unable to ping other subnets from router

Answered Question
Dec 11th, 2007

I have a new router which I just configured and installed on SITE B which is connected to an X.21 DTU. The link to site A is up and I'm able to ping to Site A and all the way to Headoffice. I have a EIGRP 5 configured on both site A and site B routers. when I execute a command show ip route 1.1.1.0 on router at site B it's telling the subnet is not in the subnet table. When I do a ip eigrp 5 topology, I can only see site A and not the headoffice routes. I've now since added static routing on site B router. But it's still not helping. What am I missing, pls help

Correct Answer by Edison Ortiz about 9 years 2 months ago

You aren't able to reach 10.254.4.0/24 from the SiteB router ?

SiteB router has it in the routing table therefore is not a routing problem.

I guess you have to trust the head office's network person on having 160.8.86.0/24 in their routing table.

Do they also have a route for 160.8.200.140/30 ? This is the serial IP subnet between SiteA and SiteB. This must also be in the head office routing table so you can telnet from SiteB's router. However, you should be able to telnet from SiteB's router if you source your telnet from SiteB's LAN interface

telnet [head office] /source FastEthernet0/0

SiteB LAN should be able to ping all the way to head office. Have you tried pinging from the servers ?

If this doesn't work, then you need to verify if the head office has any ACLs.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Edison Ortiz Tue, 12/11/2007 - 18:24

Did you check if the routers became EIGRP neighbors (show ip eigrp neighbors) ?

It will also help if you can post the config from SITEA and SITEB.

bericaleb Tue, 12/11/2007 - 19:31

yes I did and they pickup the serial interfaces in which the sites are connected via. I've attached here the configs for both sites.

Attachment: 
Hieu Cao Wed, 12/12/2007 - 11:17

Just a clarification:

From routerB, you are able to ping routerA and packets get through to the HQ, but you're NOT able to see the routes in IEGRP topology table. Is this correct?

When you do a "sh ip route" in routerB, what do you see comparing to RouterA? The same goes for "show ip iegrp topo"? Post hte config please.

can you post a traceroute from RouterB to RouterA and vice versa.

bericaleb Wed, 12/12/2007 - 21:05

Yes I'm able to ping to router A from router B but I can't ping from inside the telnet session session to Headoffice, accept when I'm on the command prompt of my pC.

When I do a 'sho ip route' for the headoffice subnet, it's telling me the subnet is not in the subnet table. even though EIGRP is configured on.

For this reason the servers sitting on the LAN on site B are not able to replicate with our servers in HeadOffice. Pls help

bericaleb Wed, 12/12/2007 - 21:18

I'm able to ping between the two routers and am able to see the routes in the eigrp topology. I'm able to see all the routes in Site B on the Site A router when I do a show IP route.

siteB_1841# show ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is 160.8.85.44 to network 0.0.0.0

160.8.0.0/16 is variably subnetted, 15 subnets, 4 masks

D 160.8.253.85/32 [90/20640000] via 160.8.200.141, 18:56:04, Serial0/0/0

C 160.8.253.86/32 is directly connected, Loopback0

S 160.8.32.0/22 [1/0] via 160.8.200.141

S 160.8.60.0/22 [1/0] via 160.8.200.141

S 160.8.9.0/24 [1/0] via 160.8.200.141

S 160.8.10.0/24 [1/0] via 160.8.200.141

S 160.8.24.0/24 [1/0] via 160.8.200.141

D EX 160.8.25.0/24 [170/21024000] via 160.8.200.141, 18:56:04, Serial0/0/0

S 160.8.27.0/24 [1/0] via 160.8.200.141

S 160.8.28.0/24 [1/0] via 160.8.200.141

S 160.8.30.0/24 [1/0] via 160.8.200.141

D EX 160.8.16.0/24 [170/21024000] via 160.8.200.141, 18:56:04, Serial0/0/0

C 160.8.200.140/30 is directly connected, Serial0/0/0

D 160.8.85.0/24 [90/20514560] via 160.8.200.141, 18:56:06, Serial0/0/0

C 160.8.86.0/24 is directly connected, FastEthernet0/0

10.0.0.0/24 is subnetted, 1 subnets

D EX 10.254.4.0 [170/21024000] via 160.8.200.141, 18:56:06, Serial0/0/0

S* 0.0.0.0/0 [1/0] via 160.8.85.44

siteA_1841#sh ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is 160.8.85.44 to network 0.0.0.0

