Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco 2821 - routing issue to inside LAN

On April 3rd, I posted a message entitled: Routing, Cisco 2821, problems with copy tftp. Laurent responded correctly saying that I had to tell the router which interface to use for tftp. I have a similar issue with another site. I have an IPSEC tunnel to the site in question from a head office. The tunnel allows all IP traffic from the subnet at the head office to the subnet at the remote site. The edge device at the remote site (a Juniper firewall) is directly connected to a Cisco 2821 whose config I attached to this convesation. I can from the head office telnet to the Juniper-facing interface of the Cisco 2821 ( Going inside the network is a 3750 in IP routing mode and another 2821 (whose interfaces are in the subnet) that I want to telnet to. Now, the inside facing interface of the first 2821 is If I run a traceroute to this IP address from the corp office, the route shows that it hits the Juniper Internet interface and then goes back out to the Internet, not inside to the 2821. This is very puzzling, should not there be an entry for the 2821 that is in the traceroute statements?

New Member

Re: Cisco 2821 - routing issue to inside LAN

I forgot to mention. I re-checked the phase 2 rules and ACLs on the IPSEC tunnel to make sure that they are configured correctly, they are. So, I am confident that it is not a tunnel/firewall issue, but an issue arising from the config on the 2821. But again, I am not certain, since the traceroute should have touched the Juniper-facing interface of the 2821.

Here is the traceroute (sanitized):


Tracing route to over a maximum of 30 hops

1 <1 ms <1 ms <1 ms --- Corp firewall's inside interface

2 11 ms 9 ms 10 ms [] --- Juniper's Internet interface at remote site.

3 12 ms 10 ms 10 ms --- The Juniper facing interface of the 2821.

Trace complete.


Tracing route to over a maximum of 30 hops

1 <1 ms <1 ms <1 ms

2 13 ms 10 ms 9 ms [] --- Juniper's Internet interface interface at remote site

3 10 ms 9 ms 13 ms [] --- The Internet router connected to the Juniper's Internet Interface

4 17 ms 18 ms 28 ms --- The ISP's next hop.

5 * * * Request timed out.

6 * ^C

Cisco 2821 three interfaces

gig0/0/0 - facing inside LAN

gig 0/1 - facing a MetroNet

gig 0/0 - facing the Juniper

New Member

Re: Cisco 2821 - routing issue to inside LAN

I seem to be answering my own question. I looked at the config on the Juniper. There was no route to with the DG of Telnet to works because that interface is directly connected, no route is needed. So, the solution was to add the route. That now makes sense as to why the traceroute did not touch the 2821...there was no route, so it just bounced back out the Juniper's DG.

Re: Cisco 2821 - routing issue to inside LAN

Thanks for updating us!