01-31-2023 04:53 AM
I am trying to hit network with a 172.21.29.x (external network). I can't ping, when I run a traceroute i get the following
9300#traceroute 172.21.x.x
Type escape sequence to abort.
Tracing the route to 172.21.x.x
VRF info: (vrf in name/id, vrf out name/id)
1 10.76.x.151 2 msec 2 msec 2 msec
2 orl-edge-03.inet.qwest.net (65.144.xxx.xx) !N !N !N
65.144.xxx.xx is the centurylink where our internet comes into the building. I've tried adding 172.21.x.x as the next hop and added to access list but it still doesn't work. Any help would be greatly appreciated.
access-list 50 permit 185.158.x.x
access-list 50 permit 172.21.x.x
access-list 50 permit 154.12.x.x
access-list 50 permit 176.10.x.x
access-list 50 permit 185.158.x.x
01-31-2023 05:04 AM
Apparently RFC1918 address (172.21.x.x) is going out the Internet. ISPs drop all RFC1918. That's why traceroute is reporting !N (Network is not reachable).
01-31-2023 05:18 AM
Do you have a VPN Tunnel or other connection to this Remote Subnet? Maybe in a different VRF? As rais already said: This Private Range IP is not routed in the internet. You can never reach this Subnet over the internet except you have a VPN.
Your request make no sense. Maybe you can make a visio draw from your network.
01-31-2023 05:53 AM
I don't believe there is, so here's what we are doing, we are trying to use cisco voip phones on our network, we have a cisco 9300 that allows traffic between our network and theirs. According to them we should be able to get to there ip's 172.21.x.x, even though I told them I can't see them. They push it back to us because of that N! result for the ping. I don't have a network drawing
01-31-2023 06:07 AM
Maybe a network drawing helps you too
01-31-2023 06:56 AM
every ISP router not accept ping/treceroute to protect router form DDoS.
02-01-2023 12:48 AM
You said this is the connection to internet, that normally implies that you have either a default-route or a full bgp table. It can't be a default-route, because then the router shouldn't return the !N output. Who is responsible for orl-edge-03.inet.qwest.net. Is it you? If so, can you share the output of "show ip route". and "show ip route 172.21.x.x" As noted, this is an rfc1918 address, so you don't need to mask it.
02-22-2023 11:59 AM
S* 0.0.0.0/0 [1/0] via 65.144.247.85
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.1.10.0/24 is directly connected, GigabitEthernet0/2
L 10.1.10.227/32 is directly connected, GigabitEthernet0/2
65.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 65.144.247.84/30 is directly connected, GigabitEthernet0/1
L 65.144.247.86/32 is directly connected, GigabitEthernet0/1
74.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 74.5.231.232/29 is directly connected, Vlan1
L 74.5.231.233/32 is directly connected, Vlan1
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide