07-01-2008 04:49 AM - edited 03-05-2019 11:55 PM
Hi, I have a 871 router which has a tunnel back to HQ. I want to force some traffic to go straight out onto the internet rather than through the tunnel
The routes currently are simply as follows: -
ip classless
ip route 0.0.0.0 0.0.0.0 Tunnel11
ip route 10.128.6.0 255.255.255.0 10.217.106.129
I want to add ip route 155.231.80.0 255.255.255.0 10.217.106.129
When I add the route I cannot get access to the address from the client machines
A ping works fine from the router but if you specify the source IP address as the LAN address 10.213.124.33 then it fails
What am I missing/doing wrong?
Cheers
Solved! Go to Solution.
07-01-2008 11:03 AM
I believe that Collin is on the right track. But I think that we may be able to focus the issue a bit more. If I understand the context of the issue correctly from jonathan the existing environment is that all traffic has been tunneled back to HQ. In this situation there is no need to translate any addresses. But now he wants to route some traffic directly to a destination rather than tunnel it to HQ. In that situation address translation is required and I suspect that no address translation is configured. (and if there is no translation then the traffic is routed out with private addresses as the source address - and Collin's question about a route back to you is right on the mark).
So configure address translation for the traffic being directly routed (but not for traffic going through the tunnel). Give it a try and let us know if it fixes your problem.
HTH
Rick
07-01-2008 05:11 AM
Does the remote end have a route back to the client subnet? Does the ping fail if you source it from the LAN side interface of the router?
07-01-2008 11:03 AM
I believe that Collin is on the right track. But I think that we may be able to focus the issue a bit more. If I understand the context of the issue correctly from jonathan the existing environment is that all traffic has been tunneled back to HQ. In this situation there is no need to translate any addresses. But now he wants to route some traffic directly to a destination rather than tunnel it to HQ. In that situation address translation is required and I suspect that no address translation is configured. (and if there is no translation then the traffic is routed out with private addresses as the source address - and Collin's question about a route back to you is right on the mark).
So configure address translation for the traffic being directly routed (but not for traffic going through the tunnel). Give it a try and let us know if it fixes your problem.
HTH
Rick
07-01-2008 11:55 AM
Hi Rick, your bang on the money it is a translation issue, no NAT is configured
Thanks for your help!
07-01-2008 12:09 PM
jonathan
I am glad that my suggestion did help point you in the direction so that you could resolve your problem. Thank you for using the rating system to indicate that your problem was solved (and thanks for the rating). It makes the forum more useful when people can read about a problem and can know that there was a response which did lead to a solution for the problem.
The forum is an excellent place to learn about Cisco networking. I encourage you to continue your participation in the forum.
HTH
Rick
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: