- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-14-2015 03:53 PM - edited 03-08-2019 02:13 AM
Hello Team,
I have two routers on remote sites and router A can ping router B and vice versa. Router A can also ping router B's LAN interface and the users on the lan interface but router B cannot ping router A's lan users and only its LAN interface can ping the users on router A's lan interface. The DHCP server 10.1.1.11 needs to be pinged from Router B so that dhcp can be released to users. I have attached the configs with all the tests to make it a bit easier to explain. Can someone please advise what i am missing.
Regards
Navin.
Solved! Go to Solution.
- Labels:
-
Other Switching
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-15-2015 04:24 PM
Your DHCP server receives the packet from router B and then sends them to Fortigate and probably Fortigate sends the packets to the Internet.
There are two ways to fix this
1: add a static route in Your DHCP server. This way your DHCP server sends back the packets to routerA and routeA sends to routerB
Open command prompt in your DHCP server and type
route add 192.168.1.0 mask 255.255.255.252 10.1.1.100 metric 1
2: Add that route o your Fortigate. You do not need to change any policy because 10.1.1.100 and 10.1.1.15 are in the same rage.
Hope it helps,
Masoud

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-14-2015 04:26 PM
Navin,
Start by taking out the non-default static routes, then enter the following network statements on RouterA
From the eigrp prompt
network 192.168.11.0 0.0.0.255
network 10.1.2.0 0.0.0.255
no network 192.168.0.0 <---- EIGRP will interpret this is as 192.168.0.0/24, which is not a network you are using
On RouterB add the following statements to eigrp
network 192.168.15.0 0.0.0.255
network 10.1.1.0 0.0.0.255
no network 192.168.0.0
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-14-2015 07:05 PM
Thank you Zach, i tried that but still the same issue. Anything else i can change?

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-14-2015 08:22 PM
Navin,
Whoops, I forgot to mention add
network 192.168.1.0 0.0.0.3 to both routers under EIGRP as well.
After you put in the new EIGRP statements, do both routers now have routes listed for each others' networks?
Post the results of "show ip route" from both.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-15-2015 01:24 PM
Thank you Zach i made the changes and attached is the results you requested for. It still doesnt work.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-15-2015 01:44 PM
So, now RouterB knows where 10.1.1.0/24 is, and if it has a request it will send it to RouterA. Likewise RouterA knows about RouterB's networks, so it should return the traffic correctly..
Like the others mentioned above, do you have the correct gateway specified on your DHCP server?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-15-2015 03:55 PM
Yes, the gateway on the DHCP server is the ip of the Fortigate firewall (10.1.1.15) . Internet comes through that and there is no policy on it currently. Attached are the IP settings on the DHCP server.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-15-2015 04:24 PM
Your DHCP server receives the packet from router B and then sends them to Fortigate and probably Fortigate sends the packets to the Internet.
There are two ways to fix this
1: add a static route in Your DHCP server. This way your DHCP server sends back the packets to routerA and routeA sends to routerB
Open command prompt in your DHCP server and type
route add 192.168.1.0 mask 255.255.255.252 10.1.1.100 metric 1
2: Add that route o your Fortigate. You do not need to change any policy because 10.1.1.100 and 10.1.1.15 are in the same rage.
Hope it helps,
Masoud
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-15-2015 05:46 PM
Thanks a lot Masoud, i tried the first option and it worked fine. Thanks a lot for the assistance, much appreciated.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-15-2015 05:58 PM
You are most welcome.
Just add option -p to make it permanent.
route add -p [the rest similar to previous command ]
if you receive error when adding that option, first delete that route and then add it again
route delete [the rest]
Masoud
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-15-2015 07:35 PM
Thanks Masoud, yes i did the -p option already. Have a great day
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-14-2015 04:45 PM
Hi Navin,
You will need to find out what ip address is being used by the server on 10.1.1.11 as its default gateway.
If it is NOT router "A" on 10.1.1.100 (Rtr A interface fast0/0) then the router/device that is the default gateway will need an ip route added like network 10.1.2.0/24 next hop 10.1.1.100
Hope this helps
Regards
Alex

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-14-2015 09:34 PM
Your DHCP Server is the problem. For some reasons it does not return packets with the source of 192.168.1.1 which is your routerb serial interface. Please check your DHCP server default gateway and its firewall.
Masoud
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-14-2015 09:47 PM
The root cause for this issue is that you did not advertise ROUTER B's Serial0/0/0 interface '192.168.1.0' into EIGRP, so the LAN A user did not have route to '192.168.1.0' and ping echo reply failed.
