11-13-2008 09:08 AM - edited 03-04-2019 12:19 AM
I have 2 sites connected though ISP
both sites has static routes to ISP
From Site A and i am able to ping site B
From Site B iam unable to Ping site A
*both sites are connected by has milit link
could any one tell me whats the problem
Debug output is pasted below
===============================
Nov 13 17:16:26.376: ICMP: dst (10.28.200.253) host unreachable rcv from 10.195.167.22110.
.Nov 13 17:16:28.391: ICMP: dst (10.28.200.253) host unreachable rcv from 10.195.167.221
.Nov 13 17:16:30.406: ICMP: dst (10.28.200.253) host unreachable rcv from 10.195.167.221253.2
.Nov 13 17:16:32.422: ICMP: dst (10.28.200.253) host unreachable rcv from 10.195.167.22100.171.
.Nov 13 17:16:35.795: ICMP: dst (10.28.200.253) host unreachable rcv from 10.195.167.221
.Nov 13 17:16:36.444: ICMP: dst (10.28.200.253) host unreachable rcv from 10.195.167.221% Unrecognized host or address, or protocol not running
#Nov 13 17:18:33.223: IP-Static: 0.0.0.0 0.0.0.0 Multilink1 Path = 1, route table no change, recursive flag clea
Note: Both sites have only staic routes to the ISP
Please guide me
regds
Karthik
11-13-2008 09:33 AM
Karthik
It is possible that this is a routing issue as the heading of your post suggests. If it is a routing issue then the first step in investigating it may be to post the output of show ip route for both sites.
It would also be good to verify whether each site is able to ping (or otherwise access) addresses within the provider addresses.
It is also possible that the problem is that some devices do not have correct default gateway configured. Can you confirm that devices at both sites have correct default gateway (probably a good check on this is whether they can ping (or otherwise access) some provider address.
It is also possible that the problem is access list filtering that is not permitting ping requests (or perhaps ping responses) to get through in one direction. Can you tell us whether there are any access lists filtering the traffic at either site?
HTH
Rick
11-13-2008 09:40 AM
Hi
Thanks for reply
Site A:-sh ip routr out put
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 10.28.1.101 to network 0.0.0.0
83.0.0.0/32 is subnetted, 1 subnets
C 83.235.81.13 is directly connected, Loopback0
10.0.0.0/8 is variably subnetted, 15 subnets, 3 masks
D 10.253.200.53/32 [90/156160] via 10.28.1.101, 7w0d, FastEthernet0/1
C 10.28.1.0/24 is directly connected, FastEthernet0/1
C 10.28.10.0/24 is directly connected, FastEthernet0/0
S 10.195.167.0/24 is directly connected, Multilink1
S 10.28.100.0/24 is directly connected, Multilink1
S 10.28.110.0/24 is directly connected, Multilink1
S 10.253.200.173/32 is directly connected, Multilink1
S 10.253.200.172/32 is directly connected, Multilink1
C 10.253.200.171/32 is directly connected, Loopback1
D 10.253.200.144/32 [90/156160] via 10.28.1.100, 7w0d, FastEthernet0/1
C 10.195.167.212/30 is directly connected, Multilink1
C 10.195.167.213/32 is directly connected, Multilink1
S 10.28.210.0/24 is directly connected, Multilink1
D 10.200.22.0/24 [90/46228736] via 10.28.1.100, 2d08h, FastEthernet0/1
S 10.28.200.0/24 is directly connected, Multilink1
S 212.205.36.0/24 is directly connected, Multilink1
D*EX 0.0.0.0/0 [170/5002752] via 10.28.1.101, 2w6d, FastEthernet0/1
CSATHENS3#sh ip acces
CSATHENS3#sh ip access-lists
Extended IP access list 133
10 permit ip any any dscp ef
20 permit ip any any dscp cs1
30 permit ip any any dscp cs2
40 permit ip any any dscp cs3
50 permit ip any any dscp cs4
60 permit ip any any dscp cs5
70 permit udp any any range 16384 32000
80 permit tcp any any eq 1720
Extended IP access list 134
10 permit udp any any range 16383 32784
Extended IP access list 152
10 permit udp any any range 16384 32776 (23667826 matches)
20 permit udp any any dscp ef
30 permit ip any any dscp ef
40 permit ip any any precedence critical
Extended IP access list 153
10 permit tcp any eq 1720 any
20 permit tcp any any eq 1720 (6762 matches)
Extended IP access list voice
10 permit udp any any range 16384 32000
20 permit tcp any any eq 1720
30 permit ip any any dscp cs1
40 permit ip any any dscp cs2
50 permit ip any any dscp ef
Site B:- Sh ip route out put
83.0.0.0/32 is subnetted, 1 subnets
C 83.235.81.14 is directly connected, Loopback0
10.0.0.0/8 is variably subnetted, 5 subnets, 3 masks
C 10.253.200.173/32 is directly connected, Loopback1
C 10.195.167.220/30 is directly connected, Multilink1
C 10.195.167.221/32 is directly connected, Multilink1
C 10.28.210.0/24 is directly connected, Vlan10
C 10.28.200.0/24 is directly connected, Vlan1
S* 0.0.0.0/0 is directly connected, Multilink1
CSPATRA#sh ip acce
CSPATRA#sh ip access-lists
Extended IP access list 120
10 permit udp any any range 16384 32000
20 permit tcp any any eq 1720
30 permit ip any any dscp cs1
40 permit ip any any dscp cs2
50 permit ip any any dscp cs3 (255 matches)
60 permit ip any any dscp ef
Extended IP access list 199
10 deny tcp 10.28.210.0 0.0.0.255 host 10.28.10.200 eq 2000
20 permit ip any any
regds
Karthik
11-14-2008 12:26 AM
Hi
Any body can help me on these
Thanking in anticipation
Karthik
11-14-2008 01:20 AM
Hello Kartick,
ICMP: dst (10.28.200.253) host unreachable rcv from 10.195.167.221
but
C 10.28.200.0/24 is directly connected, Vlan1
you are trying to ping a device that should be out vlan1 on siteB and you receive an answer from site A.
