cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1627
Views
0
Helpful
3
Replies

Routers cannot communicate with each other...

GulfportMs
Level 1
Level 1

[[{"type":"media","fid":"1327571","view_mode":"default","link_text":null,"attributes":{"alt":"router_setup.jpg","title":"Network Diagram","height":"741","width":"711","class":"image-style-none media-element file-default"}}]]


I have a networking problem that I need some assistance with troubleshooting. The problem stems from a lack of communication between two routers that both have public IPs. Router A and Router B both belong to us. The other routers (see diagram) belong to AT&T.

Router A can ping AT&T router #1. But, router A cannot ping AT&T router #2. Likewise, router A cannot ping router B. In addition, router A cannot ping the AT&T DNS server. However, it can ping the Google DNS server. In fact, it seems to be able to go just about anywhere else on the Internet. I have a laptop with a Verizon cellular card. It can ping Router A fine.

Router B can ping AT&T router #2. It can ping AT&T router #1. It can also ping the firewall (which is on the same network as router A). It can ping both the Google and AT&T DNS servers. The laptop can ping router B. It appears that it can communicate anything except router A.

This suggests to me that there is either something wrong with the configuration on router A or AT&T router #1. I can't get into the AT&T routers, so my only avenue of troubleshooting is working with routers A and B. I'd like to eliminate router A as the problem before I go through the hassle of contacting tech support. Can you spot anything in the sanitized configs below that would cause the communication blackout? Thanks.


Here is a sanitized config for router A:

Building configuration...

Current configuration : 2413 bytes
!
! Last configuration change at 15:57:28 UTC Thu Jul 28 2016
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname routerA
!
boot-start-marker
boot-end-marker
!
!
no logging console
no logging monitor
enable secret 5 $1$lRVH$uZ1FUCnvxaQS9ToF9SAby1
!
no aaa new-model
!
!
!
ip dhcp excluded-address 172.16.0.1
!
ip dhcp pool TEST
network 172.16.0.0 255.255.255.0
default-router 172.16.0.1
dns-server 8.8.8.8 8.8.4.4
!
!
!
ip name-server 8.8.8.8
ip name-server 8.8.4.4
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
license udi pid CISCO1941/K9 sn FTX182280WL
hw-module ism 0
!
!
username itadmin privilege 15 secret 5 $1$0xzx$7xiYCq8kEdeiHNm6UeAp01
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
!
interface GigabitEthernet0/0
ip address 172.16.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 12.xx.xx.3 255.255.255.224
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
no mop enabled
!
interface GigabitEthernet0/0/0
no ip address
shutdown
duplex auto
speed auto
!
router eigrp 10
network 0.0.0.0
network 12.xx.xx.0 0.0.0.31
network 172.16.0.0 0.0.0.255
eigrp router-id 2.2.2.2
!
ip default-gateway 12.xx.xx.1
ip forward-protocol nd
!
no ip http server
ip http access-class 23
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 10 interface GigabitEthernet0/1 overload
ip default-network 12.xx.xx.0
ip route 0.0.0.0 0.0.0.0 12.xx.xx.1
!
!
!
access-list 10 permit 172.16.0.0 0.0.0.255
access-list 23 permit 172.16.0.0 0.0.0.255
!
control-plane
!
!
!
line con 0
login local
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line 67
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
access-class 23 in
privilege level 15
login local
transport input telnet ssh
transport output telnet ssh
line vty 5 15
access-class 23 in
privilege level 15
login
transport input telnet ssh
!
scheduler allocate 20000 1000
!
end


Here is a sanatized config for router B:


Building configuration...

