02-03-2009 09:26 AM - edited 03-06-2019 03:50 AM
Hello,
I have a bit of a problem. Up until today, we had RIP running on our PTP and frame routers. I migrated to EIGRP and internally everything looks fine, and all devices can contact each other. The only issue I have is a few of our remote offices can not access the internet.
The office affected are the ones directly connected to our main router. The main site has no issues with internet either.
Packets just seem to get to the main router and get dropped.
Here is the main routers config. Some has been edited to fit the post.
interface FastEthernet0/0
description connected to EthernetLAN_1
ip address 192.168.0.254 255.255.255.0
ip policy route-map WWW_Traffic
speed auto
full-duplex
no cdp enable
!
interface Serial0/0
description connection to village
ip address 192.168.108.2 255.255.255.0
no ip mroute-cache
!
interface Serial0/1
description connection to east
ip address 192.168.102.2 255.255.255.0
no ip mroute-cache
fair-queue
!
interface Serial0/1.4
!
interface Serial1/0
description connection to warehouse
ip address 192.168.104.2 255.255.255.0
!
interface Serial1/1
no ip address
encapsulation frame-relay
no fair-queue
frame-relay lmi-type ansi
!
interface Serial1/1.1 point-to-point
ip address 192.168.205.2 255.255.255.0
!
interface Serial1/1.2 point-to-point
description connection to East Hampton
ip address 192.168.105.2 255.255.255.0
frame-relay interface-dlci 17
!
interface Serial1/1.3 point-to-point
description connetcion to watermill
ip address 192.168.103.2 255.255.255.0
frame-relay interface-dlci 18
!
interface Serial1/1.4 point-to-point
description connetcion to tutto
ip address 192.168.110.2 255.255.255.0
frame-relay interface-dlci 19
!
interface Serial1/1.5 point-to-point
description connetcion to tutto
ip address 192.168.110.4 255.255.255.0
shutdown
frame-relay interface-dlci 20
!
router eigrp 10
network 192.168.0.0
network 192.168.102.0
network 192.168.103.0
network 192.168.105.0
network 192.168.108.0
network 192.168.110.0
auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.0.1
no ip http server
!
!
access-list 199 permit tcp any any eq www
access-list 199 permit tcp any any eq 443
access-list 199 permit udp any any eq domain
dialer-list 1 protocol ip permit
!
route-map WWW_Traffic permit 10
match ip address 199
set ip next-hop 192.168.0.15
!
route-map WWW_Traffic permit 20
!
end
Headquarters#
02-03-2009 12:39 PM
Fret:
Assuming these remote sites have no Internet connectivity, whether IP or name addresses are used, you would have to finish verifying the routing.
The spoke defaults to the core, and the core has a policy (which I recommend you put back in place for now so as not to create any new issues) that forwards Internet traffic to the 0.15 FW.
Does that FW have a route back to the source network behind the spoke?
If you're routing has been verified in BOTH directions, hop-by-hop, check to see if there are any ACLs that are blocking traffic to the source subnet behind the spoke.
02-03-2009 01:08 PM
Victor made a good point here. If your firewall was using RIP to learn the internal network, they won't know how to reach the internal network after routing protocol is changed to EIGRP.
02-03-2009 01:49 PM
You were right about the firewall using RIP. For the time being I added static routes to thre firewall. and can ping the network fine from both firewalls.
One thing I did notice is that any of the routers directly connected to the main router can not ping 192.168.0.1 at all. I even added static routes to test this, but still can not get to the firewall. The other networks that can get out outside, can ping that firewall just fine.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide