Solved: Routing and or DNS issue

agrayson · ‎04-14-2004

I have a edge router 2651 IOS 12.2(17)connected to a non cisco USLEC router via frame-relay. This connects to the internet. I have a few web sites and mail servers that we can not connect to by name or IP unless I add a static route for them. I am running RIP-2 as a protocol and for the most part we can get to 99 % of all internet sites and mail servers except for a few. I will upgrade the IOS to 12.2(23) and reload then see what happens. The next hop which is USLEC my internet connection can connect to the sites that I have had to add static IPs for and when you do a tracert/traceroute it dies at my edge router which connects to USLEC. We have put in their DNS servers in our DNS for forwarders. Is this a routing problem or DNS or a combination...any help please...seems like a routing problem with the my router

cajalat · ‎04-16-2004

First of all you have a point to point link with your upstream which means that they can pass routes to you by either advertising them via a routing protocol OR by doing static routes to you. I find it strange that they would use RIP to pass routes to you especially on a single connection (you're not dual homed with your ISP are you?). So assuming they're pointing to you via static (which most ISP's typically do) then you don't need either ospf or rip. Setting a default route to them like you've done and static routes to your internal network should work just fine. So these lines aren't necessary:

ip route 63.71.11.91 255.255.255.255 63.243.59.137

ip route 63.88.172.66 255.255.255.255 63.243.59.137

ip route 63.90.9.6 255.255.255.255 63.243.59.137

ip route 63.126.135.170 255.255.255.255 63.243.59.137

ip route 63.146.184.16 255.255.255.255 63.243.59.137

ip route 63.172.80.24 255.255.255.255 63.243.59.137

ip route 63.240.200.96 255.255.255.255 63.243.59.137

You should be able to delete those because you have a default route set to 63.243.59.137 for anything that you don't know about.

Now regarding setting static routes to your internal network...there is where your issue might be. I noticed that you are pointing 10/8 and 192.168/16 towards 199.72.86.177. Your router also knows about 199.72.86.177-199.72.86.190 which in this case is a directly connected network. Your router currently thinks that any packets destined for anything outside that range but within 199.72.86/24 must exist via the default route. i.e. any routes that point to 199.72.86.0-199.72.86.175 and 199.72.86.192-199.72.86.255. Is that your intention? If not then you'll need to add a static route towards wherever the rest of that network lives. I only mentioned that because you have a filter to acceprt the /24 for that network (ACL 112). By the way, ACL 112 is letting all IP traffic through regardless.

Casey

View solution in original post

cdfowlie · ‎04-21-2004

In your config posted, you have "no ip classless" configured. To make this work properly, you will require "ip classless"

I think you have have it in there backwards.

HTH

-Colin

View solution in original post

apaxson · ‎04-14-2004

If you ping the fully qualified domain name (FQDN), do you get back an IP Address? If so, you are looking at a network issue (probably routing), and DNS is working fine.

If your tracert dies at your edge router, it sounds like the USLEC isn't routing correctly, or that your default route in your edge router is not going to the USLEC.

cdfowlie · ‎04-15-2004

Another thing to check is if the websites/servers that you can't reach are located in the same classful network as an interface on your edge router. If this is the case, make sure that "ip classess" is turned on in the router. I've seen situations where sites that are cached (i.e. using Akamai etc.) cannot be reached as the requests are redirected to a cache engine of some kind in the same classful network.

agrayson · ‎04-15-2004

Thanks

Yes that was the first thing I did. I did notice that most of the sites I am having to set static routes for are in the 63.x.x.x whatever range. As you can see from my config I have set no ip classless. I am somewaht convenced that it is a RIP thing and since I conect to a non cicso router I am going to call USLEC again and ask what would be the best protocol to use.....which I have done 2 times and they said RIP...but as you can see I started to configure OSPF...Thanks again ...any other ideals

User Access Verification

Password:

xxxxx

Password:

xxxxx#show run

Building configuration...