Current configuration : 6566 bytes
!
! Last configuration change at 15:08:22 UTC Thu Jul 28 2016 by itadmin
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname routerB
!
boot-start-marker
boot-end-marker
!
!
no logging console
no logging monitor
!
no aaa new-model
!
ip cef
!
!
!
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool TEST
import all
network 10.10.10.0 255.255.255.248
default-router 10.10.10.1
lease 0 2
!
!
!
ip name-server 12.zz.zz.z7
ip name-server 12.zz.zz.z8
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
username itadmin privilege 15 secret 5 $1$qDPJ$hmX3UqA/AnNv4dRIsmVCe.
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$
ip address 192.168.mm.2 255.255.255.252
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
description UniFiVPN
ip address 192.168.mm.10 255.255.255.252
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/0/0
ip address 12.yy.yy.2 255.255.255.252
no ip proxy-arp
ip flow ingress
ip flow egress
ip nat outside
ip virtual-reassembly in
!
ip forward-protocol nd
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat pool COMM 12.nn.nn.1 12.nn.nn.1 netmask 255.255.255.248
ip nat pool VPN 12.nn.nn.2 12.nn.nn.2 netmask 255.255.255.248
ip nat inside source static esp 192.168.mm.9 interface GigabitEthernet0/1
ip nat inside source route-map COMM pool COMM overload
ip nat inside source route-map VPN pool VPN overload
ip nat inside source static udp 192.168.mm.1 5008 12.nn.nn.1 5008 extendable
ip nat inside source static tcp 192.168.mm.9 22 12.nn.nn.2 22 extendable
ip nat inside source static udp 192.168.mm.9 500 12.nn.nn.2 500 extendable
ip nat inside source static udp 192.168.mm.9 4500 12.nn.nn.2 4500 extendable
ip nat inside source static tcp 192.168.mm.9 8080 12.nn.nn.2 8080 extendable
ip nat inside source static tcp 192.168.mm.9 8443 12.nn.nn.2 8443 extendable
ip route 0.0.0.0 0.0.0.0 12.yy.yy.1
!
access-list 10 permit 192.168.mm.1
access-list 20 permit 192.168.mm.9
access-list 23 permit 192.168.mm.1
access-list 23 permit 10.25.ii.0 0.0.7.255
!
route-map PWCOMM permit 10
match ip address 10
!
route-map UNIFIVPN permit 20
match ip address 20
!
!
!
control-plane
!
!
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------

Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
this session.

It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.

username <myuser> privilege 15 secret 0 <mypassword>

Replace <myuser> and <mypassword> with the username and password you want to
use.

-----------------------------------------------------------------------
^C
banner login ^C
-----------------------------------------------------------------------
Cisco Configuration Professional (Cisco CP) is installed on this device.
This feature requires the one-time use of the username "cisco" with the
password "cisco". These default credentials have a privilege level of 15.

YOU MUST USE CISCO CP or the CISCO IOS CLI TO CHANGE THESE PUBLICLY-KNOWN
CREDENTIALS

Here are the Cisco IOS commands.

username <myuser> privilege 15 secret 0 <mypassword>
no username cisco

Replace <myuser> and <mypassword> with the username and password you want
to use.

IF YOU DO NOT CHANGE THE PUBLICLY-KNOWN CREDENTIALS, YOU WILL NOT BE ABLE
TO LOG INTO THE DEVICE AGAIN AFTER YOU HAVE LOGGED OFF.

For more information about Cisco CP please follow the instructions in the
QUICK START GUIDE for your router or go to http://www.cisco.com/go/ciscocp
-----------------------------------------------------------------------
^C
!
line con 0
login local
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
access-class 23 in
privilege level 15
login local
transport input telnet ssh
transport output telnet ssh
line vty 5 15
access-class 23 in
login local
transport input telnet ssh
transport output telnet ssh
!
scheduler allocate 20000 1000
!
end

3 Replies 3

Hello

On rtr A you have a lot going on which seems to suggest that rtr isn't just connected to ATT1

Conditional, static, dynamic Natting
IGP(eigrp) and static/network defaults

Can you explain what they are doing?

res
Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

I intend router A to be an analog for a remote endpoint. I'm trying to setup a lab so that I can evaluate a site-to-site VPN solution that we are considering deploying. I will be putting some other devices behind router A once its communicating properly. But right now, I'm just working with the router. I did put a simple NAT in router A so that devices that I eventually put behind it can communicate with the outside world. But, that NAT shouldn't come into play here. We're just talking about the WAN facing interface.

Router B, on the other hand, does have a lot going on. But, router B is the one that works. It's router A that can't communicate with the AT&T DNS servers that it should be using. My guess is either I've misconfigured router A or AT&T has misconfigured their router. 

Thank you for your response. I have another update: I connected a laptop in place of router A with the same network configuration (i.e. 12.xx.xx.3/27) as on the routers WAN interface (gi0/1) and it worked perfectly. So, it turns out that there has to be a problem with router A's config. Do you see anything in it that I have done incorrectly?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: