05-09-2009 01:08 PM - edited 03-04-2019 04:42 AM
Ok here is the issue;
2 sites JoeSchmoCo and Optical
Joeschmoco has 2 routers one going to the internet and 1 handling their WAN connections
Optical has 1 router and is a WAN site connected to the Joeschmoco WAN router.
JoeSchmoco routers are named internet and internal
Internet has 1 serial connection to the ISP and ethernet 172.16.0.1
Internal has 2 serial connections and ethernet 172.16.0.2
Optical location has 1 serial to Joeschmoco-internal and ethernet 172.16.2.1
I can get from joeschmoco-internal to optical location and to internet router as shown by the ping commands
here;
JoeSchmoCo-internal#ping 172.16.0.1
Sending 5, 100-byte ICMP Echos to 172.16.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
JoeSchmoCo-internal#ping 172.16.2.1
Sending 5, 100-byte ICMP Echos to 172.16.2.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms
I can get from joeschmo-internet to optical and to internal also as shown here;
JoeSchmoCo-internet#ping 172.16.0.2
Sending 5, 100-byte ICMP Echos to 172.16.0.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
JoeSchmoCo-internet#ping 172.16.2.1
Sending 5, 100-byte ICMP Echos to 172.16.2.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/5/8 ms
Now I go to the optical router which is connected via serial interface to the internal router and I can not
get to the internet router so I can not get internet access as shown here;
optical#ping 172.16.0.2
Sending 5, 100-byte ICMP Echos to 172.16.0.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/5/8 ms
optical#ping 172.16.0.1
Sending 5, 100-byte ICMP Echos to 172.16.0.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
So when traffic is originated from the internet router I can get to the optical location router but I can not
get traffic when its originated from the optical location.
I know its something easy so I have attached my configs for your browsing pleasure..
Solved! Go to Solution.
05-09-2009 01:26 PM
Phillip
When you ping from optical to Internet router the source address will be 10.0.0.5 ie. the serial interface of optical. But your Internet router doesn't have a route back to this network.
So either
1) use an extended ping on optical router specifying the source address as fa0/1 interface address ie. 172.16.2.1
OR
2) add route to Internet router -
ip route 10.0.0.4 255.255.255.252 172.16.0.2
Jon
05-09-2009 01:35 PM
Phillip
No problem, happens to us all :-)
When you say you cannot ping the ISP end of the serial link do you mean from the optical router with a source address of 10.0.0.5 ?
If so that is because you haven't included this in your NAT config on the Internet router ie.
ip nat inside source list 1 pool net172 overload
access-list 1 permit 172.16.0.0 0.0.255.255
You need to add this line to access-list 1
access-list 1 permit 10.0.0.4 0.0.0.3
Jon
05-09-2009 01:26 PM
Phillip
When you ping from optical to Internet router the source address will be 10.0.0.5 ie. the serial interface of optical. But your Internet router doesn't have a route back to this network.
So either
1) use an extended ping on optical router specifying the source address as fa0/1 interface address ie. 172.16.2.1
OR
2) add route to Internet router -
ip route 10.0.0.4 255.255.255.252 172.16.0.2
Jon
05-09-2009 01:30 PM
Jon I feel like an idiot.. I reviewed my posts on here and I ased the exact smae question 2 years ago ona different install :) You gave the exact same answer.. Thank you...
Now I can ping the serial interface on the internet router but I can not get to the next hop, the other end of the serial on the internet to get to the internet...
05-09-2009 01:35 PM
Phillip
No problem, happens to us all :-)
When you say you cannot ping the ISP end of the serial link do you mean from the optical router with a source address of 10.0.0.5 ?
If so that is because you haven't included this in your NAT config on the Internet router ie.
ip nat inside source list 1 pool net172 overload
access-list 1 permit 172.16.0.0 0.0.255.255
You need to add this line to access-list 1
access-list 1 permit 10.0.0.4 0.0.0.3
Jon
05-09-2009 01:44 PM
Its always the obvious... I worked the fire department last night from 8-8 so I should not be working on a router this early...
Thank you for the help..
05-09-2009 01:46 PM
Phillip
No problem, glad to have helped and thanks for the ratings.
Jon
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: