Basic Routing Problem

Unanswered Question

I have routers that are setup using point to point T1's and static routing. I am coming from a remote location with ip address of 10.101.x.x The DHCP server and other resources are on the 10.150.x.x and the 10.1.x.x networks. The interfaces for the T1's are 192.158.162.2 for the remote rtr 1 and 192.158.162.1 for corp router 2. I am able to ping and trace the inside interface but I am unable to get to the other resources I have included the configs but I cant get it to route past the inside interface of the corp router

CORP CONFIG

hostname "corp"

enable password

!

clock timezone -6-Central-America

clock no-auto-correct-DST

!

ip subnet-zero

ip classless

ip domain-name ""

ip name-server 10.1.1.10 10.101.0.254 10.1.1.12

ip default-gateway 10.150.0.1

ip routing

!

no auto-config

!

event-history on

no logging forwarding

logging forwarding priority-level info

no logging email

logging email priority-level info

!

no service password-encryption

!

username "admin" password

username "Admin" password

!

ip policy-timeout tcp telnet 14400

!

no ip firewall alg msn

no ip firewall alg h323

!

aaa on


aaa authentication login default local

interface eth 0/1

ip address 10.150.0.2 255.255.0.0

no shutdown

interface eth 0/2

no ip address

shutdown

interface t1 1/1

tdm-group 1 timeslots 1-24 speed 64

no shutdown

!

interface t1 2/1

tdm-group 2 timeslots 1-24 speed 64

no shutdown

!

interface t1 2/2

shutdown

!

interface ppp 1

ip address 192.158.162.1 255.255.255.252

ppp multilink

mtu 1520

no shutdown

cross-connect 1 t1 1/1 1 ppp 1

cross-connect 2 t1 2/1 2 ppp 1


ip route 0.0.0.0 0.0.0.0 10.150.0.9

ip route 10.1.0.0 255.255.0.0 10.150.0.2

ip route 10.101.0.0 255.255.0.0 192.158.162.2

ip route 192.158.162.0 255.255.255.0 10.150.0.1

!

no ip tftp server

no ip tftp server overwrite

no ip http server

no ip http secure-server

ip snmp agent

no ip ftp server

no ip scp server

no ip sntp server

snmp-server enable traps

snmp-server community j520aau RO

snmp-server community public RO


line con 0

!

line telnet 0 4

password

no shutdown

line ssh 0 4

no shutdown

!

sntp server 10.1.1.1

!

end

CORP#


REMOTE CONFIG

!

hostname "REMOTE"

enable password

!

clock timezone -8

!

ip subnet-zero

ip classless

ip domain-name ""

ip name-server 10.150.0.254 10.1.1.12

ip default-gateway 192.158.162.2

ip routing

!

no auto-config

!

event-history on

no logging forwarding

logging forwarding priority-level info

no logging email

logging email priority-level info

!

no service password-encryption

!

username "admin" password ""

!

!

no ip firewall alg msn

no ip firewall alg h323

!

aaa on

interface eth 0/1

no ip address

shutdown

interface eth 0/2

ip address 10.101.0.2 255.255.0.0

no shutdown

interface t1 1/1

clock source internal

tdm-group 1 timeslots 1-24 speed 64

no shutdown

!

interface t1 2/1

clock source internal

tdm-group 2 timeslots 1-24 speed 64

no shutdown

!

interface ppp 1

ip address 192.158.162.2 255.255.255.252

ppp multilink

username admin password

mtu 1520

no shutdown

cross-connect 1 t1 1/1 1 ppp 1

cross-connect 2 t1 2/1 2 ppp 1

router rip

version 2

network 10.0.0.0 0.0.0.0

network 192.158.162.0 255.255.255.0

ip route 0.0.0.0 0.0.0.0 10.150.0.1

ip route 10.1.0.0 255.255.0.0 192.158.162.1

ip route 10.101.0.0 255.255.0.0 192.158.162.1

ip route 10.150.0.0 255.255.0.0 192.158.162.1

!

no ip tftp server

no ip tftp server overwrite

ip http server

ip http secure-server

ip snmp agent

no ip ftp server

no ip scp server

no ip sntp server

snmp-server contact "IS"

snmp-server contact email ""

snmp-server management-url "http://10.101.0.2"

snmp-server location ""

snmp-server enable traps snmp

snmp-server community public RO


line con 0

!

line telnet 0 4

password

no shutdown

line ssh 0 4

no shutdown

!

sntp server 10.1.1.1

remote#


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Collin Clark Tue, 06/10/2008 - 11:16
User Badges:
  • Purple, 4500 points or more

All your other routers will need a static route to 10.101.0.x. Do they?

Edison Ortiz Tue, 06/10/2008 - 11:33
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

Let's go over the remote router config first:



ip route 0.0.0.0 0.0.0.0 10.150.0.1

You have a recursive route here. 10.150.0.1 is not a directly connected interface. In order to reach 10.150.0.1, you need to go via 192.158.162.1. The correct gateway should be 192.158.162.1, not 10.150.0.1

_______________________________



ip route 10.1.0.0 255.255.0.0 192.158.162.1

This is fine

____________________________


ip route 10.101.0.0 255.255.0.0 192.158.162.1

you don't need this route. The network is directly connected on this router. Remove it.

