Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
480
Views
0
Helpful
5
Replies

Simple routing..Not working

scottcummins
Level 1
Level 1

‎10-16-2008 05:28 PM - edited ‎03-03-2019 11:57 PM

I currently have two 3845's connected point to point with the following configs

MESA3845001#sh run

Building configuration...

Current configuration : 1347 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname xxx

!

boot-start-marker

boot-end-marker

!

card type t3 2

logging buffered 51200 warnings

enable secret xxx

!

no aaa new-model

ip cef

!

!

!

!

username cisco privilege 15 secret xxx

username equitymethods privilege 15 secret xxx

!

!

controller T3 2/0

!

!

!

interface GigabitEthernet0/0

description **MESA-OORLANDO Traffic**

ip address 10.10.40.1 255.255.255.248

duplex auto

speed auto

media-type rj45

!

interface GigabitEthernet0/1

no ip address

duplex auto

speed auto

media-type rj45

!

interface Serial2/0

**Mesa-Orlando DS3**

ip address 10.20.50.2 255.255.255.248

dsu bandwidth 44210

!

no ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 10.20.50.1

ip route 172.16.100.0 255.255.255.0 10.10.40.2

!

no ip http server

ip http authentication local

ip http timeout-policy idle 60 life 86400 requests 10000

!

!

control-plane

!

!

line con 0

login local

line aux 0

line vty 0 4

access-class 23 in

privilege level 15

password Supp0rt@EM

--More-- login

transport input telnet

line vty 5 15

access-class 23 in

privilege level 15

login local

transport input telnet

!

scheduler allocate 20000 1000

!

end

Labels:
0 Helpful
5 Replies 5

scottcummins
Level 1
Level 1

‎10-16-2008 05:31 PM

ORLNDMESA001#

Current configuration : 3058 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname ORLNDMESA001

!

boot-start-marker

boot system flash:c3845-advipservicesk9-mz.124-16b.bin

boot-end-marker

!

card type t3 2

logging buffered 51200 warnings

enable secret 5 $1$FJF6$1qEpgAw774hsDhL5eoQxi.

!

no aaa new-model

ip cef

!

!

!

ip domain name equitymethods.com

!

voice-card 0

no dspfarm

!

!

!

!

!

!

!

!

!

!

!

!

!

!

crypto pki trustpoint TP-self-signed-3555988581

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-3555988581

revocation-check none

rsakeypair TP-self-signed-3555988581

!

!

crypto pki certificate chain TP-self-signed-3555988581

certificate self-signed 01

30820253 308201BC A0030201 02020101 300D0609 2A864886 F70D0101 04050030

31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

69666963 6174652D 33353535 39383835 3831301E 170D3038 30383239 31363431

35375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649

4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 35353539

38383538 3130819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281

8100CB2E 2721592F 072748DF 552802FC E6194B6F 89A76304 4567D0E6 CA5045BD

3D4156BD 235A4941 07F5E347 85971135 CA917975 90A247BD A950902F E3627E8D

58841BA4 BD1C916A 010A63E4 68BE652C 2C91FCF9 71BE342E 3917B055 7D89B592

890E7EC0 3EA8277B 825ED7F3 5DD225F3 C3D9127F AC586ED8 BD6ECB2E 96BAE45A

83E50203 010001A3 7B307930 0F060355 1D130101 FF040530 030101FF 30260603

551D1104 1F301D82 1B4F524C 4E444D45 53413030 312E796F 7572646F 6D61696E

2E636F6D 301F0603 551D2304 18301680 14B3326D 4F237A5A BA63E973 D6C5BF20

7CA0CB18 39301D06 03551D0E 04160414 B3326D4F 237A5ABA 63E973D6 C5BF207C

A0CB1839 300D0609 2A864886 F70D0101 04050003 81810005 E1646ED4 1238FDC2

A91078DD C175480A 519E5BB7 B010AF20 80611F4A 7BD9CCA8 9131A321 996583C3

3B47CD77 49D72F09 F00D5972 A8C42BD9 C062EDED 6709CA49 25245E63 496CED7A

57673E57 F84DD1A4 C7C74D63 2B7A2BAE E189B388 DEABC2EC 3DD6BEC5 899D6EF9

583CDB22 66C056C2 BEAE236F 3F135B04 FC7EB612 92B361

quit

username EquityMethods secret 5 $1$Q6Ry$g55tqorvy2IOoIe8DkE4m/

!

!

controller T3 2/0

cablelength 70

!

!

!

!

!

!

interface GigabitEthernet0/0

ip address 10.10.30.1 255.255.255.0

duplex auto

speed auto

media-type rj45

!

interface GigabitEthernet0/1

no ip address

shutdown

duplex auto

speed auto

media-type rj45

!

interface Serial2/0

bandwidth 44210

ip address 10.20.50.1 255.255.255.248

dsu bandwidth 44210

!

ip route 0.0.0.0 0.0.0.0 10.20.50.2

ip route 172.16.200.0 255.255.255.0 10.10.30.2

ip route 172.16.255.0 255.255.255.0 10.10.30.2

!

!

ip http server

no ip http secure-server

!

!

!

!

!

control-plane

!

!

!

line con 0

login local

line aux 0

line vty 0 4

access-class 23 in

privilege level 15

password Supp0rt@EM

login

transport input telnet ssh

line vty 5 15

access-class 23 in

privilege level 15

login local

transport input telnet ssh

!

As you can see, The one has the crypto installed, ZDoes that make a difference?

The problem is that on the other side of the gigabit interfaces I have Firewalls with interace IP's 10.10.40.2 and 10.10.30.2 I cannot ping from one side to the other past the gigabit interfaces

Say I ping 172.16.100.1, which is just inside the 10.10.40.1 interface I cannot, But I can ping 10.10.40.1

Any Ideas or help would be so appreciated?

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to scottcummins

‎10-16-2008 06:31 PM

Scott

It is highly unlikely that crypto (or not crypto) has anything to do with this issue. I suspect that the issue is that to get to 172.16.100.1 you must go through the firewall at 10.10.40.2. I suspect that the firewall is not allowing the ping to go through. Can you check on the firewall and see if it sees the ping? And if it sees the ping does it permit it through or does it deny the ping?

HTH

Rick

HTH

Rick
0 Helpful

scottcummins
Level 1
Level 1
In response to Richard Burts

‎10-17-2008 03:56 AM

Hello Rick

I have the firewall to allow "any any" between the two interfaces, I can ping the serial interfaces and even the distant Gi interface, from one firewall I can even ping the interface on the firewall, Just not through )10.10.40.1 and 10.10.40.2) going the other way, I can only ping 10.10.30.1. I am befuddles.

0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to scottcummins

‎10-17-2008 04:08 AM

Hello Scott,

has the firewall routes to be able to send back traffic originated in the different IP subnets ?

Hope to help

Giuseppe

0 Helpful

singhsaju
Level 4
Level 4
In response to scottcummins

‎10-17-2008 05:32 AM

Hi Scott,

There is no routing issue on these routers as the routes are properly configured , also there are no access lists to block any traffic .

You mentioned that you cannot ping 30.2 interface of firewall , there could be either routing issue or firewalls are not properly configured to handle the traffic.Are these cisco based firewalls PIX or ASA ? Can you post firewall configs?

HTH

Saju

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card