Strange Routing Issue (EIGRP)

Unanswered Question

I have a user that is trying to get to www.defender-usa.com, but everytime the url show to be unavaliable.  I can resolve the address, but everytime I do a ping or traceroute, it keeps trying to route to my IronPort.  I am running a Catalyst 4506 IOS, and have set a static route for the IP address of defender-usa.com to my firewall, which then route out to my provider.  I have tried bypassing the site through the Ironport and the firewall, but it is not even getting there.


Anyone have any clue why my router would try to route the address(defender-usa.com) to my ironport when I have a static route directly to my firewall?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Giuseppe Larosa Wed, 04/28/2010 - 07:24
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Tim,

being a multilayer switch you need to compare


sh ip route


and CEF related commands like


sh ip cef exact-route address mask detail


and others to see if there is any difference


to verify if the CEF entry is correct or it is using a wrong next-hop.


Also you need to check if any form of Policy Based routing is applied on the L3 interface that receives the packets for the site that could change the IP next-hop to that of the IronPort



Hope to help

Giuseppe

Here are the details for the commands you requested.  As you can see, the router show the correct path for the ip.


www.defender-usa.com - 216.39.57.107

Firewall (ASA) - 192.168.1.5

RouterA - 192.168.1.1

IronPort - 192.168.5.10


Traceroute

RouterA#traceroute 216.39.57.107


Type escape sequence to abort.
Tracing the route to p12p-i.geo.vip.re4.yahoo.com (216.39.57.107)


  1 192.168.5.10 !H  !H  !H


Show IP Route

RouterA#show ip route 216.39.57.107
Routing entry for 216.39.57.107/32
  Known via "static", distance 1, metric 0
  Routing Descriptor Blocks:
  * 192.168.1.5
      Route metric is 0, traffic share count is 1


Show IP cef

RouterA#sh ip cef 216.39.57.107
216.39.57.107/32
  nexthop 192.168.1.5 Vlan1

Jon Marshall Wed, 04/28/2010 - 11:13
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Tim


Can you post router config please ?


Jon

lamav Wed, 04/28/2010 - 11:59
User Badges:
  • Blue, 1500 points or more

and clear the route table and CEF entries for that route while you're at it...then check them again

lamav Wed, 04/28/2010 - 12:14
User Badges:
  • Blue, 1500 points or more

And I assume things are still messed up.../ OK, are you going to post the routers configs?

version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service compress-config
!
hostname RouterA
!
boot-start-marker
boot-end-marker
!
logging console errors
enable secret 5 *************
!
username ***** password 0 *****
aaa new-model
!
!
!
!
!
aaa session-id common
clock timezone CST -6
clock summer-time CDT recurring
hw-module module 1 port-group 1 select gigabitethernet
hw-module module 1 port-group 2 select gigabitethernet
ip subnet-zero
ip domain-name domain


!
vtp domain ''
vtp mode transparent
!
!
!
power redundancy-mode redundant
!
!
!
!
!
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
spanning-tree vlan 1-5,8-20,88,110-140 priority 24576
!
vlan internal allocation policy ascending
!
***



***
!
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
***



***
!
router eigrp 1
no auto-summary
network 192.168.0.0 0.0.255.255
!
ip default-gateway 192.168.1.5
ip route 0.0.0.0 0.0.0.0 192.168.1.5
***



***
ip route 216.39.57.107 255.255.255.255 192.168.1.5
no ip http server
no ip http secure-server
!
!
kron occurrence Backup at 23:00 Sat recurring
policy-list Backup
!
kron policy-list Backup
cli show run | redirect tftp://192.168.1.20/RouterA.cfg


!
logging trap errors
logging 192.168.1.20
!
!
***


***
!
!
monitor session 1 source interface Gi4/48
monitor session 1 destination interface Gi3/24
ntp clock-period 17181661

lamav Wed, 04/28/2010 - 12:37
User Badges:
  • Blue, 1500 points or more

You blocked out too much of the config...I think.


Do you have an interface in the 192.168.0.0/16 network?


your static route points to 1.5.....do you have a route to 1.5?


can you repost the config and block out only secret things....and lets see the route table

Actions

This Discussion