch)

I would suggest you to use a dynamic routing protocol in order to have automatic propagation of routes and failure detection.

I see also some strange ping of devices in the same ip subnet not working like

Site B#  ping 192.168.45.210  <---------a local node to Site B

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.45.210, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5) <--------???????????????????? Why this local to the router

to be noted you have also implemented zone based firewall


Hope to help

Giuseppe

Thanks for commenting on my case,

I don't have any firewall between Site B and Site B’s router or Site A and Site’s A router; SiteA is connected to Site B through a P2P T1. I have planned to connect the sites using VPN for DR mode.

Since posing my case, I have discovered that I can't enable activate "ip classless" command; when I enter the command doesn't give me any kind of error, but it will not list it under the running configuration? Maybe that is a clue!!!

Thanks

E.

Hi,

IP classless command by defination says when a router might receive packets destined for a subnet of a network that has no network default route.  By default, if the router receives a packet destined for a subnet it does not recognize, the router discards the packet.To have the Cisco IOS software forward packets destined for unrecognized subnets to the best supernet route possible, Ip classless is used.

But my question is you should able to ping at least the local lan subnet from router.

Hope to Help !!

Ganesh.H

droeun141
Level 1
Level 1

If you can ping something locally but not from remote, you might have a bad mask or gateway configured on the host (10.31.1.85).  Do you have any ARP entries for 192.168.45.210? if you do, and the MAC is correct then there might be a host firewall blocking ICMP.

Also, I think ip classless is on by default so it won't show up in the running config.

Thanks to to all of you for very constructive directions and explanations,

Based on your comments I went back and configured a client on both sites to use the new routers as their default gateway. Everything started working, I was able to ping client A from Site A to client B at Site B and vs. versa. Therefore, I concluded that there must be something not right with the core routers at the branches. I had added a static router to core routers to router all the traffic for SiteA and SiteB subnets to the new routers but there was an Access-List that I missed to update and as a result no traffic from client at the SiteA was getting routed to SiteBa nd vs. versa.

Thank you so very much for all of your help,

Best

E.