access-list 100 permit ip 192.168.0.0 0.0.0.255 any
access-list 100 permit ip 192.168.2.0 0.0.0.255 any
access-list 100 permit ip 192.168.255.0 0.0.0.255 any
access-list 100 deny ip any any
ip nat inside source list 100 interface ATM0 overload
There are no ACLs on routers B and C.
All network routes are visible on the routers via multiple OSPF areas. Also, routers B and C use A as NTP server, and yes, clocks can sync!
- Both B and C can ping and traceroute any Internet address.
- Both B and C can talk to a netflow collector machine on Vlan100.
- Router A can SSH to B, but cannot to C.
- Router B can SSH to A.
- Router C cannot SSH to A.
- Both B and C can ping A, but none ca traceroute to A.
I tried to mirror the Vlan100 and Vlan200 traffic on router A using the "ip traffic-export" command. On the Wireshark machine all I could see were the ICMP echo request/reply packets and the traceroute UDP packets being sent, but no responses were being sent from my Vlan100 address on router A back to either B or C.
... looks like I found what was wrong, and it was indeed something very, very basic.
no ip unreachables
no ip unreachables
That broke traceroute. Regarding SSH, it looks like the source routers I was using were running older IOS and their clients don't support SSH v2. I redid those tests from other routers running newer IOS code and it was all flawless.
I am glad that you were able to solve your own problem. And the issues that you found would certainly cause the symptoms that you describe. Thank you for posting back to the forum telling us what you found and how you fixed the problems. It can be very helpful to other readers when we have this kind of information.
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...