Routing issue

Unanswered Question
Nov 13th, 2008
User Badges:

I have 2 sites connected though ISP


both sites has static routes to ISP


From Site A and i am able to ping site B


From Site B iam unable to Ping site A


*both sites are connected by has milit link

could any one tell me whats the problem


Debug output is pasted below

===============================


Nov 13 17:16:26.376: ICMP: dst (10.28.200.253) host unreachable rcv from 10.195.167.22110.

.Nov 13 17:16:28.391: ICMP: dst (10.28.200.253) host unreachable rcv from 10.195.167.221

.Nov 13 17:16:30.406: ICMP: dst (10.28.200.253) host unreachable rcv from 10.195.167.221253.2

.Nov 13 17:16:32.422: ICMP: dst (10.28.200.253) host unreachable rcv from 10.195.167.22100.171.


.Nov 13 17:16:35.795: ICMP: dst (10.28.200.253) host unreachable rcv from 10.195.167.221

.Nov 13 17:16:36.444: ICMP: dst (10.28.200.253) host unreachable rcv from 10.195.167.221% Unrecognized host or address, or protocol not running


#Nov 13 17:18:33.223: IP-Static: 0.0.0.0 0.0.0.0 Multilink1 Path = 1, route table no change, recursive flag clea


Note: Both sites have only staic routes to the ISP

Please guide me


regds

Karthik

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Richard Burts Thu, 11/13/2008 - 09:33
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Karthik


It is possible that this is a routing issue as the heading of your post suggests. If it is a routing issue then the first step in investigating it may be to post the output of show ip route for both sites.


It would also be good to verify whether each site is able to ping (or otherwise access) addresses within the provider addresses.


It is also possible that the problem is that some devices do not have correct default gateway configured. Can you confirm that devices at both sites have correct default gateway (probably a good check on this is whether they can ping (or otherwise access) some provider address.


It is also possible that the problem is access list filtering that is not permitting ping requests (or perhaps ping responses) to get through in one direction. Can you tell us whether there are any access lists filtering the traffic at either site?


HTH


Rick

adhityakarthik Thu, 11/13/2008 - 09:40
User Badges:

Hi


Thanks for reply




Site A:-sh ip routr out put


Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route


Gateway of last resort is 10.28.1.101 to network 0.0.0.0


83.0.0.0/32 is subnetted, 1 subnets

C 83.235.81.13 is directly connected, Loopback0

10.0.0.0/8 is variably subnetted, 15 subnets, 3 masks

D 10.253.200.53/32 [90/156160] via 10.28.1.101, 7w0d, FastEthernet0/1

C 10.28.1.0/24 is directly connected, FastEthernet0/1

C 10.28.10.0/24 is directly connected, FastEthernet0/0

S 10.195.167.0/24 is directly connected, Multilink1

S 10.28.100.0/24 is directly connected, Multilink1

S 10.28.110.0/24 is directly connected, Multilink1

S 10.253.200.173/32 is directly connected, Multilink1

S 10.253.200.172/32 is directly connected, Multilink1

C 10.253.200.171/32 is directly connected, Loopback1

D 10.253.200.144/32 [90/156160] via 10.28.1.100, 7w0d, FastEthernet0/1

C 10.195.167.212/30 is directly connected, Multilink1

C 10.195.167.213/32 is directly connected, Multilink1

S 10.28.210.0/24 is directly connected, Multilink1

D 10.200.22.0/24 [90/46228736] via 10.28.1.100, 2d08h, FastEthernet0/1

S 10.28.200.0/24 is directly connected, Multilink1

S 212.205.36.0/24 is directly connected, Multilink1

D*EX 0.0.0.0/0 [170/5002752] via 10.28.1.101, 2w6d, FastEthernet0/1

CSATHENS3#sh ip acces

CSATHENS3#sh ip access-lists

Extended IP access list 133

10 permit ip any any dscp ef

20 permit ip any any dscp cs1

30 permit ip any any dscp cs2

40 permit ip any any dscp cs3

50 permit ip any any dscp cs4

60 permit ip any any dscp cs5

70 permit udp any any range 16384 32000

80 permit tcp any any eq 1720

Extended IP access list 134

10 permit udp any any range 16383 32784

Extended IP access list 152

10 permit udp any any range 16384 32776 (23667826 matches)

20 permit udp any any dscp ef

30 permit ip any any dscp ef

40 permit ip any any precedence critical

Extended IP access list 153

10 permit tcp any eq 1720 any

20 permit tcp any any eq 1720 (6762 matches)

