Wan, Internet, possible routing issue

Answered Question

Ok here is the issue;

2 sites JoeSchmoCo and Optical

Joeschmoco has 2 routers one going to the internet and 1 handling their WAN connections

Optical has 1 router and is a WAN site connected to the Joeschmoco WAN router.

JoeSchmoco routers are named internet and internal

Internet has 1 serial connection to the ISP and ethernet 172.16.0.1

Internal has 2 serial connections and ethernet 172.16.0.2

Optical location has 1 serial to Joeschmoco-internal and ethernet 172.16.2.1

I can get from joeschmoco-internal to optical location and to internet router as shown by the ping commands

here;

JoeSchmoCo-internal#ping 172.16.0.1

Sending 5, 100-byte ICMP Echos to 172.16.0.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms

JoeSchmoCo-internal#ping 172.16.2.1

Sending 5, 100-byte ICMP Echos to 172.16.2.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms

I can get from joeschmo-internet to optical and to internal also as shown here;

JoeSchmoCo-internet#ping 172.16.0.2

Sending 5, 100-byte ICMP Echos to 172.16.0.2, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms

JoeSchmoCo-internet#ping 172.16.2.1

Sending 5, 100-byte ICMP Echos to 172.16.2.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 4/5/8 ms

Now I go to the optical router which is connected via serial interface to the internal router and I can not

get to the internet router so I can not get internet access as shown here;

optical#ping 172.16.0.2

Sending 5, 100-byte ICMP Echos to 172.16.0.2, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 4/5/8 ms

optical#ping 172.16.0.1

Sending 5, 100-byte ICMP Echos to 172.16.0.1, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

So when traffic is originated from the internet router I can get to the optical location router but I can not

get traffic when its originated from the optical location.

I know its something easy so I have attached my configs for your browsing pleasure..

Attachment: 
I have this problem too.
0 votes
Correct Answer by Jon Marshall about 7 years 7 months ago

Phillip

No problem, happens to us all :-)

When you say you cannot ping the ISP end of the serial link do you mean from the optical router with a source address of 10.0.0.5 ?

If so that is because you haven't included this in your NAT config on the Internet router ie.

ip nat inside source list 1 pool net172 overload

access-list 1 permit 172.16.0.0 0.0.255.255

You need to add this line to access-list 1

access-list 1 permit 10.0.0.4 0.0.0.3

Jon

Correct Answer by Jon Marshall about 7 years 7 months ago

Phillip

When you ping from optical to Internet router the source address will be 10.0.0.5 ie. the serial interface of optical. But your Internet router doesn't have a route back to this network.

So either

1) use an extended ping on optical router specifying the source address as fa0/1 interface address ie. 172.16.2.1

OR

2) add route to Internet router -

ip route 10.0.0.4 255.255.255.252 172.16.0.2

Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
Jon Marshall Sat, 05/09/2009 - 13:26

Phillip

When you ping from optical to Internet router the source address will be 10.0.0.5 ie. the serial interface of optical. But your Internet router doesn't have a route back to this network.

So either

1) use an extended ping on optical router specifying the source address as fa0/1 interface address ie. 172.16.2.1

OR

2) add route to Internet router -

ip route 10.0.0.4 255.255.255.252 172.16.0.2

Jon

Jon I feel like an idiot.. I reviewed my posts on here and I ased the exact smae question 2 years ago ona different install :) You gave the exact same answer.. Thank you...

Now I can ping the serial interface on the internet router but I can not get to the next hop, the other end of the serial on the internet to get to the internet...

Correct Answer
Jon Marshall Sat, 05/09/2009 - 13:35

Phillip

No problem, happens to us all :-)

When you say you cannot ping the ISP end of the serial link do you mean from the optical router with a source address of 10.0.0.5 ?

If so that is because you haven't included this in your NAT config on the Internet router ie.

ip nat inside source list 1 pool net172 overload

access-list 1 permit 172.16.0.0 0.0.255.255

You need to add this line to access-list 1

access-list 1 permit 10.0.0.4 0.0.0.3

Jon

Actions

This Discussion

Related Content