160.8.0.0/16 is variably subnetted, 14 subnets, 4 masks

C 160.8.253.85/32 is directly connected, Loopback0

D 160.8.253.86/32 [90/20640000] via 160.8.200.142, 18:58:48, Serial0/0/1

S 160.8.32.0/22 [1/0] via 10.254.4.2

S 160.8.60.0/22 [1/0] via 10.254.4.2

S 160.8.10.0/24 [1/0] via 10.254.4.2

S 160.8.24.0/24 [1/0] via 10.254.4.2

S 160.8.25.0/24 [1/0] via 10.254.4.2

S 160.8.27.0/24 [1/0] via 10.254.4.2

S 160.8.28.0/24 [1/0] via 10.254.4.2

S 160.8.30.0/24 [1/0] via 10.254.4.2

S 160.8.16.0/24 [1/0] via 10.254.4.2

C 160.8.200.140/30 is directly connected, Serial0/0/1

C 160.8.85.0/24 is directly connected, FastEthernet0/0

D 160.8.86.0/24 [90/20514560] via 160.8.200.142, 18:58:50, Serial0/0/1

10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

C 10.254.4.0/30 is directly connected, Serial0/0/0

S 10.254.4.0/24 [1/0] via 10.254.4.2

S* 0.0.0.0/0 [1/0] via 160.8.85.44

siteA_1841#

siteB_1841#trace 160.8.85.20

Type escape sequence to abort.

Tracing the route to 160.8.85.20

1 160.8.200.141 16 msec * 16 msec

SiteB_1841#

siteA_1841#trace 160.8.86.20

Type escape sequence to abort.

Tracing the route to 160.8.86.20

1 160.8.200.142 28 msec 20 msec *

siteA_1841#

The configs are attached.

Attachment: 
Edison Ortiz Wed, 12/12/2007 - 16:08

The configuration looks ok.

Can we see the show ip route from both routers ?

bericaleb Wed, 12/12/2007 - 20:59

siteb_1841# show ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is 160.8.85.44 to network 0.0.0.0

160.8.0.0/16 is variably subnetted, 15 subnets, 4 masks

D 160.8.253.85/32 [90/20640000] via 160.8.200.141, 18:56:04, Serial0/0/0

C 160.8.253.86/32 is directly connected, Loopback0

S 160.8.32.0/22 [1/0] via 160.8.200.141

S 160.8.60.0/22 [1/0] via 160.8.200.141

S 160.8.9.0/24 [1/0] via 160.8.200.141

S 160.8.10.0/24 [1/0] via 160.8.200.141

S 160.8.24.0/24 [1/0] via 160.8.200.141

D EX 160.8.25.0/24 [170/21024000] via 160.8.200.141, 18:56:04, Serial0/0/0

S 160.8.27.0/24 [1/0] via 160.8.200.141

S 160.8.28.0/24 [1/0] via 160.8.200.141

S 160.8.30.0/24 [1/0] via 160.8.200.141

D EX 160.8.16.0/24 [170/21024000] via 160.8.200.141, 18:56:04, Serial0/0/0

C 160.8.200.140/30 is directly connected, Serial0/0/0

D 160.8.85.0/24 [90/20514560] via 160.8.200.141, 18:56:06, Serial0/0/0

C 160.8.86.0/24 is directly connected, FastEthernet0/0

10.0.0.0/24 is subnetted, 1 subnets

D EX 10.254.4.0 [170/21024000] via 160.8.200.141, 18:56:06, Serial0/0/0

S* 0.0.0.0/0 [1/0] via 160.8.85.44

siteb_1841#

siteA_1841#sh ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is 160.8.85.44 to network 0.0.0.0

