03-23-2007 11:31 AM - edited 03-05-2019 03:04 PM
Cisco 2620
LAN <-> ASA <-> 2620 <-> Internet
All internal clients are able to connect to the Internet (including icmp) but one. From the failed client I tried pinging to an outside source; the ASA shows traffic leaving the network but the ping fails. So, I ran a traceroute from the client and the route dies at the external interface of the 2620. The 2620 is basically wide open. Any ideas on why or how I can view traffic from the client when it touches the 2620?
Thanks!
03-23-2007 12:04 PM
Rob,
One easy way to see this traffic is using ip account on the 2620, you can apply the ip account on inside interface of 2620 and see the traffic flow. To apply "ip account":
1 - conf t
2 - int f0/0 (ex.)
3 - ip accounting output-packets
4 - end
To see the traffic use "sh ip account". You can use others way to see this traffic, like debugs, SPAN and so on.
Best Regards,
Rodrigo
03-23-2007 01:02 PM
Rodrigo,
Thanks for the tip. I'll give it a whirl.
03-23-2007 12:10 PM
Rob
Could you send the routing tables of the 2620 and the ASA and the source IP address of the client that is failing.
Jon
03-23-2007 01:01 PM
***** 2620 *****
Gateway of last resort is 64.1.3.121 to network 0.0.0.0
64.0.0.0/8 is variably subnetted, 3 subnets, 3 masks
C 64.1.16.64/27 is directly connected, Ethernet0/0
C 64.1.3.120/30 is directly connected, Serial0/0
S 64.1.16.0/24 [1/0] via 192.168.1.1
C 192.168.1.0/24 is directly connected, Ethernet0/0
S* 0.0.0.0/0 [1/0] via 64.1.3.121
***** ASA *****
S 0.0.0.0 0.0.0.0 [1/0] via 64.1.16.65, outside
C 64.1.16.64 255.255.255.224 is directly connected, outside
C 127.0.0.0 255.255.0.0 is directly connected, cplane
C 172.16.1.0 255.255.255.0 is directly connected, dmz
C 192.168.1.0 255.255.255.0 is directly connected, inside
C 192.168.11.0 255.255.255.0 is directly connected, mitel
C 192.168.12.0 255.255.255.0 is directly connected, inter-tel
C 192.168.13.0 255.255.255.0 is directly connected, toshiba
C 192.168.14.0 255.255.255.0 is directly connected, shoretel
***** Client *****
192.168.1.19/24
Gateway 192.168.1.0
03-23-2007 01:07 PM
Rob,
The client gateway is wrong.. 192.168.1.0 is the network address to net 192.168.1.0/24, fix this address and try again.
Best Regards.
03-23-2007 01:10 PM
Ooops, typo, shoulda been 192.168.1.1.
03-23-2007 04:25 PM
Rob
I'm a little confused.
Your ASA device shows the 192.168.1.x network being on the inside interface.
Your 2620 is saying that the 192.168.1.x network is directly connected on ethernet0.
Might be just having a bad moment but could you explain as your diagram in your original post seems to suggest this is not possible.
Are the other clients that work also out of the 192.168.1.x network ?
Jon
03-26-2007 12:19 PM
Jon,
Maybe this will help clarify? "ip route" - which was asked for in an earilier post does not clearly display the interface configuration.
Yes the clients that work reside in the same subnet - 192.168.1.0/24.
2620
e0 64.1.16.65 - outside
s0 64.1.3.121
gw 64.1.3.122
ASA
e0 64.1.16.66 - outside
e1 192.168.1.1 - inside
gw 64.1.16.65
clients
192.168.1.0/24
gw 192.168.1.1
03-23-2007 01:50 PM
Wrong post - sorry.
Johan
03-23-2007 08:01 PM
Hi
to view packets from your clients touching the 2620 you could run the ffg on the 2620;
r1#term mon
r1#debug ip packet
****** sample output *******
Mar 24 02:54:20.649: IP: s=198.133.219.25 (Dialer0), d=192.168.2.2 (Vlan100), g=192.168.1.1, len 40, forward
Mar 24 02:54:20.677: IP: tableid=0, s=198.133.219.25 (Dialer0), d=192.168.2.2 (Vlan100), routed via RIB
Mar 24 02:54:20.677: IP: s=198.133.219.25 (Dialer0), d=192.168.2.2 (Vlan100), g=192.168.1.1, len 260, forward
Mar 24 02:54:20.677: IP: tableid=0, s=198.133.219.25 (Dialer0), d=192.168.2.2 (Vlan100), routed via RIB
Mar 24 02:54:20.677: IP: s=198.133.219.25 (Dialer0), d=192.168.2.2 (Vlan100), g=192.168.1.1, len 40, forward
Mar 24 02:54:20.693: IP: s=86.133.111.30 (Vlan100), d=198.133.219.25 (Dialer0), g=198.133.219.25, len 40, forward
Mar 24 02:54:20.693: IP: s=86.133.111.30 (Vlan100), d=198.133.219.25 (Dialer0), g=198.133.219.25, len 40, forward
Mar 24 02:54:20.873: IP: tableid=0, s=198.133.219.25 (Dialer0), d=192.168.2.2 (Vlan100), routed via RIB
Mar 24 02:54:20.873: IP: s=198.133.219.25 (Dialer0), d=192.168.2.2 (Vlan100), g=192.168.1.1, len 40, forward
Mar 24 02:54:21.389: IP: tableid=0, s=192.168.1.4 (local), d=192.168.2.2 (Vlan100), routed via RIB
Mar 24 02:54:21.513: IP: s=192.168.1.3 (Vlan100), d=224.0.0.5, len 84, rcvd 0
*********************************************
to switch off you could "u al", you could also create an access-list to match only traffic your interested, e.g "debug ip packet 100"
Thanks
03-26-2007 12:22 PM
I've never tried using ffg but I'll give it a whirl, thanks for the tip!
03-27-2007 07:44 AM
Can someone please clarify defining an access-list?
Is it as simple as:
r1#access-list 100 permit ip any host 192.168.1.19
Then:
r1
or am I oversimplifying?
07-16-2007 08:49 AM
Good afternoon :
I am in a similar situation as far analyzing the traffic hitting my 2621 as well its response to it.
What does the "routed via RIB" means at the end of the log transaction. Is there any difference between the "forward" and the " routed via RIB".
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide