We have a core switch with two fibre lines connecting us through two different ISP's to the internet. These ISP's have provided us with a range of public ip's each. We have a few routers on some of these ip's and they are working fine and we can access them externally (telnet and ssh).
I am now busy setting up two servers, one on each ISP with their respective public ip's. I can ping the core switch and the isp gateways from the servers and from the core. I have triple checked that there are no active firewalls and I can see that the http ports are open and accessible (TcpView). But for the life of me I can not access those servers externally. I am now completely stumped. I do suspect though that it is a routing problem through the core.
And herewith the relevant parts from my Core switch's config:
version 12.2 service tcp-keepalives-in service tcp-keepalives-out ! hostname SMS-CORE ! no aaa new-model clock timezone ZAR 2 no ip source-route ! mls netflow interface mls cef error action reset ! spanning-tree mode pvst spanning-tree portfast edge default ! vlan internal allocation policy ascending ! interface FastEthernet3/25 switchport switchport access vlan 153 switchport mode access ! interface FastEthernet3/31 switchport switchport access vlan 153 switchport mode access ! interface FastEthernet3/35 switchport switchport access vlan 153 switchport mode access ! interface FastEthernet3/37 switchport switchport access vlan 20 switchport mode access ! interface FastEthernet3/47 switchport switchport access vlan 20 switchport mode access ! interface FastEthernet3/48 ip address 192.168.2.2 255.255.255.252 ! interface Vlan1 no ip address ! interface Vlan20 ip address PUBLIC_IP1 255.255.255.240 ! interface Vlan153 ip address PUBLIC_IP2 255.255.255.248 ! ip classless ! ip route 0.0.0.0 0.0.0.0 192.168.2.1 ! ip local policy route-map PUBLIC ! access-list 100 permit ip ISP2_NETWORK 0.0.0.7 any access-list 101 permit ip ISP1_NETWORK 0.0.0.15 any ! route-map PUBLIC permit 10 match ip address 100 set ip default next-hop PUBLIC_GW2 ! route-map PUBLIC permit 20 match ip address 101 set ip default next-hop 192.168.2.1 !
I have changed both routers to now point their gateways to the SVI VLAN of the core switch. It has actually improved the situation somewhat.
When I now do a test from an external PC and do a "telnet server_ip 80" then connection actually seems to connect instead of just timing out as it usually did. Also in a browser I go http://server_ip and something happens, although the page is empty, but no connection errors as before.
I eventually managed to resolve the issue with one of the servers (it turns out that server2's network card was bust, transmits but does not receive). I added a local policy to set the default gateways on the core. Then I added a route-map on the interfaces to set the next hops. I then also had to remove the default gateway as setup on the server and replace it with a few static permanent routes. Everything seemed fine after that.
OverviewCisco Call manager Express has a specialized set of commands
that can be used to enable night service which make it a straightforward
solution. CUCM also rich of many options and features that we can be
used to achieve the night service in differe...
OverviewNowadays the global market requires companies to be available
and communicating globally across multiple geographical locations and
regions. Consequently, there is a significant growth in the amount of
companies that have global presence. As a res...
In today’s modern networks the interaction between applications and
network infrastructures is increasingly important for service providers,
content providers and enterprise businesses. The more network operators
can interact with the network the more opt...