Solved: Site B cannot ping dhcp server

Navindar Singh · ‎10-14-2015

Hello Team,

I have two routers on remote sites and router A can ping router B and vice versa. Router A can also ping router B's LAN interface and the users on the lan interface but router B cannot ping router A's lan users and only its LAN interface can ping the users on router A's lan interface. The DHCP server 10.1.1.11 needs to be pinged from Router B so that dhcp can be released to users. I have attached the configs with all the tests to make it a bit easier to explain. Can someone please advise what i am missing.

Regards

Navin.

Masoud Pourshabanian · ‎10-15-2015

Your DHCP server receives the packet from router B and then sends them to Fortigate and probably Fortigate sends the packets to the Internet.

There are two ways to fix this

1: add a static route in Your DHCP server. This way your DHCP server sends back the packets to routerA and routeA sends to routerB

Open command prompt in your DHCP server and type

route add 192.168.1.0 mask 255.255.255.252 10.1.1.100 metric 1

2: Add that route o your Fortigate. You do not need to change any policy because 10.1.1.100 and 10.1.1.15 are in the same rage.

Hope it helps,

Masoud

View solution in original post

Zach S · ‎10-14-2015

Navin,

Start by taking out the non-default static routes, then enter the following network statements on RouterA

From the eigrp prompt

network 192.168.11.0 0.0.0.255

network 10.1.2.0 0.0.0.255

no network 192.168.0.0 <---- EIGRP will interpret this is as 192.168.0.0/24, which is not a network you are using

On RouterB add the following statements to eigrp

network 192.168.15.0 0.0.0.255

network 10.1.1.0 0.0.0.255

no network 192.168.0.0

Navindar Singh · ‎10-14-2015

Thank you Zach, i tried that but still the same issue. Anything else i can change?

Zach S · ‎10-14-2015

Navin,

Whoops, I forgot to mention add

network 192.168.1.0 0.0.0.3 to both routers under EIGRP as well.

After you put in the new EIGRP statements, do both routers now have routes listed for each others' networks?

Post the results of "show ip route" from both.

Navindar Singh · ‎10-15-2015

Thank you Zach i made the changes and attached is the results you requested for. It still doesnt work.

Zach S · ‎10-15-2015

So, now RouterB knows where 10.1.1.0/24 is, and if it has a request it will send it to RouterA. Likewise RouterA knows about RouterB's networks, so it should return the traffic correctly..

Like the others mentioned above, do you have the correct gateway specified on your DHCP server?

Navindar Singh · ‎10-15-2015

Yes, the gateway on the DHCP server is the ip of the Fortigate firewall (10.1.1.15) . Internet comes through that and there is no policy on it currently. Attached are the IP settings on the DHCP server.

Masoud Pourshabanian · ‎10-15-2015

Your DHCP server receives the packet from router B and then sends them to Fortigate and probably Fortigate sends the packets to the Internet.

There are two ways to fix this

1: add a static route in Your DHCP server. This way your DHCP server sends back the packets to routerA and routeA sends to routerB

Open command prompt in your DHCP server and type

route add 192.168.1.0 mask 255.255.255.252 10.1.1.100 metric 1

2: Add that route o your Fortigate. You do not need to change any policy because 10.1.1.100 and 10.1.1.15 are in the same rage.

Hope it helps,

Masoud

Navindar Singh · ‎10-15-2015

Thanks a lot Masoud, i tried the first option and it worked fine. Thanks a lot for the assistance, much appreciated.

Masoud Pourshabanian · ‎10-15-2015

You are most welcome.

Just add option -p to make it permanent.

route add -p [the rest similar to previous command ]

if you receive error when adding that option, first delete that route and then add it again

route delete [the rest]

Masoud

Navindar Singh · ‎10-15-2015

Thanks Masoud, yes i did the -p option already. Have a great day

acampbell · ‎10-14-2015

Hi Navin,

You will need to find out what ip address is being used by the server on 10.1.1.11 as its default gateway.

If it is NOT router "A" on 10.1.1.100 (Rtr A interface fast0/0) then the router/device that is the default gateway will need an ip route added like network 10.1.2.0/24 next hop 10.1.1.100

Hope this helps

Regards

Alex

Regards, Alex. Please rate useful posts.

Masoud Pourshabanian · ‎10-14-2015

Your DHCP Server is the problem. For some reasons it does not return packets with the source of 192.168.1.1 which is your routerb serial interface. Please check your DHCP server default gateway and its firewall.

Masoud

David_Che · ‎10-14-2015

The root cause for this issue is that you did not advertise ROUTER B's Serial0/0/0 interface '192.168.1.0' into EIGRP, so the LAN A user did not have route to '192.168.1.0' and ping echo reply failed.

Site B cannot ping dhcp server

Configuring IP Helper-Address to issue IP address from DHCP Server

DHCP issue

Multi-Site e ISN (Inter Site Network)

事象：FPR4100/9300-ASA: PLR 適用後、site-to-site VPN 接続ができなくなる

IPSec Site to Site with VTI