Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

110001: No route to

Hello,

first time, sorry for my english.

so i explain my problem.

i have An ipsec vpn with 2 pix 515 and a router on 1 of this site.

lan_a-->Pix_a--ISP--Pix_b<--Lan_b<--router<--Lan_b2

traffic for lan_a and lan_b, no problem.

traffic for lan_b and lan_b2, no problem

but traffic lan_b2 and lan_a don't work,

i have a route inside in my pix_b.

but i have a stange comportement, because ping was work,

but other traffic don't work, example, when i want telnet on port 25 in lan_a since lan_b2, i have an error in pix_b log

anyone can help me ?

tahnks

23 REPLIES
New Member

Re: 110001: No route to

hello

more detail

in pix log, i have an error

110001 no route to x.x.x.x from y.y.y.

x was in lan_b2

y was in lan_a

thanks

Hall of Fame Super Blue

Re: 110001: No route to

Which pix is this error message showing up on, is it pixb ?

If so can you

1) post output of "sh route" from pixb

AND

2) specify the IP subnet of lan_b2

Jon

New Member

Re: 110001: No route to

Hello jon

Thanks for your reply.

yes, error message on pixb

see sh route on pixb

pixb# sh route

outside 0.0.0.0 0.0.0.0 217.108.xx.xx 1 OTHER static

DMZ 10.10.10.0 255.255.255.0 10.10.10.254 1 CONNECT static

inside 10.10.30.0 255.255.255.0 172.22.56.1 1 OTHER static

inside 172.22.56.0 255.255.255.0 172.22.56.8 1 CONNECT static

outside 217.108.xx.xx 255.255.255.240 217.108.xx.xx 1 CONNECT static

pixb#

subnet of lanb_2 as 10.10.30.0/24

subnet of lanb as 172.22.56.0/24

subnet of lana (remote vpn) as 172.22.57.0/24

error message as :

no route to 10.10.10.38 from 172.22.57.16

thanks

fred

New Member

Re: 110001: No route to

Hello,

Someone help me, please.

Thanks

Frederic

Hall of Fame Super Blue

Re: 110001: No route to

Fred

Apologies for the delay in getting back to you.

Could you just clarify ie.

from your routing table -

inside 10.10.30.0 255.255.255.0 172.22.56.1 1 OTHER static

error message -

no route to 10.10.10.38 from 172.22.57.16

which is the correct subnet ie.

your route is for 10.10.30.x but the error message is about 10.10.10.x ?

Jon

New Member

Re: 110001: No route to

Jon,

Oups, sorry, that an error when i write this post.

the real error message as :

no route to 10.10.30.38 from 172.22.57.16

sorry,

thanks

Frederic

Hall of Fame Super Blue

Re: 110001: No route to

Fred

which device is 172.22.57.16 ?

Can you post configs of both firewalls ?

Jon

New Member

Re: 110001: No route to

Hello

172.22.57.16 as a mail server

in attachement :

Config of firewall pix a

Config of firewall pix b

Config of router b

in same file

"Conf Pix A, Pix B, Router B .txt"

and Network map

i have delete all information you don't need in config (password, IP public, etc..)

Many thanks for your help.

Frederic

New Member

Re: 110001: No route to

Hello Jon,

As you can see my problem ?

Thanks,

Frederic

Hall of Fame Super Blue

Re: 110001: No route to

Frederic

From pix b can you ping 10.10.30.38 ?

Jon

New Member

Re: 110001: No route to

Jon,

Yes i can.

Pix_b# ping 10.10.30.38

10.10.30.38 response received -- 0ms

10.10.30.38 response received -- 0ms

10.10.30.38 response received -- 0ms

Pix_b#

and since pix_a too (that strange)

Pix_a# ping inside 10.10.30.38

10.10.30.38 response received -- 40ms

10.10.30.38 response received -- 30ms

10.10.30.38 response received -- 40ms

Pix_a#

but when i want make an telnet (for example) since 10.10.30.38 to 172.22.57.xx (Lan_a), don't work

i don't understand, because there are no acl was block this traffic, and ip route are ok

Frederic

Hall of Fame Super Blue

Re: 110001: No route to

Frederic

Could you clarify. Are you trying to telnet to 172.22.57.x from 10.10.30.38 ?

