Wan, Internet, possible routing issue

Answered Question

Ok here is the issue;


2 sites JoeSchmoCo and Optical


Joeschmoco has 2 routers one going to the internet and 1 handling their WAN connections


Optical has 1 router and is a WAN site connected to the Joeschmoco WAN router.


JoeSchmoco routers are named internet and internal


Internet has 1 serial connection to the ISP and ethernet 172.16.0.1


Internal has 2 serial connections and ethernet 172.16.0.2


Optical location has 1 serial to Joeschmoco-internal and ethernet 172.16.2.1



I can get from joeschmoco-internal to optical location and to internet router as shown by the ping commands


here;


JoeSchmoCo-internal#ping 172.16.0.1

Sending 5, 100-byte ICMP Echos to 172.16.0.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms



JoeSchmoCo-internal#ping 172.16.2.1

Sending 5, 100-byte ICMP Echos to 172.16.2.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms




I can get from joeschmo-internet to optical and to internal also as shown here;


JoeSchmoCo-internet#ping 172.16.0.2

Sending 5, 100-byte ICMP Echos to 172.16.0.2, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms


JoeSchmoCo-internet#ping 172.16.2.1

Sending 5, 100-byte ICMP Echos to 172.16.2.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 4/5/8 ms



Now I go to the optical router which is connected via serial interface to the internal router and I can not


get to the internet router so I can not get internet access as shown here;


optical#ping 172.16.0.2

Sending 5, 100-byte ICMP Echos to 172.16.0.2, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 4/5/8 ms



optical#ping 172.16.0.1

Sending 5, 100-byte ICMP Echos to 172.16.0.1, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)




So when traffic is originated from the internet router I can get to the optical location router but I can not


get traffic when its originated from the optical location.


I know its something easy so I have attached my configs for your browsing pleasure..






Attachment: 
Correct Answer by Jon Marshall about 7 years 10 months ago

Phillip


No problem, happens to us all :-)


When you say you cannot ping the ISP end of the serial link do you mean from the optical router with a source address of 10.0.0.5 ?


If so that is because you haven't included this in your NAT config on the Internet router ie.


ip nat inside source list 1 pool net172 overload


access-list 1 permit 172.16.0.0 0.0.255.255


You need to add this line to access-list 1


access-list 1 permit 10.0.0.4 0.0.0.3


Jon

Correct Answer by Jon Marshall about 7 years 10 months ago

Phillip


When you ping from optical to Internet router the source address will be 10.0.0.5 ie. the serial interface of optical. But your Internet router doesn't have a route back to this network.


So either


1) use an extended ping on optical router specifying the source address as fa0/1 interface address ie. 172.16.2.1


OR


2) add route to Internet router -


ip route 10.0.0.4 255.255.255.252 172.16.0.2


Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
Jon Marshall Sat, 05/09/2009 - 13:26
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Phillip


When you ping from optical to Internet router the source address will be 10.0.0.5 ie. the serial interface of optical. But your Internet router doesn't have a route back to this network.


So either


1) use an extended ping on optical router specifying the source address as fa0/1 interface address ie. 172.16.2.1


OR


2) add route to Internet router -


ip route 10.0.0.4 255.255.255.252 172.16.0.2


Jon

Jon I feel like an idiot.. I reviewed my posts on here and I ased the exact smae question 2 years ago ona different install :) You gave the exact same answer.. Thank you...


Now I can ping the serial interface on the internet router but I can not get to the next hop, the other end of the serial on the internet to get to the internet...

Correct Answer
Jon Marshall Sat, 05/09/2009 - 13:35
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Phillip


No problem, happens to us all :-)


When you say you cannot ping the ISP end of the serial link do you mean from the optical router with a source address of 10.0.0.5 ?


If so that is because you haven't included this in your NAT config on the Internet router ie.


ip nat inside source list 1 pool net172 overload


access-list 1 permit 172.16.0.0 0.0.255.255


You need to add this line to access-list 1


access-list 1 permit 10.0.0.4 0.0.0.3


Jon

Jon Marshall Sat, 05/09/2009 - 13:46
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Phillip


No problem, glad to have helped and thanks for the ratings.


Jon

Actions

This Discussion

Related Content