×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Weird routing/traceroute problem

Unanswered Question
Mar 4th, 2014
User Badges:

Guys,


Routing.jpg


When I do a traceroute from PC2 to PC1 it does not resolve successfully and follows the following steps:

     PC2

     2851/2

     2851/1

     * * *


     * * *


     * * *


When I do a traceroute from 2851/2 to PC1 it does resolve successfully and follows the following steps:

     2851/2

     2851/1

     PC1 Public IP

     PC1 Loopback IP


When I do a traceroute from 2851/1 to PC1 it does resolve successfully and follows the following steps:

     2851/1

     PC1 Public IP

     PC1 Loopback IP


When I do a traceroute from PC3 to PC1 it does resolve successfully and follows the following steps:

     2851/1

     PC1 Public IP

     PC1 Loopback IP


2851/2 has the following static routes:

     ip route 0.0.0.0 0.0.0.0 gateway1_ip 100 permanent

     ip route 40.0.0.0 255.0.0.0 192.168.1.81 30

     ip route 50.0.0.0 255.0.0.0 192.168.1.81 30

     ip route 192.168.11.0 255.255.255.0 192.168.1.81 30

     ip route 192.168.21.0 255.255.255.0 192.168.1.81 30

     ip route 192.168.31.0 255.255.255.0 192.168.1.81 30

     ip route 192.168.51.0 255.255.255.0 192.168.1.81 30


2851/1 has the following static routes:

     ip route 0.0.0.0 0.0.0.0 gateway2_ip 100 permanent

     ip route 40.0.0.0 255.0.0.0 192.168.1.80 30

     ip route 50.0.0.0 255.0.0.0 192.168.1.80 30

     ip route 192.168.11.0 255.255.255.0 192.168.1.80 30

     ip route 192.168.21.0 255.255.255.0 192.168.1.80 30

     ip route 192.168.31.0 255.255.255.0 192.168.1.80 30

     ip route 192.168.51.0 255.255.255.0 192.168.1.80 30


I am stumped ! Why would PC2 to PC1 not resolve ?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
cadet alain Tue, 03/04/2014 - 02:28
User Badges:
  • Purple, 4500 points or more

Hi,

when  2851/2 receives a packet destined to PC1 it sends to 2851/1 according to this routing entry:

ip route 40.0.0.0 255.0.0.0 192.168.1.81 30

when 2851/1 receives the packet it sends back to 2851/2 according to this route entry:

ip route 40.0.0.0 255.0.0.0 192.168.1.80 30

So you are experiencing a routing loop.

If you are using EZVPN you should use the Reverse Route injection feature to install the route to PC1 and not use this static route pointing back to the other router.

Can you show us the output of sh ip route on 2851/1 ?


Regards


Alain



Don't forget to rate helpful posts.

OliverDarvall Wed, 03/05/2014 - 01:17
User Badges:

Alain, that is not quite correct. The "directly connected" routes will be used/tried first before the static routes come into play. So the PC's that are connected through the Easy Vpn connections will be routed to first, if none can be found then only does it get routed to the static routes. This is a simple form of fail over and is working quite well for us.

cadet alain Wed, 03/05/2014 - 02:02
User Badges:
  • Purple, 4500 points or more

Hi,

Correct, I had not read the post as I should have, sorry.


Regards


Alain



Don't forget to rate helpful posts.

OliverDarvall Thu, 03/06/2014 - 22:59
User Badges:

I solved my problem, phew !


Someone made a change to the crypto acl on the main router and changed the mask from 0.0.255.255 to 0.0.0.255. I am not entirely sure why it only affected a select few of my clients, but at least everything is working now again.

Actions

This Discussion