This can happen only if vlan1 is not reachable on siteB.
If so the packet goes to siteA and site A has a static route to siteB.
Hope to help
Giuseppe
11-14-2008 03:05 AM
Hi
Thanks very much for the reply
i coulndt understand the explantion could u kindly explain me in details
i am trying to ping from site B to site A
Site B:-
interface Vlan1
description Data Vlan
ip address 10.28.200.253 255.255.255.0
ip helper-address 10.28.1.42
ip route-cache flow
!
interface Vlan10
ip address 10.28.210.253 255.255.255.0
ip directed-broadcast
h323-gateway voip interface
h323-gateway voip id ccm-server ipaddr XXXXX
h323-gateway voip h323-id patra-2811
h323-gateway voip bind srcaddr XXXXX
!ip route 0.0.0.0 0.0.0.0 Multilink1
Request to helpme on the same
regd
Karthik
11-14-2008 11:02 AM
Karthik
I still am confused about what the situation is and need more information to be able to understand it and to find a solution. In the original post you give this error:
ICMP: dst (10.28.200.253) host unreachable rcv from 10.195.167.221
It looks to me like the address 10.28.200.253 is the VLAN interface for VLAN 1 on B and that address 10.195.167.221 is the multilink interface address on B. Can you confirm that these are correct?
I am not clear whether the debug output is from A or is from B. Can you clarify that? It would also be very helpful to know the details of the original attempt to ping (where was it done and what address was the destination of the ping).
It might also be helpful if you would post the output of show ip interface brief.
HTH
Rick
11-14-2008 11:15 AM
Karthik
In re-reading all the posts I have found something else that we need to understand. The addressing of the multilink does not match between A and B. From your previous post here is the addressing of the multilink:
from A
C 10.195.167.212/30 is directly connected, Multilink1
C 10.195.167.213/32 is directly connected, Multilink1
from B
C 10.195.167.220/30 is directly connected, Multilink1
C 10.195.167.221/32 is directly connected, Multilink1
Do these router connect to each other (in which case we have very inconsistent addressing) or is there an ISP router in the middle (in which case the difficulty in getting from one to the other may be a problem with the router in the middle)?
We need to have a much more clear understanding of your situation to be able to figure out this problem.
HTH
Rick
11-16-2008 06:00 PM
Hi Rick,
Hi Rick,
Thanks very much for your valuble input.
The sites are connected by a ISP
SIte A------> ISP--------- Site B
Thanking you in anticipation
Karthik
11-17-2008 07:36 AM
Hello Karthik,
to go back to your first post.
a) from what device SiteA or SiteB comes the debug output showing an ICMP unreachable sent to SiteB's Vlan10 ip address on which I tried to make a guess.
b) If there is an ISP router in the middle that devices takes part in routing between your sites and it can be the one that doesn't know how to route to some specific subnet.
When you say that from siteA you can ping siteB do you mean the multilink1 ip address or the SiteB's Vlan10 ip address ?
And when you try to ping from SiteB to SiteA are you using a normal ping or an extended ping with a destination that is a subnet within SiteA ?
From the debug output it looks like that you tried from siteB using a source ip address = SiteB's:Vlan10 ipaddress but router in the middle doesn't know how to route the original packet and sends back an ICMP unreachable with destination= the original source of the ICMP request that is Siteb:Vlan10 ip address
Now it should be more clear what is happening.
Hope to help
Giuseppe
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: