Re: Not existing ip address reply

giaaaj · ‎10-31-2003

Hallo:

I have the following problem:

An address that is not existing replies when i ping it. This adress is in a range that is routed dynamically ( Eigrp). The way from my lan to the rang where this non-existing ip Address in is as follows:

Router1 -> PIX -> Router2 ( This router uses NAT to translate My LAN Addresses) -> Router 3 - > Router 4( Hier is the destination LAN where this non-existing ip Address is a part of).

When i ping the Address fro my workstation in My LAn I get this answer:

<

Ping wird ausgeführt für 172.29.3.227 mit 32 Bytes Daten:

Antwort von 172.29.3.227: Bytes=32 Zeit=10ms TTL=254

Antwort von 172.29.3.227: Bytes=32 Zeit<10ms TTL=254

<

After that i will not be able to telnet ( ping works) to the Network devices aftre Router2 ( to Router2 telnet Works).

The debugging Output on Router 2 gives this message that indicates the router does not no a route to this ip address:

<

Oct 31 12:59:28 CET: IP: s=193.222.237.240 (FastEthernet0/0), d=0.0.0.0 (FastEth

ernet0/1), g=172.17.176.2, len 60, forward

Oct 31 12:59:28 CET: ICMP type=8, code=0

Oct 31 12:59:29 CET: IP: s=193.222.237.240 (FastEthernet0/0), d=0.0.0.0 (FastEth

ernet0/1), g=172.17.176.2, len 60, forward

Oct 31 12:59:29 CET: ICMP type=8, code=0

Oct 31 12:59:30 CET: IP: s=193.222.237.240 (FastEthernet0/0), d=0.0.0.0 (FastEth

>

but the show ip route indicates that the router has a route to this ip :

<

Routing entry for 172.29.3.0/24

Known via "eigrp 1200", distance 170, metric 30720, type external

Redistributing via eigrp 1200

Last update from 172.17.176.2 on FastEthernet0/1, 5w5d ago

Routing Descriptor Blocks:

* 172.17.176.2, from 172.17.176.2, 5w5d ago, via FastEthernet0/1

Route metric is 30720, traffic share count is 1

Total delay is 200 microseconds, minimum bandwidth is 100000 Kbit

Reliability 255/255, minimum MTU 1500 bytes

Loading 1/255, Hops 1

>

The Arp Table of Router 4 ( The router where this IP is a part of its LAN) indicates that this address do not exist :

<

TALYG103#sh arp

Protocol Address Age (min) Hardware Addr Type Interface

Internet 172.29.3.254 33 00b0.6499.c621 ARPA Ethernet0/0

Internet 172.29.3.2 - 0002.16e6.84e0 ARPA Ethernet0/0

Internet 172.29.3.3 4 0050.8b5c.3ba0 ARPA Ethernet0/0

Internet 172.29.3.4 4 0006.5b38.3f79 ARPA Ethernet0/0

TALYG103#ping 172.29.3.227

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.29.3.227, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

TALYG103#sh ip rou

TALYG103#sh ip route 172.29.3.227

Routing entry for 172.29.3.0/24

Known via "connected", distance 0, metric 0 (connected, via interface)

Routing Descriptor Blocks:

* directly connected, via Ethernet0/0

Route metric is 0, traffic share count is 1

>

Where is the Problem.

Thanks

Ali

ruwhite · ‎10-31-2003

Where is your workstation attached? Router 1? If the PIX is doing NAT, then how is EIGRP running across the PIX? Also, which router is 172.17.176.2, where does it think it learned the route from?

Russ.W

giaaaj · ‎10-31-2003

Hello RUSSELL,

My Workstation is connected to router 1, and the PIX does not make NAT . Router 2 is doing NAT for my LAN Addresses. The 172.17.176.2 is Router 3 this Router have have an a Subinterface which have an ip address in the same Range of the IP Address Rang of Router 4.

Thanks

ruwhite · ‎11-01-2003

This looks like a NAT problem rather than a routing problem, because of this:

Oct 31 12:59:28 CET: IP: s=193.222.237.240 (FastEthernet0/0), d=0.0.0.0 (FastEth

ernet0/1), g=172.17.176.2, len 60, forward

You are pinging 172.17.176.2, and router 2 seems to think this is locally connected (d=0.0.0.0) with a gateway of the machine you are pinging (g=172.17.176.2)? Hmmm.... Could you check the nat translation table once you've ping'd this, and see what it looks like for that address?

What version of code is this? Somewhere back in my memory, I seem to remember something similar (?).

