cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
671
Views
0
Helpful
5
Replies

Wan, Internet, possible routing issue

phillip
Level 1
Level 1

Ok here is the issue;

2 sites JoeSchmoCo and Optical

Joeschmoco has 2 routers one going to the internet and 1 handling their WAN connections

Optical has 1 router and is a WAN site connected to the Joeschmoco WAN router.

JoeSchmoco routers are named internet and internal

Internet has 1 serial connection to the ISP and ethernet 172.16.0.1

Internal has 2 serial connections and ethernet 172.16.0.2

Optical location has 1 serial to Joeschmoco-internal and ethernet 172.16.2.1

I can get from joeschmoco-internal to optical location and to internet router as shown by the ping commands

here;

JoeSchmoCo-internal#ping 172.16.0.1

Sending 5, 100-byte ICMP Echos to 172.16.0.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms

JoeSchmoCo-internal#ping 172.16.2.1

Sending 5, 100-byte ICMP Echos to 172.16.2.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms

I can get from joeschmo-internet to optical and to internal also as shown here;

JoeSchmoCo-internet#ping 172.16.0.2

Sending 5, 100-byte ICMP Echos to 172.16.0.2, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms

JoeSchmoCo-internet#ping 172.16.2.1

Sending 5, 100-byte ICMP Echos to 172.16.2.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 4/5/8 ms

Now I go to the optical router which is connected via serial interface to the internal router and I can not

get to the internet router so I can not get internet access as shown here;

optical#ping 172.16.0.2

Sending 5, 100-byte ICMP Echos to 172.16.0.2, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 4/5/8 ms

optical#ping 172.16.0.1

Sending 5, 100-byte ICMP Echos to 172.16.0.1, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

So when traffic is originated from the internet router I can get to the optical location router but I can not

get traffic when its originated from the optical location.

I know its something easy so I have attached my configs for your browsing pleasure..

2 Accepted Solutions

Accepted Solutions

Jon Marshall
Hall of Fame
Hall of Fame

Phillip

When you ping from optical to Internet router the source address will be 10.0.0.5 ie. the serial interface of optical. But your Internet router doesn't have a route back to this network.

So either

1) use an extended ping on optical router specifying the source address as fa0/1 interface address ie. 172.16.2.1

OR

2) add route to Internet router -

ip route 10.0.0.4 255.255.255.252 172.16.0.2

Jon

View solution in original post

Phillip

No problem, happens to us all :-)

When you say you cannot ping the ISP end of the serial link do you mean from the optical router with a source address of 10.0.0.5 ?

If so that is because you haven't included this in your NAT config on the Internet router ie.

ip nat inside source list 1 pool net172 overload

access-list 1 permit 172.16.0.0 0.0.255.255

You need to add this line to access-list 1

access-list 1 permit 10.0.0.4 0.0.0.3

Jon

View solution in original post

5 Replies 5

Jon Marshall
Hall of Fame
Hall of Fame

Phillip

When you ping from optical to Internet router the source address will be 10.0.0.5 ie. the serial interface of optical. But your Internet router doesn't have a route back to this network.

So either

1) use an extended ping on optical router specifying the source address as fa0/1 interface address ie. 172.16.2.1

OR

2) add route to Internet router -

ip route 10.0.0.4 255.255.255.252 172.16.0.2

Jon

Jon I feel like an idiot.. I reviewed my posts on here and I ased the exact smae question 2 years ago ona different install :) You gave the exact same answer.. Thank you...

Now I can ping the serial interface on the internet router but I can not get to the next hop, the other end of the serial on the internet to get to the internet...

Phillip

No problem, happens to us all :-)

When you say you cannot ping the ISP end of the serial link do you mean from the optical router with a source address of 10.0.0.5 ?

If so that is because you haven't included this in your NAT config on the Internet router ie.

ip nat inside source list 1 pool net172 overload

access-list 1 permit 172.16.0.0 0.0.255.255

You need to add this line to access-list 1

access-list 1 permit 10.0.0.4 0.0.0.3

Jon

Its always the obvious... I worked the fire department last night from 8-8 so I should not be working on a router this early...

Thank you for the help..

Phillip

No problem, glad to have helped and thanks for the ratings.

Jon

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco