We have an MPLS that connects all of these locations. The 192.168 networks have a Cisco 1721 router. The 1.150 location has a Cisco 2811 router and a PIX firewall.
All computers at any Site can ping any other computer or router at any other Site.
However none of the 192.168 routers can ping anything on the 1.150 network. But a computer behind the 192.168 router CAN ping the 1.150 network. And this is where the problem is because I am setting up an Event Log/Syslog Server at Site A and I can?t get any syslog entries from the routers. I can get server logs because the servers sit behind the routers, but nothing from the actual routers since they can?t see the 1.150 network.
I think it has something to do with the firewall or router at Site A but I?m not sure. Site A is corporate so the configs are more complex than the other sites. I can post the firewall and/or router config if needed.
Could you be a bit more specific about what can communicate what. When you do the ping from the routers are you doing an extended ping using the source interface of the routers that connects to the internal LAN at each site ie from site B what happens if you do an extended ping with the source interface of 192.168.1.1 ?
If you haven't done this and the extended ping works then you have no connectivity because th erouter is using it's external address and i'm guessing that there is no route back.
Not quite. When a ping comes from the internal network then the source address will be 192.168.1.x where x is host address of the client.
When you use extended ping from the router you are using 192.168.1.1 as the source address. Your HQ site has routes back to this 192.168.1.0/24 network so your ping works.
I need to check tomorrow at work whether you can specify the source interface when sending syslog messages. If you can't then you need to make sure that your HQ site knows how to route back to subnets on the outside interface of your router ie. the one connected to the MPLS network.
Hi .. as John mentioned the issue you are experiencing is a routing problem and/or access problem.
Unfortunately I don't think you can specify a source IP interfaces for snmp traps. Basically you need to make sure that the syslog server knows how to reach the EXTERNAL INTERFACES .. of the remote routers. In order to do this you would need to check the routing tables on the PIX and also on the 2800 router. Also you need to make sure that you firewall allows snmp from the routers towards the internal server, you might need to configure a static NAT for your syslog server so that it is reachable from the MPLS backbone IP range. Perhaps a topology diagram will provide more info to assist you.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...