03-22-2010 01:35 PM - edited 03-06-2019 10:15 AM
Hello,
We are in the process of joining a new remote branch to our institution by connecting them to our networks (six branches with Star Schema). We have installed a Point to Point T1 from Main branch where I’m located to (Site A) to the remote branch (Site B). My goal is to backup the T1 by utilizing the VPN through the fast Internet connections that we have at both locations. I have started to configure the P2P and have encountered a routing challenge. The routers through Serial Interface 0/0/0 can talk to each other and ping each other’s interfaces. Moreover, the routers at both sites can ping/talk to the entire resources local to them but not to the nodes on the other side. So, any traffic from Router/ Site A to a node on Site B is not getting routed and the same for traffic from Router/Site B to Site A. I have attached both routers configuration to this port, please give a look and let me know what I’m doing wrong/missing. Remember, my ultimate goal is to connect these two branches for back using VPN too, but that comes next (or maybe I should do them both at the same time).
I really appreciate any comments/suggestions,
Best
E
Solved! Go to Solution.
03-25-2010 06:32 AM
Hello Eweber,
you have used static routes on the T1 link you need to propagate the same static routes on all devices that are in each site.
But also of the subnet used on the T1 link itself
if you don't specify a source the ip address of the interface to destination is used
so you need to check if 10.31.1.85 device knows that it has to send the answer back to the right router for ip address 10.31.100.1
this applies to all devices in the two sites (main site and new branch)
I would suggest you to use a dynamic routing protocol in order to have automatic propagation of routes and failure detection.
I see also some strange ping of devices in the same ip subnet not working like
Site B# ping 192.168.45.210 <---------a local node to Site B
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.45.210, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5) <--------???????????????????? Why this local to the router
to be noted you have also implemented zone based firewall
Hope to help
Giuseppe
03-25-2010 11:46 AM
If you can ping something locally but not from remote, you might have a bad mask or gateway configured on the host (10.31.1.85). Do you have any ARP entries for 192.168.45.210? if you do, and the MAC is correct then there might be a host firewall blocking ICMP.
Also, I think ip classless is on by default so it won't show up in the running config.
03-22-2010 10:29 PM
Hello,
We are in the process of joining a new remote branch to our institution by connecting them to our networks (six branches with Star Schema). We have installed a Point to Point T1 from Main branch where I’m located to (Site A) to the remote branch (Site B). My goal is to backup the T1 by utilizing the VPN through the fast Internet connections that we have at both locations. I have started to configure the P2P and have encountered a routing challenge. The routers through Serial Interface 0/0/0 can talk to each other and ping each other’s interfaces. Moreover, the routers at both sites can ping/talk to the entire resources local to them but not to the nodes on the other side. So, any traffic from Router/ Site A to a node on Site B is not getting routed and the same for traffic from Router/Site B to Site A. I have attached both routers configuration to this port, please give a look and let me know what I’m doing wrong/missing. Remember, my ultimate goal is to connect these two branches for back using VPN too, but that comes next (or maybe I should do them both at the same time).
I really appreciate any comments/suggestions,
Best
E
Hi,
If you ar not able to ping from site B router to local node ,Just clarify few things in your configuration you have mentioned under the interface MH_security zone is there any firewall located between the nodes and router.If yes then check the policy and routing configuration for subnet towards the site A subnets and policy for ICMP in firewall also.
Hope to Help !!
Ganesh.H
03-23-2010 04:07 AM
Thanks for commenting on my case,
I don't have any firewall between Site B and Site B’s router or Site A and Site’s A router; SiteA is connected to Site B through a P2P T1. I have planned to connect the sites using VPN for DR mode.
Since posing my case, I have discovered that I can't enable activate "ip classless" command; when I enter the command doesn't give me any kind of error, but it will not list it under the running configuration? Maybe that is a clue!!!
Thanks
E.
03-25-2010 06:18 AM
This issue is still dragging on the top of my to do list. Anyone any comments???
03-25-2010 06:32 AM
Hello Eweber,
you have used static routes on the T1 link you need to propagate the same static routes on all devices that are in each site.
But also of the subnet used on the T1 link itself
if you don't specify a source the ip address of the interface to destination is used
so you need to check if 10.31.1.85 device knows that it has to send the answer back to the right router for ip address 10.31.100.1
this applies to all devices in the two sites (main site and new branch)
I would suggest you to use a dynamic routing protocol in order to have automatic propagation of routes and failure detection.
I see also some strange ping of devices in the same ip subnet not working like
Site B# ping 192.168.45.210 <---------a local node to Site B
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.45.210, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5) <--------???????????????????? Why this local to the router
to be noted you have also implemented zone based firewall
Hope to help
Giuseppe
03-25-2010 11:45 PM
Thanks for commenting on my case,
I don't have any firewall between Site B and Site B’s router or Site A and Site’s A router; SiteA is connected to Site B through a P2P T1. I have planned to connect the sites using VPN for DR mode.
Since posing my case, I have discovered that I can't enable activate "ip classless" command; when I enter the command doesn't give me any kind of error, but it will not list it under the running configuration? Maybe that is a clue!!!
Thanks
E.
Hi,
IP classless command by defination says when a router might receive packets destined for a subnet of a network that has no network default route. By default, if the router receives a packet destined for a subnet it does not recognize, the router discards the packet.To have the Cisco IOS software forward packets destined for unrecognized subnets to the best supernet route possible, Ip classless is used.
But my question is you should able to ping at least the local lan subnet from router.
Hope to Help !!
Ganesh.H
03-25-2010 11:46 AM
If you can ping something locally but not from remote, you might have a bad mask or gateway configured on the host (10.31.1.85). Do you have any ARP entries for 192.168.45.210? if you do, and the MAC is correct then there might be a host firewall blocking ICMP.
Also, I think ip classless is on by default so it won't show up in the running config.
03-29-2010 02:56 PM
Thanks to to all of you for very constructive directions and explanations,
Based on your comments I went back and configured a client on both sites to use the new routers as their default gateway. Everything started working, I was able to ping client A from Site A to client B at Site B and vs. versa. Therefore, I concluded that there must be something not right with the core routers at the branches. I had added a static router to core routers to router all the traffic for SiteA and SiteB subnets to the new routers but there was an Access-List that I missed to update and as a result no traffic from client at the SiteA was getting routed to SiteBa nd vs. versa.
Thank you so very much for all of your help,
Best
E.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide