Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
775
Views
0
Helpful
11
Replies

Strange Routing Issue (EIGRP)

tdavis
Level 1
Level 1

‎04-28-2010 07:17 AM - edited ‎03-06-2019 10:50 AM

I have a user that is trying to get to www.defender-usa.com, but everytime the url show to be unavaliable.  I can resolve the address, but everytime I do a ping or traceroute, it keeps trying to route to my IronPort.  I am running a Catalyst 4506 IOS, and have set a static route for the IP address of defender-usa.com to my firewall, which then route out to my provider.  I have tried bypassing the site through the Ironport and the firewall, but it is not even getting there.

Anyone have any clue why my router would try to route the address(defender-usa.com) to my ironport when I have a static route directly to my firewall?

Labels:
0 Helpful
11 Replies 11

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎04-28-2010 07:24 AM

Hello Tim,

being a multilayer switch you need to compare

sh ip route

and CEF related commands like

sh ip cef exact-route address mask detail

and others to see if there is any difference

to verify if the CEF entry is correct or it is using a wrong next-hop.

Also you need to check if any form of Policy Based routing is applied on the L3 interface that receives the packets for the site that could change the IP next-hop to that of the IronPort

Hope to help

Giuseppe

0 Helpful

tdavis
Level 1
Level 1
In response to Giuseppe Larosa

‎04-28-2010 07:34 AM

Here are the details for the commands you requested.  As you can see, the router show the correct path for the ip.

www.defender-usa.com - 216.39.57.107

Firewall (ASA) - 192.168.1.5

RouterA - 192.168.1.1

IronPort - 192.168.5.10

Traceroute

RouterA#traceroute 216.39.57.107

Type escape sequence to abort.
Tracing the route to p12p-i.geo.vip.re4.yahoo.com (216.39.57.107)

  1 192.168.5.10 !H  !H  !H

Show IP Route

RouterA#show ip route 216.39.57.107
Routing entry for 216.39.57.107/32
  Known via "static", distance 1, metric 0
  Routing Descriptor Blocks:
  * 192.168.1.5
      Route metric is 0, traffic share count is 1

Show IP cef

RouterA#sh ip cef 216.39.57.107
216.39.57.107/32
  nexthop 192.168.1.5 Vlan1

0 Helpful

droeun141
Level 1
Level 1
In response to tdavis

‎04-28-2010 07:38 AM

What gateway is configured on your hosts?

0 Helpful

tdavis
Level 1
Level 1
In response to droeun141

‎04-28-2010 07:39 AM

The gateway on the hosts is RouterA - 192.168.1.1.

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to tdavis

‎04-28-2010 11:13 AM

Tim

Can you post router config please ?

Jon

0 Helpful

lamav
Level 8
Level 8

‎04-28-2010 11:59 AM

and clear the route table and CEF entries for that route while you're at it...then check them again

0 Helpful

tdavis
Level 1
Level 1
In response to lamav

‎04-28-2010 12:06 PM

I have cleared the route tables and CEF entries, as well as the mac table.

0 Helpful

lamav
Level 8
Level 8
In response to tdavis

‎04-28-2010 12:14 PM

And I assume things are still messed up.../ OK, are you going to post the routers configs?

0 Helpful

tdavis
Level 1
Level 1
In response to lamav

‎04-28-2010 12:15 PM

Yes, I am putting it together.  I will post it as soon as I can.

0 Helpful

tdavis
Level 1
Level 1
In response to tdavis

‎04-28-2010 12:27 PM

version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service compress-config
!
hostname RouterA
!
boot-start-marker
boot-end-marker
!
logging console errors
enable secret 5 *************
!
username ***** password 0 *****
aaa new-model
!
!
!
!
!
aaa session-id common
clock timezone CST -6
clock summer-time CDT recurring
hw-module module 1 port-group 1 select gigabitethernet
hw-module module 1 port-group 2 select gigabitethernet
ip subnet-zero
ip domain-name domain

!
vtp domain ''
vtp mode transparent
!
!
!
power redundancy-mode redundant
!
!
!
!
!
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
spanning-tree vlan 1-5,8-20,88,110-140 priority 24576
!
vlan internal allocation policy ascending
!
***


***
!
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
***


***
!
router eigrp 1
no auto-summary
network 192.168.0.0 0.0.255.255
!
ip default-gateway 192.168.1.5
ip route 0.0.0.0 0.0.0.0 192.168.1.5
***


***
ip route 216.39.57.107 255.255.255.255 192.168.1.5
no ip http server
no ip http secure-server
!
!
kron occurrence Backup at 23:00 Sat recurring
policy-list Backup
!
kron policy-list Backup
cli show run | redirect tftp://192.168.1.20/RouterA.cfg

!
logging trap errors
logging 192.168.1.20
!
!
***

***
!
!
monitor session 1 source interface Gi4/48
monitor session 1 destination interface Gi3/24
ntp clock-period 17181661

0 Helpful

lamav
Level 8
Level 8
In response to tdavis

‎04-28-2010 12:37 PM

You blocked out too much of the config...I think.

Do you have an interface in the 192.168.0.0/16 network?

your static route points to 1.5.....do you have a route to 1.5?

can you repost the config and block out only secret things....and lets see the route table

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card