160.8.0.0/16 is variably subnetted, 14 subnets, 4 masks

C 160.8.253.85/32 is directly connected, Loopback0

D 160.8.253.86/32 [90/20640000] via 160.8.200.142, 18:58:48, Serial0/0/1

S 160.8.32.0/22 [1/0] via 10.254.4.2

S 160.8.60.0/22 [1/0] via 10.254.4.2

S 160.8.10.0/24 [1/0] via 10.254.4.2

S 160.8.24.0/24 [1/0] via 10.254.4.2

S 160.8.25.0/24 [1/0] via 10.254.4.2

S 160.8.27.0/24 [1/0] via 10.254.4.2

S 160.8.28.0/24 [1/0] via 10.254.4.2

S 160.8.30.0/24 [1/0] via 10.254.4.2

S 160.8.16.0/24 [1/0] via 10.254.4.2

C 160.8.200.140/30 is directly connected, Serial0/0/1

C 160.8.85.0/24 is directly connected, FastEthernet0/0

D 160.8.86.0/24 [90/20514560] via 160.8.200.142, 18:58:50, Serial0/0/1

10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

C 10.254.4.0/30 is directly connected, Serial0/0/0

S 10.254.4.0/24 [1/0] via 10.254.4.2

S* 0.0.0.0/0 [1/0] via 160.8.85.44

siteA_1841#

Edison Ortiz Wed, 12/12/2007 - 21:36

I'm trying to follow the logic here since your original post you mentioned network 1.1.1.0/24.

I assume your network office's subnet is 10.254.4.0/24 ?

SiteB has that route

D EX 10.254.4.0 [170/21024000] via 160.8.200.141, 18:56:06, Serial0/0/0

But does the network office has a route to SiteB on its routing table ? 160.8.86.0/24

It seems you aren't running EIGRP between SiteA and the HeadOffice, relying simply on static routes. On the headoffice router 10.254.4.2/30, you need a route to 160.8.86.0/24 with gateway 10.254.4.1

bericaleb Wed, 12/12/2007 - 21:55

There is already a route on the Provider's router for 160.8.86.0/24.

Yes the subnet at the Provider's office is 10.254.4.0/24.

EIGRP is only configured on the routers at both site A and site B routers as we control that. The provider's office doesn't have eigrp as they run a different routing protocol and they control their own configs. They also have other clients connected to their router.

When he traces from his router he's able to come all the way to Site B. When I trace from site A to our headoffice, I'm able to go all the way to our head office. And from within the router in site A I can ping our head office LAN. I can't do the same from the site B router while in a telnet session. For this reason our servers sitting on the site B LAN are not able authenticate with the servers at our head office.

The link between site A & B is a 128Kbps Telecom Leased Line. It's a point-to-point connection going through the Telecom exchange. Is there a protocol that we need to enable on both ends to fix this problem?

Correct Answer
Edison Ortiz Thu, 12/13/2007 - 06:46

You aren't able to reach 10.254.4.0/24 from the SiteB router ?

SiteB router has it in the routing table therefore is not a routing problem.

I guess you have to trust the head office's network person on having 160.8.86.0/24 in their routing table.

Do they also have a route for 160.8.200.140/30 ? This is the serial IP subnet between SiteA and SiteB. This must also be in the head office routing table so you can telnet from SiteB's router. However, you should be able to telnet from SiteB's router if you source your telnet from SiteB's LAN interface

telnet [head office] /source FastEthernet0/0

SiteB LAN should be able to ping all the way to head office. Have you tried pinging from the servers ?

If this doesn't work, then you need to verify if the head office has any ACLs.

bericaleb Tue, 12/18/2007 - 15:35

Hi

thanks, by adding a route for network 160.8.200.140/24 to our network provider's router and our router back at our headoffice I'm able to ping outher subnets fromn the site B router.

The next problem is, I'm unable to access applications like email, remote desktop, as400 and other tcp applications from the LAN on site B. Why is that? Pls help.

Edison Ortiz Tue, 12/18/2007 - 17:10

> The next problem is, I'm unable to access applications like email, remote desktop, as400 and other tcp applications

> from the LAN on site B. Why is that? Pls help.

Are you able to ping those devices ?

Where are the the applications located (what subnet? )

Can you post the show ip route from the router on Site B and the router where those applications are hosted ?

bericaleb Tue, 12/18/2007 - 20:24

I'm able to ping devices hosting these applications at our head office.

The subnets which the applications are hosted are; 160.8.32.0/22, 160.8.10.0/24, 160.8.28.0/24, 160.8.27.0/24, 160.8.60.0/24, 160.8.24.0/24, etc.

I've attached the show ip routes for the site B router and the headoffice main gaeway router.

Edison Ortiz Tue, 12/18/2007 - 20:46

SiteB has static routes to those networks

S 160.8.32.0/22 [1/0] via 160.8.200.141

S 160.8.10.0/24 [1/0] via 160.8.200.141

S 160.8.27.0/24 [1/0] via 160.8.200.141

S 160.8.60.0/22 [1/0] via 160.8.200.141

S 160.8.24.0/24 [1/0] via 160.8.200.141

pointing to the serial interface on SiteA, which is fine.