If so there may be an issue with your config on pix b. You have this applied to your inside interface on pix b -

access-list inside_access_in permit ip 172.22.56.0 255.255.255.0 any

access-list inside_access_in permit ip 172.22.56.0 255.255.255.0 any

is this a typo as you have the same line twice. You will need the following line in that acl as well

access-list inside_access_in permit ip 10.10.30.0 255.255.255.0 any

Jon

New Member

Re: 110001: No route to

Jon,

exactly, i try telnet 172.22.57.16 (it's a mail server) from 10.10.30.38

yes, is a typo.

my real acl as :

access-list inside_access_in permit ip All-Lan 255.255.255.0 any

object-group network All-Lan

network-object 172.22.56.0 255.255.255.0

network-object 10.10.30.0 255.255.255.0

Frederic

Hall of Fame Super Blue

Re: 110001: No route to

Frederic

Can you run some tests -

1) From mail server 172.22.57.16 can you ping 10.10.30.38 ?

2) From 10.10.30.38 can you ping 172.22.57.16 ?

Jon

New Member

Re: 110001: No route to

Hello,

Yes, it's work for ping

1) From mail server 172.22.57.16 can you ping 10.10.30.38 ?

PING OK

2) From 10.10.30.38 can you ping 172.22.57.16 ?

PING OK

Frederic

Hall of Fame Super Blue

Re: 110001: No route to

Frederic

Do you have telnet running on the mail server ?

If not when you telnet from 10.10.30.38 to 172.22.57.16 try to telnet using port 25 and see what happens.

Jon

New Member

Re: 110001: No route to

Jon,

Yes telnet was open,

is port 25 i try to telnet.

but don't work.

in lan_b, i have a cisco router (gateway of network)

i have make a test,

look

Router_b#ping 172.22.57.16 source fastEthernet 0/1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.22.57.16, timeout is 2 seconds:

Packet sent with a source address of 10.10.30.254

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 36/57/100 ms

Router_b#

Router_b#telnet 172.22.57.16 smtp /source-interface f0/1

Trying 172.22.57.16, 25 ...

% Connection timed out; remote host not responding

Deleting login session

Router_b#

Router_b#telnet 172.22.57.16 smtp /source-interface f0/0.1

Trying 172.22.57.16, 25 ... Open

220 welcome.xxx.com ESMTP Service (Lotus Domino Release 7.0.2FP2) ready at Mon, 22 Jun 2009 14:59:59 +0200

interface FastEthernet0/0.1

encapsulation dot1Q 1 native

ip address 172.22.56.1 255.255.255.0

!

interface FastEthernet0/1

ip address 10.10.30.254 255.255.255.0

!

Frederic

New Member

Re: 110001: No route to

Hello Jon,

As you see ?

Cisco Employee

Re: 110001: No route to

Hey Frederic could you give us the output of a packet-tracer?

Cisco Employee

Re: 110001: No route to

Packet-tracer in your PixB from 10.10.30.38 to 172.22.57.16 using port 25

...packet-tracer input tcp 10.10.30.38 1025 172.22.57.16 25 det

New Member

Re: 110001: No route to

Hello dcambron,

thanks for your help.

i don't know how i can use packet tracer.

in log of PixB i have just this when i want send telnet with port 25

Jun 24 2009 18:16:57: %PIX-6-110001: No route to 10.10.30.38 from 172.22.57.16

while in my configuration of PixB i have

route inside 10.10.30.0 255.255.255.0 172.22.56.1 1

regards

frederic

Cisco Employee

Re: 110001: No route to

This is the command but it works in version 8.0o later.

packet-tracer input tcp 10.10.30.38 1025 172.22.57.16 25 det

New Member

Re: 110001: No route to

ok, but PixB it's a Cisco pix 515E version 6.3(5)

frederic

375
Views
0
Helpful
23
Replies
CreatePlease to create content