Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
586
Views
0
Helpful
4
Replies

Unable to Connect between Two Subnets

jpreed001
Level 1
Level 1

‎02-26-2015 10:01 AM - edited ‎03-07-2019 10:52 PM

Here's the problem I'm having.   Below is the network layout that I'm currently testing.  My main network is 10.1.0.0/23 and I am currently testing/learning setting up a second subnet and connecting them via a 1921 router.  I currently have full network and internet access from PC 1.  However, my problem is that I can not access any network resources or ping any of the devices on the 10.1.0.0/23 network from PC 2.  With the following exception:  I can ping the modem, 10.1.0.1 from PC 2, and can access the Internet without any problem. When I perform a tracert from PC 2, it goes to the 172.16.32.10 interface and times out after that. I'm not sure if the problem is on the 1921 or if the problem is on the Frontier modem.  I'm also posting the show run config from the 1921 and a screen shot of the router options on the modem.  In addition, I can ping and access PC 2 from PC 1 without any problems.

 


BFiSCSI#show run
Building configuration...

Current configuration : 3138 bytes
!
! Last configuration change at 16:47:35 UTC Thu Feb 26 2015
! NVRAM config last updated at 16:35:59 UTC Thu Feb 26 2015
! NVRAM config last updated at 16:35:59 UTC Thu Feb 26 2015
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname BFiSCSI
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $1$LPsc$iKjV4L31UxvYsEcxPUPXB0
enable password P@ssw0rd
!
no aaa new-model
!
!
no ipv6 cef
ip source-route
ip cef
!
!
!
!
!
!
multilink bundle-name authenticated
!
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-1383365023
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1383365023
 revocation-check none
 rsakeypair TP-self-signed-1383365023
!
!
crypto pki certificate chain TP-self-signed-1383365023
 certificate self-signed 01
  3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 31333833 33363530 3233301E 170D3135 30323235 31373432
  31385A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 33383333
  36353032 3330819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  81009AD8 CD5B6707 F294A708 FAD5584B D3F2C72F 7A6CDE26 1032A604 96B8DEFC
  D1E216DA B146C380 26DAC7EA E1BE6E4E 6AFJE374 ADA53242 184264B7 2948A02C
  FCCC2DF1 15C89790 79282DAE 91F82954 D2A5ADF1 432C6B8C D737F962 EA12D201
  52D4EF8A ED1706CD DD08B19A D8FE5FD5 C6B3F327 7FA74272 27B708CF DDC7890A
  21470203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
  551D2304 18301680 147A70A0 777CB4A0 09812B87 DBA8E3C2 0CD87939 C1301D06
  03551D0E 04160414 7A70A077 7CB4A009 812B87DB A8E3C20C D87939C1 300D0609
  2A864886 F70D0101 05050003 81810006 60AA2A0F C00F874B A4F6C304 ED00383D
  5BFFD3BF 7E945E96 965442CC 339A8832 C1F2076E C69D1AD8 A2202773 70CE6EFD
  7DE769A4 3612D66F 29D918ED E9D91882 E43ED17A 622D23E0 5B785F45 097FB903
  4D033779 9E2A83A0 4A40E09D 835A3028 A44741E4 80E1549B 7E575D8D 7E0E176D
  B8F1812D AA456FCC 3C190C64 2CE98C
        quit
license udi pid CISCO1921/K9 sn FTX162280GD
!
!
username bch privilege 15 secret 4 MfmFDT53EEKNlpjBu8ZnTD9CpYI4q7/oTmyp83sbf2c
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
 no ip address
 shutdown
!
interface GigabitEthernet0/0
 ip address 10.1.1.88 255.255.254.0
 duplex auto
 speed auto
 no mop enabled
!
interface GigabitEthernet0/1
 description $ETH-LAN$
 ip address 172.16.32.10 255.255.255.0
 duplex auto
 speed auto
!
ip forward-protocol nd
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip route 0.0.0.0 0.0.0.0 10.1.0.1
!
!
!
!
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line 2
 no activation-character
 no exec
 transport preferred none
 transport input all
 transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line vty 0 4
 password P@ssw0rd
 login
 transport input all
!
scheduler allocate 20000 1000
end

Labels:
Preview file
18 KB
Preview file
31 KB
0 Helpful
4 Replies 4

Jon Marshall
Hall of Fame
Hall of Fame

‎02-26-2015 10:12 AM

It may be that the modem does not want to route traffic back out of the same interface it came in on ie. to get to PC1 from PC2 the router will send the packet direct but PC1 sends the return packet to the modem because that is it's default gateway.

The modem then has to route the traffic back out of the same interface to PC2.

I can't help wondering if you have a 4500 switch why you are using the router at all and why the default gateway of your existing network is the modem.

The 4500 is a L3 switch, it could do the routing between vlans and then only traffic that needs to go to the internet is sent to the modem.

A lot of modems don't allow you to add routes or do NAT for non directly connected networks but yours obviously does as you have a route for PC2 and it is obviously doing NAT as well as you have internet access.

Jon

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame

‎02-26-2015 10:22 AM

If you want to use the router then you could try using NAT on the router to change the inside IP of PC2 to be the outside interface IP.

Then the return traffic would be sent direct back to the router because the source IP is in the same subnet.

That would mean for internet access PC2's IP is translated both on the router and the modem but it should work.

Jon

0 Helpful

jpreed001
Level 1
Level 1
In response to Jon Marshall

‎02-26-2015 10:39 AM

Hi Jon,

Thanks for the response.  I'll try NAT again.  I had some problems with that earlier, but I've since reset the router back to default and made some other changes that might have been causing the problem.

The reason for the 1921 router is that I'm testing an implementation that will be used at another location, and I'm trying to work out all the bugs to begin with.  Fortunately I won't have to worry about the modem at the other location, as it will be a Cisco ASA, and should be simpler.  I just want to make sure that I don't have any problems in the 1921 config currently.  I haven't done a lot with Cisco devices in the past, but I'm starting to do more as time goes on.  Thus, the reason the 4503 isn't used to it's full potential as yet.

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to jpreed001

‎02-26-2015 10:54 AM

No problem.

Just be aware that the ASA can do what you want (assuming v7.2 or later) but it also will need extra configuration to allow it to route traffic back out of the same interface it came in on.

If you still have problems after you have modified the configuration just post back here.

Jon

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card