Russ.W

giaaaj · ‎11-04-2003

Hello Russ.

Iam not pinging 172.17.176.2 , iam actually pinging the adress 172.29.3.227.

Nat translations on router 2

--- 193.222.237.252 193.222.227.177 172.29.3.227 ---

this nat traslation apears after pinging the 172.29.3.227 from my workstation ( 193.222.227.177) .

When i ping an existing address in the same rang i get this translation

--- 193.222.237.252 193.222.227.177 --- ---

Thanks

Ali

ruwhite · ‎11-04-2003

Could you post your NAT config from router 2?

Russ.W

giaaaj · ‎11-04-2003

Hello Russ

The Ip Address 172.17.176.2 is the Fa0/0 of router 3

Config Router 2

**************

hostname Router2

clock timezone CET 1

clock summer-time CET recurring last Sun Mar 2:00 last Sun Oct 3:00

ip subnet-zero

interface Loopback0

ip address 172.17.187.1 255.255.255.255

!

interface FastEthernet0/0

description GIA

ip address 172.17.186.3 255.255.255.224

ip nat inside

no ip route-cache

no ip mroute-cache

duplex auto

speed auto

!

interface FastEthernet0/1

description CUST.B.00 / CUST.M.00

ip address 172.17.188.1 255.255.255.0 secondary

ip address 172.17.176.1 255.255.255.0

ip nat outside

no ip route-cache

no ip mroute-cache

duplex auto

speed auto

!

router eigrp 1200

redistribute static

network 172.17.176.0 0.0.0.255

network 172.17.186.0 0.0.0.31

network 172.17.187.1 0.0.0.0

network 172.17.188.0 0.0.0.255

no auto-summary

no eigrp log-neighbor-changes

!

ip nat translation timeout 28800

ip nat pool in-src 193.222.237.1 193.222.237.254 prefix-length 24

ip nat inside source list in-src-nat pool in-src

ip nat inside source static 192.168.252.3 193.222.236.2

ip nat inside source static 193.222.226.26 193.222.236.26

ip nat inside source static 193.222.233.79 193.222.236.79

ip nat inside source static 193.222.233.158 193.222.236.158

ip nat inside source static 193.222.233.156 193.222.236.156

ip nat inside source static 193.222.226.16 193.222.236.16

ip nat inside source static 193.222.233.161 193.222.236.161

ip nat inside source static 10.128.184.7 193.222.236.241

ip nat inside source static 193.222.233.74 193.222.236.74

ip nat inside source static 193.222.233.147 193.222.236.147

ip nat inside source static 193.222.226.106 193.222.236.106

ip nat inside source static 193.222.226.72 193.222.236.72

ip nat inside source static 193.222.227.14 193.222.236.60

ip nat inside source static 193.222.227.23 193.222.236.23

ip nat inside source static 193.222.226.3 193.222.236.20

ip nat inside source static 193.222.227.19 193.222.236.19

ip nat inside source static 193.222.226.17 193.222.236.17

ip nat inside source static 193.222.226.80 193.222.236.54

ip nat inside source static 193.222.227.25 193.222.236.55

ip nat inside source static 193.222.226.79 193.222.236.56

ip nat inside source static 193.222.226.33 193.222.236.57

ip nat inside source static 193.222.226.58 193.222.236.58

ip nat inside source static 193.222.226.59 193.222.236.59

ip nat inside source static 193.222.226.18 193.222.236.18

ip nat inside source static 193.222.233.66 193.222.236.66

ip nat inside source static 193.222.233.70 193.222.236.70

ip nat inside source static 193.222.224.125 193.222.236.125

ip nat inside source static 193.222.226.90 193.222.236.90

ip nat inside source static 192.168.252.1 193.222.236.1

ip nat inside source static 193.222.233.88 193.222.236.88

ip classless

ip default-network 0.0.0.0

ip route 0.0.0.0 0.0.0.0 172.17.186.1

ip tacacs source-interface Loopback0

no ip http server

!

