Need Help with routing on point to point T1 Cisco 1720

Unanswered Question
May 21st, 2007
User Badges:

Hi,


We have a T1 line between Shenzhen and San Jose connected to Cisco 1720 router with following configuration:


Building configuration...


Current configuration : 1072 bytes

!

version 12.2

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname host

!

enable secret 5 <removed>

enable password <removed>

!

memory-size iomem 25

ip subnet-zero

no ip domain-lookup

!

!

!

!

interface FastEthernet0

ip address 10.15.15.2 255.255.255.0

speed auto

full-duplex

!

interface Serial0

bandwidth 1544

ip address 10.16.16.1 255.255.255.0

!

ip classless

ip route 0.0.0.0 0.0.0.0 10.16.16.2

ip route 172.16.21.0 255.255.255.0 10.15.15.1

ip route 172.16.22.0 255.255.255.0 10.15.15.1

ip route 172.16.23.0 255.255.255.0 10.15.15.1

ip route 172.16.24.0 255.255.255.0 10.15.15.1

ip route 172.16.0.0 255.255.255.0 10.15.15.1

ip route 192.168.71.0 255.255.255.0 10.16.16.2

ip route 192.168.72.0 255.255.255.0 10.16.16.2

ip route 192.168.73.0 255.255.255.0 10.16.16.2

ip route 192.168.74.0 255.255.255.0 10.16.16.2

ip route 192.168.75.0 255.255.255.0 10.16.16.2

ip http server

!

snmp-server community <removed> RO

!

line con 0

line aux 0

line vty 0 4

password <removed>

login

!

no scheduler allocate

end


Our firewall has IP 10.15.15.1 255.255.255.0 and LAN traffic is routed through the firewall to Shenzhen subnet 192.168.X.X and vice versa and works fine. I can ping all subnets in Shenzhen.


Now I have installed another machine with IP 10.15.15.3 255.255.255.0 with this machine I can ping FastEthernet0 IP 10.15.15.2 and I can also ping Serial0 IP 10.16.16.1 but I cannot ping any subnets in Shenzhen.


What am I doing wrong? Any suggestion will be helpful. Thanks in advance.


-Manish


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
spremkumar Mon, 05/21/2007 - 19:24
User Badges:
  • Red, 2250 points or more

Hi Manish


Can you check whether you have a reverse route in your shenzen router for 10.15.15.0/24 block so that you can get the reply back when you ping from your pc.


Normally when you ping from your router the source ip taken may be ur wan interface ip and you have configured the same subnet (10.16.16.0/24) on both the ends.


I would suggest to change the subnet on the wan interface to a /30 instead of wasting or using /24 block out there.


regds


manish.shah.neo Tue, 05/22/2007 - 06:18
User Badges:

Thank you spremkumar, checked reverse route in Shenzhen router for 10.15.15.0/24 block and it is configured and I changed the subnet on the wan interface to a /30. Still no go :(.


Any help will be appreciated.


Wilson Samuel Tue, 05/22/2007 - 08:24
User Badges:
  • Gold, 750 points or more
  • Community Spotlight Award,

    Mobile User, July 2015

Hi MAnish,


Could you please paste the tracert command output from your source Network, that may help further.


Kind REgards,

Wilson Samuel

manish.shah.neo Tue, 05/22/2007 - 09:36
User Badges:

From Workstation


SanJose-> trace 192.168.73.1

Type escape sequence to escape


Send ICMP echos to 192.168.73.1, timeout is 2 seconds, maximum hops are 32

1 3ms 1ms 1ms 10.15.15.2

2 162ms 161ms 161ms 10.16.16.2 <-- Shezhen

3 * * *

4 * * *

5 * * *

6 * * *

7 * * *

8 * * *

9 * * *

10 * * *

11 * * *

12 * * *

13 * * *

14 * * *

15 * * *

16 * * *

17 * * *

18 * * *

19 * * *

20 * * *

21 * * *

22 * * *

23 * * *

24 * * *

25 * * *

26 * * *

27 * * *

28 * * *

29 * * *

30 * * *

31 * * *

32 * * *



From Router in San Jose


1720#trace 192.168.73.1


Type escape sequence to abort.

Tracing the route to 192.168.73.1


1 10.16.16.2 184 msec 188 msec 184 msec

2 192.168.73.1 188 msec * 184 msec

spremkumar Tue, 05/22/2007 - 19:07
User Badges:
  • Red, 2250 points or more

Hi


I feel in your firewall at Shezhen you haven't allowed the access for the LAN segment from San Jose which might be blocking the trace/icmp requests originating from san jose.


What kinda firewall device you are using out over there in the Shezhen ?


regds


saugatobanerjee Tue, 05/22/2007 - 21:03
User Badges:

Hi Manish,


I understand that the there is reverse route for the subnets in the szenchen router.I would request you to pls perform 2 tests and send it across to us.


1. Create a loopback ip in the Sanjose router- ip address 10.15.15.3/32(windows syetm ip)


Now trace to the destination with this source.


2. Create a loopback of this same IP in schenzen router and ping to the 192.168.73.1, with that source.


Pls note you will be able to run trace from sanjose router any how as the source IP that the packet from Sanjose router will take in this case is the serial IP.


Pls also paste the config of the scenzen router.


Regards,

smothuku Tue, 05/22/2007 - 20:27
User Badges:
  • Silver, 250 points or more


Hi Manish ,


How is the new installed router is connected to Shenzhen and San Jose .


Thanks,

Satish

Actions

This Discussion