Extended IP access list voice

10 permit udp any any range 16384 32000

20 permit tcp any any eq 1720

30 permit ip any any dscp cs1

40 permit ip any any dscp cs2

50 permit ip any any dscp ef



Site B:- Sh ip route out put


83.0.0.0/32 is subnetted, 1 subnets

C 83.235.81.14 is directly connected, Loopback0

10.0.0.0/8 is variably subnetted, 5 subnets, 3 masks

C 10.253.200.173/32 is directly connected, Loopback1

C 10.195.167.220/30 is directly connected, Multilink1

C 10.195.167.221/32 is directly connected, Multilink1

C 10.28.210.0/24 is directly connected, Vlan10

C 10.28.200.0/24 is directly connected, Vlan1

S* 0.0.0.0/0 is directly connected, Multilink1

CSPATRA#sh ip acce

CSPATRA#sh ip access-lists

Extended IP access list 120

10 permit udp any any range 16384 32000

20 permit tcp any any eq 1720

30 permit ip any any dscp cs1

40 permit ip any any dscp cs2

50 permit ip any any dscp cs3 (255 matches)

60 permit ip any any dscp ef

Extended IP access list 199

10 deny tcp 10.28.210.0 0.0.0.255 host 10.28.10.200 eq 2000

20 permit ip any any




regds

Karthik

Giuseppe Larosa Fri, 11/14/2008 - 01:20
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Kartick,

ICMP: dst (10.28.200.253) host unreachable rcv from 10.195.167.221


but

C 10.28.200.0/24 is directly connected, Vlan1


you are trying to ping a device that should be out vlan1 on siteB and you receive an answer from site A.

This can happen only if vlan1 is not reachable on siteB.

If so the packet goes to siteA and site A has a static route to siteB.


Hope to help

Giuseppe


adhityakarthik Fri, 11/14/2008 - 03:05
User Badges:

Hi


Thanks very much for the reply


i coulndt understand the explantion could u kindly explain me in details


i am trying to ping from site B to site A



Site B:-


interface Vlan1

description Data Vlan

ip address 10.28.200.253 255.255.255.0

ip helper-address 10.28.1.42

ip route-cache flow

!

interface Vlan10

ip address 10.28.210.253 255.255.255.0

ip directed-broadcast

h323-gateway voip interface

h323-gateway voip id ccm-server ipaddr XXXXX

h323-gateway voip h323-id patra-2811

h323-gateway voip bind srcaddr XXXXX

!ip route 0.0.0.0 0.0.0.0 Multilink1




Request to helpme on the same


regd


Karthik


Richard Burts Fri, 11/14/2008 - 11:02
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Karthik


I still am confused about what the situation is and need more information to be able to understand it and to find a solution. In the original post you give this error:

ICMP: dst (10.28.200.253) host unreachable rcv from 10.195.167.221


It looks to me like the address 10.28.200.253 is the VLAN interface for VLAN 1 on B and that address 10.195.167.221 is the multilink interface address on B. Can you confirm that these are correct?


I am not clear whether the debug output is from A or is from B. Can you clarify that? It would also be very helpful to know the details of the original attempt to ping (where was it done and what address was the destination of the ping).


It might also be helpful if you would post the output of show ip interface brief.


HTH


Rick

Richard Burts Fri, 11/14/2008 - 11:15
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Karthik


In re-reading all the posts I have found something else that we need to understand. The addressing of the multilink does not match between A and B. From your previous post here is the addressing of the multilink:

from A

C 10.195.167.212/30 is directly connected, Multilink1

C 10.195.167.213/32 is directly connected, Multilink1

from B

C 10.195.167.220/30 is directly connected, Multilink1

C 10.195.167.221/32 is directly connected, Multilink1


Do these router connect to each other (in which case we have very inconsistent addressing) or is there an ISP router in the middle (in which case the difficulty in getting from one to the other may be a problem with the router in the middle)?


We need to have a much more clear understanding of your situation to be able to figure out this problem.


HTH


Rick

adhityakarthik Sun, 11/16/2008 - 18:00
User Badges:

Hi Rick,


Hi Rick,


Thanks very much for your valuble input.


The sites are connected by a ISP


SIte A------> ISP--------- Site B


Thanking you in anticipation


Karthik

Giuseppe Larosa Mon, 11/17/2008 - 07:36
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Karthik,

to go back to your first post.


a) from what device SiteA or SiteB comes the debug output showing an ICMP unreachable sent to SiteB's Vlan10 ip address on which I tried to make a guess.


b) If there is an ISP router in the middle that devices takes part in routing between your sites and it can be the one that doesn't know how to route to some specific subnet.


When you say that from siteA you can ping siteB do you mean the multilink1 ip address or the SiteB's Vlan10 ip address ?

And when you try to ping from SiteB to SiteA are you using a normal ping or an extended ping with a destination that is a subnet within SiteA ?

From the debug output it looks like that you tried from siteB using a source ip address = SiteB's:Vlan10 ipaddress but router in the middle doesn't know how to route the original packet and sends back an ICMP unreachable with destination= the original source of the ICMP request that is Siteb:Vlan10 ip address


Now it should be more clear what is happening.


Hope to help

Giuseppe



Actions

This Discussion