ip access-list extended in-src-nat

deny ip 172.17.176.0 0.0.0.255 any

deny ip 172.17.186.0 0.0.0.31 any

deny ip host 172.17.187.1 any

deny ip 172.17.188.0 0.0.0.255 any

permit ip any 10.64.0.0 0.15.255.255

permit ip any 172.22.1.0 0.0.0.255

permit ip any 192.168.14.56 0.0.0.3

permit ip any 172.23.1.0 0.0.0.255

permit ip any 192.168.14.48 0.0.0.3

permit ip any 172.29.3.0 0.0.0.255

permit ip any 192.168.14.28 0.0.0.3

permit ip any 141.171.5.176 0.0.0.15

permit ip any 192.168.14.40 0.0.0.3

permit ip any 172.29.6.0 0.0.0.255

permit ip any 192.168.14.64 0.0.0.3

permit ip any 192.168.14.100 0.0.0.3

permit ip any 192.168.14.104 0.0.0.3

permit ip any 172.29.8.0 0.0.0.255

permit ip any 192.168.14.96 0.0.0.3

permit ip any 172.29.7.0 0.0.0.255

permit ip any 192.168.14.88 0.0.0.3

permit ip any 146.119.64.0 0.0.3.255

permit ip any 192.168.0.0 0.0.0.255

permit ip any 194.235.227.0 0.0.0.255

permit ip any 194.235.228.0 0.0.0.255

permit ip any 194.235.229.0 0.0.0.255

permit ip any 192.168.14.72 0.0.0.3

permit ip any 172.29.4.0 0.0.0.255

permit ip any 192.168.14.108 0.0.0.3

deny ip any any

********************************

--

Thanks

Ali

giaaaj · ‎11-04-2003

Config Router 3

**************

hostname Router3

interface FastEthernet0/0

description GIA-C

ip address 172.17.176.2 255.255.255.0

ip nat inside

no ip route-cache

no ip mroute-cache

duplex auto

speed auto

!

interface FastEthernet0/1

description Trunk

no ip address

no ip route-cache

no ip mroute-cache

duplex auto

speed auto

!

interface FastEthernet0/1.211

description SC-OS (Schneeberger)

encapsulation dot1Q 211

ip address 192.168.101.3 255.255.255.0

ip access-group scos-in in

no ip redirects

ip nat outside

no ip route-cache

no ip mroute-cache

!

interface FastEthernet0/1.212

description AMMA-OS (Ammann)

encapsulation dot1Q 212

ip address 172.29.6.7 255.255.255.0

no ip redirects

no ip route-cache

no ip mroute-cache

!

interface FastEthernet0/1.215

description SUL-OS (Sulzer)

encapsulation dot1Q 215

ip address 141.171.5.190 255.255.255.240

no ip redirects

no ip route-cache

no ip mroute-cache

!

interface FastEthernet0/1.216

description MGAG-OS (MAAG GEAR)

encapsulation dot1Q 216

ip address 172.23.1.254 255.255.255.0

no ip redirects

no ip route-cache

no ip mroute-cache

!

interface FastEthernet0/1.217

description MAAG-OS (MAAG PUMP)

encapsulation dot1Q 217

ip address 172.22.1.254 255.255.255.0

no ip redirects

no ip route-cache

no ip mroute-cache

!

interface FastEthernet0/1.218

description sap-test

encapsulation dot1Q 218

ip address 172.29.4.6 255.255.255.0

no ip redirects

no ip route-cache

no ip mroute-cache

!

interface FastEthernet0/1.219

description TALY-OS (Tally Weijl)

encapsulation dot1Q 219

ip address 172.29.3.254 255.255.255.0

no ip redirects

no ip route-cache

no ip mroute-cache

!

interface FastEthernet0/1.221

description Howag-OS

encapsulation dot1Q 221

ip address 172.29.8.254 255.255.255.0

no ip redirects

no ip route-cache

no ip mroute-cache

!

interface FastEthernet0/1.222

description m-real Biberist

encapsulation dot1Q 222

ip address 172.29.7.1 255.255.255.0

no ip redirects

no ip route-cache

no ip mroute-cache

!

interface FastEthernet0/1.223

description Aquameto - Therwil

encapsulation dot1Q 223

ip address 172.16.2.254 255.255.255.0

ip access-group aqua-in in

no ip redirects

ip nat outside

no ip route-cache

no ip mroute-cache

!

interface FastEthernet0/1.277

description Verbindung zum VPN Concentrator

encapsulation dot1Q 277

ip address 172.17.186.33 255.255.255.224

ip access-group vpn-in in

no ip redirects

ip accounting output-packets

ip nat outside

no ip route-cache

no ip mroute-cache

!

router eigrp 1200

redistribute connected

redistribute static

network 172.17.176.0 0.0.0.255

network 172.17.187.2 0.0.0.0

distribute-list EIGRP-1200-out out static

no auto-summary

no eigrp log-neighbor-changes

!

