11-04-2014 03:22 AM - edited 03-10-2019 12:28 PM
First let me apologize for posting probably such a simple question but i'm new to configuring routers so please be nice :) I have installed a 2nd router on our network (my first router config) from this router I can get out to the rest of the network and Internet no problem however I am not able to access any computer connected to the new router. There are 2 networks configured on the new router 10.20.4.0/10.20.5.0. I can ping the router and connect to it over my network, I can ping 10.20.4.1 and 5.1 but the laptop I connect which, has IP address 10.20.4.2, I am unable to ping.
Solved! Go to Solution.
 
					
				
		
11-05-2014 04:56 AM
There are no rip learned routes in the routing table. Did you ever have rip routes, or did you just configure it and it not work? If you do a "show ip rip database" on both routers, do you get anything back?
If not, you could always put your static routes on routerA. This is the exact reason why you lost internet access when you removed nat. The only network RouterA knows about is 10.20.0.0/22 which your 10.20.3.0 falls into. When you nat, all of your traffic is going out of routerB as the 10.20.3.253 wan address. Before you can remove nat though, you'll need to get the routing fixed on RouterA.
Try 10.20.4.0 <netmask> with a next hop of 10.20.3.253. Remove nat again and try again...
John
 
					
				
		
11-05-2014 06:51 AM
Glad to hear it! Can you please mark this as resolved?
Thanks!
John
 
					
				
		
11-04-2014 03:28 AM
The most common cause of this is the firewall on the laptop is enabled. Have you made sure that it's disabled? If it is, you can try to source your ping:
ping 10.20.4.2 source 10.20.4.1
HTH,
John
11-04-2014 03:37 AM
Ping using source 10.20.4.1 also fails. I've also noticed that i got my windows mixed up when pinging 10.20.4.1. From the router it pings 10.20.4.1 but not 10.20.4.2 and from my computer connected to a different network i can ping the router but not 10.20.4.1
Firewall on laptop is disabled.
 
					
				
		
11-04-2014 03:42 AM
Can you post your config?
11-04-2014 03:49 AM
11-04-2014 03:59 AM
Ouch! You do realize you just pasted your passwords in clear text? I'd change them immediately. It's always a good idea to sanitize your config before pasting it online, removing any passwords (either clear text or hash), any crypto keys and any real-world IPs at minimum. It's also a good idea to run the
service password encryption
command on your routers.
11-04-2014 04:07 AM
Thanks for pointing that out. I picked out a few passwords that i'd noticed were still in clear text but missed a couple. doh! changed now
 
					
				
		
11-04-2014 04:02 AM
The first thing I see is in your dhcp pool. You're assigning an incorrect gateway to the 10.20.4.0 subnet:
ip dhcp pool Train import all network 10.20.4.0 255.255.255.192 dns-server 10.20.0.20 10.20.0.21 default-router 10.20.3.254 lease 8
This should be 10.20.4.1. This won't stop your pings though.
This dhcp pool should be changed as well:
ip dhcp pool Demo import all network 10.20.5.0 255.255.255.192 dns-server 10.20.0.20 10.20.0.21 domain-name autotech.co.uk default-router 10.20.3.254 lease 8
The default router for it should be 10.20.5.1.
You also don't need these two static routes because the router already sees them as Connected:
ip route 10.20.4.0 255.255.255.192 GigabitEthernet0/1 ip route 10.20.5.0 255.255.255.192 GigabitEthernet0/0/0
I don't see anything that would keep you from pinging. So, let me clarify. You can ping the router from a laptop in the 10.20.4.x range, but you cannot ping the laptop from the router? The only thing that I see that could affect it is your acl on the interface, but that acl allows everything. You could try removing that to see if it helps. Is there anything between this router and the workstation that you're trying to ping?
HTH,
John
11-04-2014 04:25 AM
Hi and thanks for the tips. I've corrected those things.
Ah! the Kaspersky firewall was blocking the ping's from the router even though i'd set the exclusions to allow it. So i am now able to ping my laptop from the router it's just from my existing network i'm not able to ping the new ranges. But from new network I can ping the old.
 
					
				
		
11-04-2014 04:25 AM
What is your existing network? 10.20.3.x?
11-04-2014 04:29 AM
10.20.2.x is my existing network
 
					
				
		
11-04-2014 04:38 AM
This router doesn't know anything about 10.20.2.x. There aren't any routes or interfaces in that network. Where is that in relation to 10.20.3.x? Can I ask why you're natting on the 10.20.3.x interface?
11-04-2014 06:31 AM
10.20.3.x is the IP range for Comms and Printers. So in that range I have switches, Printers, Wireless AP's and my firewall/default gateway.
Devices in existing network have DHCP range of 10.20.1.1-10.20.2.254
The 10.20.3.x interface is the interface that is connected back to my existing network.
 
					
				
		
11-04-2014 06:54 AM
Okay. Is there anything between your router and the workstation that you cannot ping? Are you 100% certain that there isn't a firewall enabled on your laptop and that it's getting the correct information from dhcp? I see no reason otherwise why you wouldn't be able to ping the laptop, especially when you can ping the router from the laptop unless there was a firewall between you and it.
You could try to enable debug to see where the packet is going. If you have a heavy network, create an acl and tie the debug to that:
access-list 101 permit ip any host <laptop address>
access-list 101 permit ip host <laptop address> any
debug ip packet 101 detail
Try to ping the host to see what the router is reporting.
 
11-04-2014 07:21 AM
I have checked and triple checked the firewall on the laptop and it is definitely disabled., the laptop I cannot ping is currently plugged directly in to INT 0/1 on the Router
I don't think I've explained myself very well so for that i appolgise. What i have at the moment is
1. Laptop A connected to existing network via Router A.
2. From Laptop A I can ping Router B on it's 10.20.3.x address but not it's 10.20.4.x address.
3. I can telnet to router B from Laptop A using the 10.20.3.x address.
4. From that telnet session I can ping Laptop B on it's 10.20.4.x (DHCP) address
5. From Laptop B I can ping Laptop A which has a 10.20.2.x address
So I can get "out" from router B I just can't get "in" Does that makes sense?
 
					
				
				
			
		
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide