cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
675
Views
5
Helpful
7
Replies

Traceroute coming back with !N !N !N

chueymtz
Level 1
Level 1

I am trying to hit network with a 172.21.29.x (external network). I can't ping, when I run a traceroute i get the following

9300#traceroute 172.21.x.x
Type escape sequence to abort.
Tracing the route to 172.21.x.x
VRF info: (vrf in name/id, vrf out name/id)
1 10.76.x.151 2 msec 2 msec 2 msec
2 orl-edge-03.inet.qwest.net (65.144.xxx.xx) !N !N !N

65.144.xxx.xx is the centurylink where our internet comes into the building. I've tried adding 172.21.x.x as the next hop and added to access list but it still doesn't work. Any help would be greatly appreciated.

access-list 50 permit 185.158.x.x
access-list 50 permit 172.21.x.x
access-list 50 permit 154.12.x.x
access-list 50 permit 176.10.x.x
access-list 50 permit 185.158.x.x

7 Replies 7

rais
Level 7
Level 7

Apparently RFC1918 address (172.21.x.x) is going out the Internet. ISPs drop all RFC1918. That's why traceroute is reporting !N  (Network is not reachable).

Paw_Paw
Level 1
Level 1

Do you have a VPN Tunnel or other connection to this Remote Subnet? Maybe in a different VRF? As rais already said: This Private Range IP is not routed in the internet. You can never reach this Subnet over the internet except you have a VPN.

Your request make no sense. Maybe you can make a visio draw from your network.

I don't believe there is, so here's what we are doing, we are trying to use cisco voip phones on our network, we have a cisco 9300 that allows traffic between our network and theirs. According to them we should be able to get to there ip's 172.21.x.x, even though I told them I can't see them. They push it back to us because of that N! result for the ping. I don't have a network drawing  

Paw_Paw
Level 1
Level 1

Maybe a network drawing helps you too I do not complete understand your setup (and I guess you have the same problem), but this packet should never go to your ISP.

every ISP router not accept ping/treceroute to protect router form DDoS. 

mlund
Level 7
Level 7

You said this is the connection to internet, that normally implies that you have either a default-route or a full bgp table. It can't be a default-route, because then the router shouldn't return the !N output. Who is responsible for orl-edge-03.inet.qwest.net. Is it you? If so, can you share the output of "show ip route". and "show ip route 172.21.x.x" As noted, this is an rfc1918 address, so you don't need to mask it. 


S* 0.0.0.0/0 [1/0] via 65.144.247.85
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.1.10.0/24 is directly connected, GigabitEthernet0/2
L 10.1.10.227/32 is directly connected, GigabitEthernet0/2
65.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 65.144.247.84/30 is directly connected, GigabitEthernet0/1
L 65.144.247.86/32 is directly connected, GigabitEthernet0/1
74.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 74.5.231.232/29 is directly connected, Vlan1
L 74.5.231.233/32 is directly connected, Vlan1

Review Cisco Networking for a $25 gift card