ip nat translation timeout 28800

ip nat pool scos 10.68.0.192 10.68.0.254 prefix-length 24

ip nat pool aqua 10.64.0.96 10.64.0.126 prefix-length 26

ip nat pool sieg 10.64.4.96 10.64.4.126 prefix-length 26

ip nat pool chem 10.64.4.160 10.64.4.190 prefix-length 26

ip nat pool riet 10.64.5.96 10.64.5.126 prefix-length 26

ip nat outside source list aqua-nat pool aqua

ip nat outside source list chem-nat pool chem

ip nat outside source list riet-nat pool riet

ip nat outside source list scos-nat pool scos

ip nat outside source list sieg-nat pool sieg

ip nat outside source static 172.16.2.13 10.64.0.73

ip nat outside source static network 192.168.101.0 10.68.0.0 /25

ip nat outside source static 192.168.14.110 10.64.0.65

ip nat outside source static 192.168.14.109 10.64.0.66

ip nat outside source static 172.16.2.14 10.64.0.67

ip nat outside source static 172.16.2.253 10.64.0.68

ip nat outside source static 172.16.2.10 10.64.0.72

ip nat outside source static 172.16.2.12 10.64.0.71

ip nat outside source static 172.16.2.11 10.64.0.70

ip nat outside source static 10.1.1.210 10.64.4.66

ip nat outside source static 10.1.1.211 10.64.4.67

ip nat outside source static 10.1.1.212 10.64.4.68

ip nat outside source static 10.1.1.150 10.64.4.70

ip nat outside source static 10.1.1.15 10.64.4.71

ip nat outside source static 10.1.1.23 10.64.4.73

ip nat outside source static 10.1.1.24 10.64.4.74

ip nat outside source static 10.1.1.220 10.64.4.76

ip nat outside source static 10.1.1.221 10.64.4.77

ip nat outside source static 10.1.1.222 10.64.4.78

ip nat outside source static 10.1.2.160 10.64.4.79

ip nat outside source static 10.1.1.160 10.64.4.80

ip nat outside source static 10.1.1.151 10.64.4.81

ip nat outside source static 10.1.2.151 10.64.4.82

ip nat outside source static 10.1.1.152 10.64.4.83

ip nat outside source static 10.1.2.152 10.64.4.84

ip nat outside source static 10.1.1.153 10.64.4.85

ip nat outside source static 10.1.2.153 10.64.4.86

ip nat outside source static 10.1.1.161 10.64.4.87

ip nat outside source static 10.1.2.161 10.64.4.88

ip nat outside source static 10.1.1.71 10.64.4.89

ip nat outside source static 10.1.2.71 10.64.4.90

ip nat outside source static 192.168.1.207 10.64.4.138

ip nat outside source static 82.25.23.20 10.64.5.65

ip nat outside source static 82.25.23.21 10.64.5.66

ip nat outside source static 82.25.23.22 10.64.5.67

ip nat outside source static 82.25.23.23 10.64.5.68

ip nat outside source static 82.25.23.11 10.64.5.69

ip nat outside source static 82.25.23.12 10.64.5.70

ip nat outside source static 82.25.23.13 10.64.5.71

ip nat outside source static 82.25.23.14 10.64.5.72

ip nat outside source static 82.25.23.15 10.64.5.73

ip nat outside source static 82.25.8.3 10.64.5.74

ip nat outside source static 82.25.8.4 10.64.5.75

ip nat outside source static 82.25.8.5 10.64.5.76

ip nat outside source static 82.25.8.6 10.64.5.77

ip nat outside source static 82.25.8.12 10.64.5.78

ip nat outside source static 82.25.8.172 10.64.5.79

ip nat outside source static 82.25.23.2 10.64.5.82

ip nat outside source static 82.25.23.4 10.64.5.84

ip nat outside source static 82.25.23.5 10.64.5.85

ip nat outside source static 82.25.23.6 10.64.5.86

ip nat outside source static 82.25.8.9 10.64.5.90

ip nat outside source static 82.25.23.1 10.64.5.91

ip nat outside source static 82.25.23.16 10.64.5.92

ip nat outside source static 82.25.23.24 10.64.5.94

ip classless