Current configuration : 2465 bytes

!

version 12.2

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname NORFOLK2651

!

enable secret xxxxx

enable password xxxxx

!

ip subnet-zero

no ip source-route

!

ip name-server 66.255.85.8

ip name-server 66.255.85.9

ip name-server 199.72.1.1

ip name-server 207.59.1.1

ip name-server 66.255.85.10

ip name-server 66.255.85.11

!

no ip bootp server

!

interface FastEthernet0/0

no ip address

shutdown

speed auto

full-duplex

!

interface Serial0/0

no ip address

ip access-group 111 in

ip access-group 110 out

encapsulation frame-relay IETF

no fair-queue

frame-relay lmi-type ansi

!

interface Serial0/0.1 point-to-point

ip address 63.x.x.x.x.255.252

ip access-group 111 in

ip access-group 110 out

frame-relay interface-dlci 137

!

interface FastEthernet0/1

ip address 199.72.x.x.x.255.240

ip access-group 112 in

speed auto

full-duplex

!

interface FastEthernet0/1.1

!

router ospf 1

log-adjacency-changes

network 63.243.x.x.x.0.3 area 0

network 199.72.x.x.x.0.15 area 0

!

router rip

version 2

network 63.0.0.0

network 199.72.86.0

!

no ip classless

ip route 0.0.0.0 0.0.0.0 63.243.59.137

ip route 10.0.0.0 255.0.0.0 199.72.86.177

ip route 63.71.11.91 255.255.255.255 63.243.59.137

ip route 63.88.172.66 255.255.255.255 63.243.59.137

ip route 63.90.9.6 255.255.255.255 63.243.59.137

ip route 63.126.135.170 255.255.255.255 63.243.59.137

ip route 63.146.184.16 255.255.255.255 63.243.59.137

ip route 63.172.80.24 255.255.255.255 63.243.59.137

ip route 63.240.200.96 255.255.255.255 63.243.59.137

ip route 192.168.0.0 255.255.0.0 199.72.86.177

no ip http server

!

access-list 111 deny ip 192.168.0.0 0.0.255.255 any

access-list 111 deny ip 172.16.0.0 0.15.255.255 any

access-list 111 deny ip 10.0.0.0 0.255.255.255 any

access-list 111 deny ip 127.0.0.0 0.255.255.255 any

access-list 111 deny ip 255.0.0.0 0.255.255.255 any

access-list 111 deny ip 224.0.0.0 7.255.255.255 any

access-list 111 deny ip host 0.0.0.0 any

access-list 111 deny tcp any host 63.243.59.138 eq telnet

access-list 111 deny tcp any host 199.72.86.178 eq telnet

access-list 111 permit ip any any

access-list 112 permit ip 199.72.86.0 0.0.0.255 any

access-list 112 permit ip 192.168.0.0 0.0.255.255 any

access-list 112 permit ip any any

!

line con 0

password xxxx

login

line aux 0

line vty 0 4

password xxxxx

login

line vty 5 15

login

!

end

NORFOLK2651#

cajalat · ‎04-16-2004

First of all you have a point to point link with your upstream which means that they can pass routes to you by either advertising them via a routing protocol OR by doing static routes to you. I find it strange that they would use RIP to pass routes to you especially on a single connection (you're not dual homed with your ISP are you?). So assuming they're pointing to you via static (which most ISP's typically do) then you don't need either ospf or rip. Setting a default route to them like you've done and static routes to your internal network should work just fine. So these lines aren't necessary:

ip route 63.71.11.91 255.255.255.255 63.243.59.137

ip route 63.88.172.66 255.255.255.255 63.243.59.137

ip route 63.90.9.6 255.255.255.255 63.243.59.137

ip route 63.126.135.170 255.255.255.255 63.243.59.137

ip route 63.146.184.16 255.255.255.255 63.243.59.137

ip route 63.172.80.24 255.255.255.255 63.243.59.137

ip route 63.240.200.96 255.255.255.255 63.243.59.137

You should be able to delete those because you have a default route set to 63.243.59.137 for anything that you don't know about.

Now regarding setting static routes to your internal network...there is where your issue might be. I noticed that you are pointing 10/8 and 192.168/16 towards 199.72.86.177. Your router also knows about 199.72.86.177-199.72.86.190 which in this case is a directly connected network. Your router currently thinks that any packets destined for anything outside that range but within 199.72.86/24 must exist via the default route. i.e. any routes that point to 199.72.86.0-199.72.86.175 and 199.72.86.192-199.72.86.255. Is that your intention? If not then you'll need to add a static route towards wherever the rest of that network lives. I only mentioned that because you have a filter to acceprt the /24 for that network (ACL 112). By the way, ACL 112 is letting all IP traffic through regardless.

Casey

cdfowlie · ‎04-21-2004

In your config posted, you have "no ip classless" configured. To make this work properly, you will require "ip classless"

I think you have have it in there backwards.

HTH

-Colin

agrayson · ‎04-21-2004

You are correct...with no IP classless it will drop the packet...so I have corrected it to IP classless....I am connecting to a Juniper M20 and I now have the correct config I believe....I also removed OSPF and the only routing protocol I am running againg is RIP-2.

Thanks for your help