______________________________


ip route 10.150.0.0 255.255.0.0 192.158.162.1

This is fine


_________________________________


router rip

version 2

network 10.0.0.0 0.0.0.0

network 192.158.162.0 255.255.255.0


Do you have RIP running on other routers?


___________________________


Comments on remote router:


Just have one default route pointing to 192.158.162.1

ip route 0.0.0.0 0.0.0.0 192.158.162.1

and remove all routes along with RIP. It will take care of all routing from the remote site towards HQ.


Let's go over the CORP router:



ip route 0.0.0.0 0.0.0.0 10.150.0.9

I'm assuming that's the internet FW, that's fine.

_______________________________


ip route 10.1.0.0 255.255.0.0 10.150.0.2

I don't see this subnet on any interface at this router. You should point the gateway to the device holding this subnet, not the router itself (10.150.0.2).


________________________________


ip route 10.101.0.0 255.255.0.0 192.158.162.2

This is fine.

________________________________



ip route 192.158.162.0 255.255.255.0 10.150.0.1



You don't need this route, that's a directly connected route. Remove it.


________________________________


The hosts at each location must point to their respective router LAN IP as the default gateway. Once you do that, you should have a working routed environment.



HTH,


__


Edison.


Please rate helpful posts


Richard Burts Thu, 06/12/2008 - 09:29
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Don


I raised this issue with the routing logic:

But corporate has a route for 10.1.0.0/16 with next hop of 10.150.0.2 which is its own ethernet interface. I suspect that this is a typo mistake. But it would explain problems in access to 10.1.x.x addresses.


have you done anything to address this yet?


HTH


Rick

Edison Ortiz Thu, 06/12/2008 - 09:48
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

Please post the modified configs along with traceroute and ping outputs.


Thanks


Edison Ortiz Thu, 06/12/2008 - 10:22
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

I don't see anything wrong with the traceroute nor the configs.


__________________


Traceroute output:

TRACE ROUTE FROM 10.150.09

User Access Verification


Password:

T>en

Password:

#trace 10.101.0.2


Type escape sequence to abort.

Tracing the route to gw-dd6-wam.toddpacific.com (10.101.0.2)


1 192.158.162.1 0 msec 4 msec 0 msec

2 192.158.162.2 8 msec 8 msec 8 msec

T#

___________________


Are you able to ping from a workstation at the remote location to 10.150.0.2 (LAN Interface at the CORP router)?


Are you able to ping from the same workstation to a device located in the 10.150.0.0/16 subnet?


You need to make sure the devices at the CORP location have their default gateway set to 10.150.0.2 and devices at the remote location have their default gateway set to 10.101.0.2.



The next HOP from the CORP router interface 10.150.0.2 is 10.150.0.9 which is a 3550 and routing. all my pings from the remote rtr stop at 10.150.0.2. Right now I dont have any devices plugged in at the remote facility I am just trying to ping from the router. I will make sure the Default gateway is set appropriatly.I am able to ping from the remote router to 10.150.0.2. I am unable to ping anything past the 10.150.0.2 from the remote router.

EXAMPLE:

I am able to ping from the 3550 switch at 10.150.0.9 (next hop for 10.150.0.2,directly connected) to the remote router LAN interface at 10.101.0.2 BUT I am unable to ping from 10.101.0.2 to 10.150.0.9. Make sense ?

Thanks

Edison Ortiz Thu, 06/12/2008 - 10:49
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

I am unable to ping anything past the 10.150.0.2 from the remote router.


Is the device being pinged has the default gateway pointing to the CORP router LAN interface ?


Traffic goes both ways, the remote router knows how to reach the CORP devices but the CORP devices need to know how to respond back to the REMOTE location.


I am able to ping from the 3550 switch at 10.150.0.9 (next hop for 10.150.0.2,directly connected) to the remote router LAN interface at 10.101.0.2 BUT I am unable to ping from 10.101.0.2 to 10.150.0.9. Make sense ?


No, it doesn't. If it doesn't work, let's verify the 3550 doesn't have any ACL and the correct subnet mask is applied on the interfaces.


Can you post the output from the pinging results along with the output from show ip interface brief | ex una from the 3 devices (CORP, 3550 and REMOTE router).


Thanks


__


Edison.



Richard Burts Tue, 06/10/2008 - 11:34
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Don


I do notice one issue in the config that you posted. the remote router has its route for 10.1.0.0/16 pointed to corporate which seems right. But corporate has a route for 10.1.0.0/16 with next hop of 10.150.0.2 which is its own ethernet interface. I suspect that this is a typo mistake. But it would explain problems in access to 10.1.x.x addresses.


HTH


Rick

foxbatreco Tue, 06/10/2008 - 11:38
User Badges:
  • Bronze, 100 points or more

Is it a new config on both sides? Pls paste the routing table.

Using tunnels on either ends wud not have this much problems.Anyways lets have a look @ ur routing table.


Rate if this helps!!!

Actions

This Discussion