ip route 10.1.0.0 255.255.0.0 172.17.186.34

ip route 10.64.0.64 255.255.255.192 FastEthernet0/1.223

ip route 10.64.4.64 255.255.255.192 172.17.186.34

ip route 10.64.4.128 255.255.255.192 172.17.186.34

ip route 10.64.5.64 255.255.255.192 172.17.186.34

ip route 10.68.0.0 255.255.255.0 FastEthernet0/1.211

ip route 82.25.0.0 255.255.0.0 172.17.186.34

ip route 146.119.64.0 255.255.252.0 172.29.7.2

ip route 192.168.0.0 255.255.255.0 172.29.7.2

ip route 192.168.1.0 255.255.255.0 172.17.186.34

ip route 192.168.14.28 255.255.255.252 172.29.3.2

ip route 192.168.14.40 255.255.255.252 141.171.5.179

ip route 192.168.14.48 255.255.255.252 172.23.1.1

ip route 192.168.14.56 255.255.255.252 172.22.1.1

ip route 192.168.14.64 255.255.255.252 172.29.6.1

ip route 192.168.14.68 255.255.255.252 FastEthernet0/1.212

ip route 192.168.14.72 255.255.255.252 172.29.7.2

ip route 192.168.14.76 255.255.255.252 FastEthernet0/1.212

ip route 192.168.14.80 255.255.255.252 FastEthernet0/1.212

ip route 192.168.14.88 255.255.255.252 172.29.7.2

ip route 192.168.14.96 255.255.255.252 172.29.8.1

ip route 192.168.14.100 255.255.255.252 172.29.6.1

ip route 192.168.14.104 255.255.255.252 172.29.6.1

ip route 192.168.14.108 255.255.255.252 172.16.2.14

ip route 194.235.227.0 255.255.255.0 172.29.7.2

ip route 194.235.228.0 255.255.255.0 172.29.7.2

ip tacacs source-interface Loopback0

no ip http server

ip access-list standard EIGRP-1200-out

permit 10.64.0.0 0.15.255.255

permit 172.29.6.0 0.0.0.255

permit 192.168.14.64 0.0.0.3

permit 141.171.5.176 0.0.0.15

permit 192.168.14.40 0.0.0.3

permit 192.168.14.48 0.0.0.3

permit 192.168.14.56 0.0.0.3

permit 172.23.1.0 0.0.0.255

permit 172.22.1.0 0.0.0.255

permit 172.29.3.0 0.0.0.255

permit 192.168.14.28 0.0.0.3

permit 172.29.7.0 0.0.0.255

permit 192.168.14.88 0.0.0.3

permit 146.119.64.0 0.0.3.255

permit 192.168.0.0 0.0.0.255

permit 194.235.227.0 0.0.0.255

permit 194.235.228.0 0.0.0.255

permit 192.168.14.72 0.0.0.3

permit 172.29.8.0 0.0.0.255

permit 192.168.14.96 0.0.0.3

permit 192.168.14.100 0.0.0.3

permit 192.168.14.104 0.0.0.3

permit 172.29.4.0 0.0.0.255

permit 192.168.14.108 0.0.0.3

deny any

!

ip access-list extended aqua-in

permit ip 172.16.2.0 0.0.0.255 193.222.236.0 0.0.1.255

permit ip 172.16.1.0 0.0.0.255 193.222.236.0 0.0.1.255

permit ip 192.168.14.108 0.0.0.3 193.222.236.0 0.0.1.255

permit ip 192.168.14.112 0.0.0.3 193.222.236.0 0.0.1.255

deny ip any any

ip access-list extended aqua-nat

permit ip 172.16.2.0 0.0.0.255 any

permit ip 172.16.1.0 0.0.0.255 any

permit ip 192.168.14.108 0.0.0.3 any

permit ip 192.168.14.112 0.0.0.3 any

deny ip any any

ip access-list extended chem-nat

permit ip 192.168.1.0 0.0.0.255 any

deny ip any any

ip access-list extended riet-nat

permit ip 82.25.0.0 0.0.255.255 any

deny ip any any log

ip access-list extended scos-in

permit ip 192.168.101.0 0.0.0.255 193.222.236.0 0.0.1.255

deny ip any any

ip access-list extended scos-nat

permit ip 192.168.101.0 0.0.0.255 any

deny ip any any

ip access-list extended sieg-nat

permit ip 10.1.0.0 0.0.255.255 any

deny ip any any

ip access-list extended vpn-in

permit ip 172.17.186.32 0.0.0.31 193.222.236.0 0.0.1.255

permit ip 192.168.1.0 0.0.0.255 193.222.236.0 0.0.1.255

permit ip 10.1.0.0 0.0.255.255 193.222.236.0 0.0.1.255

permit ip 82.25.0.0 0.0.255.255 193.222.236.0 0.0.1.255

deny ip any any

giaaaj · ‎11-05-2003

Hi Russ,

Have you found something regarding this problem.

Thanks

Ali