domain traffic across point to point

Answered Question

I have a routing problem on my point to point routers between my remote office and my main office.

The remote office user logon to my active directory is not working correctly. (the users are not prompted to change there passwords.)

I do not know the commands to direct domain traffic to the servers at my office. i have attached both configs from the routers.

If you have any questions please ask,i need to get this resolved.


Thank you

Shane



Correct Answer by Richard Burts about 7 years 9 months ago

Shane


If pinging the FQDN does resolve the name to an address (and assuming that it resolves to the correct address) then I do not think that it would be a DNS issue. If you ping by address and do not get a response then I believe that it sounds more like a routing issue. I would suggest the following steps as a way of testing to find the problem:

- all of these should be done from a PC in the LAN at the remote site.

- from the PC can you ping the serial interface of the remote site router? This tests that the default gateway of the PC is configured correctly.

- from the PC can you ping the serial interface of the main site router? This tests that the main site can route back to the LAN of the remote site.

- from the PC can you ping the Ethernet interface of the main site router? This is more testing of routing to the remote subnet and routing of responses.

- if the PC can ping to the Ethernet of the main site but can not ping the server, then perhaps there is a problem with the default gateway of the server. So test whether the server can ping the serial interface of the main site router.


Give these a try and let us know what you find.


HTH


Rick

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Richard Burts Wed, 06/10/2009 - 11:43
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Shane


I am not sure that I fully understand the problem. But I do have a couple of suggestions.

- why is there a default route on the remote router which points out the Ethernet0 interface? Is there really a path to outside resources out the Ethernet0 of the remote site? If not remove this default route?

- why are the routers configured with no ip classless? If there is not a particular reason for it I would suggest that you remove this from both routers.

- are the domain controllers at 172.16.3.2 and 3?


HTH


Rick

Ok im lost let me see if i can answer some of your questions.


Default route - 192.168.1.254? if so that is the route that the remote office use for there internet access. At 1 time the remote office did come through the point to point for internet access.


The routers were configure before i began working at this job, if it needs to be removed that sounds fine to me.


the domain controler is 172.16.3.3, the 172.16.3.2 is the DHCP server for the office.


I hope i helped.


Shane

Collin Clark Wed, 06/10/2009 - 12:45
User Badges:
  • Purple, 4500 points or more

Shane-


From a remote workstation can you ping the main site DC's by IP? If yes, can you ping them by name? If yes, can you ping them by FQDN? This sounds like a DNS problem to me.

Correct Answer
Richard Burts Wed, 06/10/2009 - 13:58
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Shane


If pinging the FQDN does resolve the name to an address (and assuming that it resolves to the correct address) then I do not think that it would be a DNS issue. If you ping by address and do not get a response then I believe that it sounds more like a routing issue. I would suggest the following steps as a way of testing to find the problem:

- all of these should be done from a PC in the LAN at the remote site.

- from the PC can you ping the serial interface of the remote site router? This tests that the default gateway of the PC is configured correctly.

- from the PC can you ping the serial interface of the main site router? This tests that the main site can route back to the LAN of the remote site.

- from the PC can you ping the Ethernet interface of the main site router? This is more testing of routing to the remote subnet and routing of responses.

- if the PC can ping to the Ethernet of the main site but can not ping the server, then perhaps there is a problem with the default gateway of the server. So test whether the server can ping the serial interface of the main site router.


Give these a try and let us know what you find.


HTH


Rick

Rick,


Thank you so much for the help. I took your message that you posted and printed it and walked through trouble shooting the problem.


From remote side computer

-i could ping 192.168.255.6 Serial Remote

-i could ping 192.168.255.5 Serial Main

-i could ping 172.16.1.1 Ethernet Main


From Main office

-i could not ping remote serial

-i could not ping main serial

but i could ping both ethernet


To resolve this problem i change the default gateway of the server to point to the router 172.16.1.1, after i made this change i could ping both of the serial interfaces with out any problems.



Thank you again for the help

Shane

Ok after i made the last post i did a little searching around on the 2 routers and the ASA that i have at the main office.


From the way that it looks to me the point to point router on the main office end is sending all traffic to the ASA 172.16.1.254, and the firewall is dropping the traffic. There is a NAT rule on the firewall that changes any 192.168.1.XXX traffic to a 10.1.X.X and this allows traffic to pass to the local network.


If i ping 10.1.3.3 from the remote end i get a reply. (this is the DC for the network.) but if i ping the FQDN or the 172.16.3.3 i get no response from the ping.


This is what i see

Remote end

if i check the "Show Ip route" i have a route for 172.16.0.0/16 via 192.168.255.5

i also have a route on the same router of 10.1.0.0/16 via 192.168.255.5. this route is the address that everyone is using to connect back to one of my terminal servers at my main office.

To me the remote end looks correct other than the 10.1.0.0 route.


The main office end

on the main office end should i not have a 192.168.1.0 route pointing to my DNS server? it does have 0.0.0.0 0.0.0.0 via 172.16.1.254 and a gateway of last resort is 172.16.1.254.


I beleive the problem to be a DNS error but how do i direct traffic from the main office end of the point to point to the DC and the correct DNS addres?


Shane

Actions

This Discussion