Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1195
Views
0
Helpful
10
Replies

show ip cef shows routes to inetrnal network

Go to solution
mahesh18
Level 6
Level 6

‎07-18-2016 12:21 PM - edited ‎03-08-2019 06:41 AM

Hi Everyone,

Here is setup

-----PC----------SW1-----------Firewall--Doing PAT ---------------------------Cisco Router1  ----------gi0/0/1------Cisco Router1-gi0/0/0 ----------------ISP

 ---------------------------

Cisco Router 1 is running HSRP on interface gi0/0/1 with nei routeras shown below

#show standby
GigabitEthernet0/0/1 - Group 1
  State is Active
    10 state changes, last state change 2w3d
  Virtual IP address is 192.40.140.210
  Active virtual MAC address is 0000.0c07.ac01 (MAC In Use)
    Local virtual MAC address is 0000.0c07.ac01 (v1 default)
  Hello time 3 sec, hold time 10 sec
    Next hello sent in 2.144 secs
  Preemption enabled
  Active router is local
  Standby router is 192.40.140.212, priority 100 (expires in 8.800 sec)
  Priority 105 (configured 105)
    Track object 1 state Up decrement 10
  Group name is "hsrp-Gi0/0/1-1" (default)

Firewall is doing PAT and inside address of user PC say 192.168.50.x is translated to the Firewall Public IP address.

When on internet router I do show ip route 192.168.50.1 I get message

show ip route 192.168.50.1
% Network not in table

When I do

show ip cef 192.168.50.1
0.0.0.0/0
  nexthop 192.40.140.212 GigabitEthernet0/0/1

Need to understand why the Router is showing next hop as IP address of standby  HSRP Router?

Regards

MAhesh

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee

‎07-18-2016 12:34 PM

Hi MAhesh,

The outputs of show ip route and show ip cef on your internet router suggest that it has a default route configured, and the default route points to 192.40.140.212. Technically, I do not see any problem with that. Assuming that the firewall does its PAT job properly, the internet router should not know anything about 192.168.50.1, and as every unknown IP address, it resolves to the router's default route.

If this does not answer your question, then I must admit I do not understand the ASCIIart picture of your network, and that's why I may be missing the problem. Can you redraw the picture using either Dia or other network diagram tool and post it here? It would make your situation much more understandable.

Best regards,
Peter

View solution in original post

0 Helpful

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame
In response to mahesh18

‎07-19-2016 12:25 PM

Hi Mahesh,

Ok, Than the behavior you are seeing is correct.  And as Peter also noted the the Internet routes don't know anything about 192.168.50.x address segment.

Thanks,

Reza

View solution in original post

0 Helpful
10 Replies 10

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee

‎07-18-2016 12:34 PM

Hi MAhesh,

The outputs of show ip route and show ip cef on your internet router suggest that it has a default route configured, and the default route points to 192.40.140.212. Technically, I do not see any problem with that. Assuming that the firewall does its PAT job properly, the internet router should not know anything about 192.168.50.1, and as every unknown IP address, it resolves to the router's default route.

If this does not answer your question, then I must admit I do not understand the ASCIIart picture of your network, and that's why I may be missing the problem. Can you redraw the picture using either Dia or other network diagram tool and post it here? It would make your situation much more understandable.

Best regards,
Peter

0 Helpful

Go to solution
mahesh18
Level 6
Level 6
In response to Peter Paluch

‎07-19-2016 10:05 AM

Hi Peter,

I have attached the diagram.

Regards

MAhesh

0 Helpful

Go to solution
mahesh18
Level 6
Level 6
In response to Peter Paluch

‎07-19-2016 10:26 AM

Hi Peter,

On Cisco ASR1 when I check the config via show run it does not show any default static route configured.

This Router is BGP nei to ISP1.

When I do the command show ip route it shows 

Gateway of last resort is 192.40.140.212 to network 0.0.0.0  

with all the BGP routes .

Need to understand if default route is not configured statically why it is showing  Gateway of last resort is 192.40.140.212 to network 0.0.0.0   ?

This router is running HSRP on interface 0/0/1.

Diagram is attached.

Regards

MAhesh

0 Helpful

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame
In response to mahesh18

‎07-19-2016 10:26 AM

Hi Mahesh,

Please take a look at the PDF you posted.  There are several pages in the document and the drawing is in multiple pages and hard to understand what is connecting to what.

Please put everything in one page and post again.

Thanks,

Reza

0 Helpful

Go to solution
mahesh18
Level 6
Level 6
In response to Reza Sharifi

‎07-19-2016 10:52 AM

Here is MS word of diagram attached.

Thanks for correction Reza!

Preview file
96 KB
0 Helpful

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame
In response to mahesh18

‎07-19-2016 11:21 AM

Thanks Mahesh!

It looks good now.

On Cisco ASR1 when I check the config via show run it does not show any default static route configured.

This Router is BGP nei to ISP1.

When I do the command show ip route it shows 

Gateway of last resort is 192.40.140.212 to network 0.0.0.0  

with all the BGP routes .

It maybe you are getting the full BGP routing table and so there is no default route configured on the ASRs. Is there a default route on the firewalls?

If that is the case than is the user gateway for 192.168.50.x on the firewalls?

Reza

0 Helpful

Go to solution
mahesh18
Level 6
Level 6
In response to Reza Sharifi

‎07-19-2016 11:50 AM

Hi Reza,

Yes we are getting full BGP routes from the ISP.

Firewall has default route pointing to the ASR inside interface IP address.

PC does not have default gateway on Firewall it is behind the switch which is not shown in diagram.

Regards

MAhesh

0 Helpful

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame
In response to mahesh18

‎07-19-2016 12:25 PM

Hi Mahesh,

Ok, Than the behavior you are seeing is correct.  And as Peter also noted the the Internet routes don't know anything about 192.168.50.x address segment.

Thanks,

Reza

0 Helpful

Go to solution
mahesh18
Level 6
Level 6
In response to Reza Sharifi

‎07-21-2016 07:37 PM

Many thanks Reza and peter. Best Regards Mahesh
0 Helpful

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee
In response to mahesh18

‎07-22-2016 01:22 AM

Hi Mahesh,

You are welcome - just one observation:

show ip cef 192.168.50.1
0.0.0.0/0
  nexthop 192.40.140.212 GigabitEthernet0/0/1

This output suggests that the router you have entered this command on has a default route pointing to 192.40.140.212.

The show ip route X.X.X.X command does not perform matching against the default route. If the only route in your routing table that matches the X.X.X.X is the default route then the show ip route will tell you that tne network is not in table. In short, show ip route looks for more specific matches than a default route.

Conversely, show ip cef X.X.X.X always shows you the best matching route, even if it is a default route. Hence, what the show ip cef told you is definitely true, and it is clear that it is a default route.

Now, you have said that there is no default route in your network setup - is it possible that you've made a mistake here?

Best regards,
Peter

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card