The head office has a route to SiteB LAN

S 160.8.86.0/24 [1/0] via 160.8.32.21

_______________

The device 160.8.32.21 has a route for 160.8.86.0/24 ? That's not SiteA's router.

bericaleb Tue, 12/18/2007 - 21:38

The device 160.8.32.21 is a main gateway switxh which does layer 3 too (ip routing). it does have a route for 160.8.86.0/24 configured on. On this switch there is a RCST with the address 10.254.4.9 that's directly connected to it. This is the device that server the link between our headoffice, the network provider and the site A & B. Site B goes via Site A in order for it to ride on this link back to head office.

Didn't quiet get you last last statement. Pls explain again.

Edison Ortiz Wed, 12/19/2007 - 07:01

Please post the show ip route from this device as well.

You should consider implementing some kind of dynamic routing protocol on all devices. It will help you on situations like this....

You mentioned before that you were able to ping from SiteB LAN to those devices but not access the applications ? Then it sound like an ACL issue somewhere in the path.

bericaleb Wed, 12/19/2007 - 15:25

We use EIGRP 5 as our dynamic routing protocol. The Network Service provider (for the link between SITE A and Headoffice )doesn't use the same dynamic routing protocol as ours. It's got it's own. So that is why it's a bit hard for us in this kind of situation. Yes I can ping the devices hosting these applications from SITE B, but I can't access the applications themselves.

You're right in saying it could be an ACL issue somewhere in the path as we're suspecting the Network Service provider could have some ACLs on their VSAT router.

I've requested if I could have a look at the configs which I haven't received.

I've attached here a show ip route for 160.8.32.21

Edison Ortiz Wed, 12/19/2007 - 16:18

If you can ping them, then you have network reachability.

ACL must be the culprit.

bericaleb Wed, 12/19/2007 - 16:41

These are the ACLs on the Network Service Provider router.

access-list 10 permit 192.168.0.0 0.0.255.255

access-list 10 permit 10.254.0.0 0.0.255.255

access-list 101 permit tcp any any

access-list 103 permit tcp any 192.168.150.0 0.0.0.255

access-list 104 permit tcp 192.168.150.0 0.0.0.255 any

access-list 105 permit tcp 192.168.150.0 0.0.0.255 10.254.0.0 0.0.255.255

access-list 105 permit ip any 10.254.0.0 0.0.255.255

access-list 105 permit tcp 192.168.150.0 0.0.0.255 202.170.46.0 0.0.0.255

access-list 105 permit ip any 202.170.46.0 0.0.0.255

access-list 106 permit ip 10.254.0.0 0.0.255.255 192.168.200.0 0.0.0.255

access-list 110 deny tcp any any range 1433 1434

access-list 110 deny udp any any range 1433 1434

access-list 110 deny tcp any any eq 3128

access-list 110 deny tcp any any eq 3306

access-list 110 deny tcp any any eq 4444

access-list 110 deny tcp any any eq 6129

access-list 110 deny tcp any any eq 8967

access-list 110 deny udp any any eq 8998

access-list 110 deny tcp any any eq 11768

access-list 110 deny tcp any any eq 15118

access-list 110 deny tcp any any eq 20168

access-list 110 permit ip any any

access-list 111 permit ip any 10.254.4.0 0.0.0.7

access-list 111 permit ip any 160.8.85.0 0.0.0.255

Edison Ortiz Wed, 12/19/2007 - 17:07

I don't know where they are applied :)

Those can be security ACLs, QoS ACLs or Route-map ACLs.

Can't the Service Provider fix their own problem ? Not much of a 'service' from that provider :)

If you really need to get this going, you need to post the whole config.

Edison Ortiz Wed, 12/19/2007 - 21:43

______________

interface Vlan7 (THIS IS US)

description #### BSP VLAN ####

ip address 10.254.4.6 255.255.255.252

______________

This connects to what device ? It's not directly connected to SiteA's router.

Do me a favor, draw a diagram of this network.

My previous understanding you had:

(SiteB)->serial->(SiteA)->serial->(Head Office).

New routers are showing up and you aren't running any dynamic protocol between them. This is becoming a bit messy.

A diagram is needed, please.

glen.grant Wed, 12/12/2007 - 16:40

You dont have a network statement for your connection to the headoffice , add that and see what happens . Headoffice ip address does not fall under your 1 network statement . Check the headoffice end for the same thing.

Actions

This Discussion