Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
379
Views
5
Helpful
9
Replies

Routing Question

loyalty
Level 1
Level 1

‎02-17-2003 09:38 AM - edited ‎03-02-2019 05:09 AM

Can someone please explain this to me.

On my Router I have two static routes to subnets on my Partener's Network , Users have no problems connecting to Servers on my Partener's network. Yesterday I started getting complains Users could not connect to a website hosted by my Partener's Network, our internet connection is through a firewall. On my Router I have a default route pointing to the firewall, to fix the problem I included a static route on my router for the website Users had problems with pointing it to my Firewall and this fixed the problem no changes were made on the firewall. Can someone please explain to me why I would need a static route since I already have a default route pointing to my Firewall, here is the config on my router

ip route 192.168.120.0 255.255.255.0 130.64.10.25

ip route 192.168.110.0 255.255.255.0 130.64.10.25

ip route 192.168.130.8 255.255.255.255 130.64.11.3

ip route 0.0.0.0 0.0.0.0 130.64.11.3

Labels:
0 Helpful
9 Replies 9

donewald
Level 6
Level 6

‎02-17-2003 09:57 AM

You should not need a static to 192.168.130.8, like you said, since your default static would get you there (same next-hop 11.3) assuming your not running dynamic routing protols. Since statics are not the only thing you might be having problems with (e.g. dynamic learned routes) you might remove your static and try a "sh ip route 192.168.130.8" and you might find that it's going somewhere else via a dynamic routing protocol.. (just a guess)

Hope this helps,

Don

loyalty
Level 1
Level 1
In response to donewald

‎02-17-2003 10:26 AM

Thanks Don I did think of that before starting this conversation, there was no entry on my routing table for 192.168.130.8 before adding the static route. I am quite sure I have no issues with dynamic routing.

0 Helpful

vincent-n
Level 3
Level 3

‎02-17-2003 08:57 PM

Hi there

I agree with the previous posting about possible dynamic routing problem. I think that it's best if you turn off your static route (you'll have to arrange an outage with your users of course) and carry out a trace route to that paricular IP address to find out whereabouts your routes disappear. I know/heard of situations where an entire network went down because of someone ran dynamic routing protocol on their lab, setup dynamic routing protocol (with higher rpecedence) and sucked an entire routing network into a black hole. It might be that there is someone on the internal network that advertise that IP address for some unknown reason and you did not know about it.

Good luck

0 Helpful

loyalty
Level 1
Level 1
In response to vincent-n

‎02-18-2003 06:33 AM

Thanks Guys for your advice.

I feel its unlikely the problem is with dynamic routing cause the network 192.168.0.0 is not included in my routing process. I tried a test after hours last night I took out all static routes for the 192.168.0.0 and as soon as I did Users could get to the website 192.168.130.8 and when I traced packets they were going through the gateway 130.64.11.3 just like thay would with any other website say yahoo.com. Without the static route for 192.168.130.8 the result of the traceroute is

destination host unreachable.

Thanks for your ideas.

0 Helpful

donewald
Level 6
Level 6
In response to loyalty

‎02-18-2003 06:39 AM

Unless you are doing something, not yet mentioned, this makes no sense thus far. Traffic to your 130.8 host should be taking your 0/0 (default) route unless there is another more specific route to this host. So, some questions.

1. Are you doing any Policy based routing, could this be effecting this?

2. Are you doing any NAT?

3. Anything other service other than packet forwarding your doing might shed some light on this.

4. Are you very certain that your dynamic routing tables do not contain an entry for this destination (130.8)? Even a summary route containing this host would / could break your traffic going to it. "show ip route | include 192.168" might help see this issue on the router in question.

Hope this helps,

Don

0 Helpful

scottmac
Level 10
Level 10

‎02-18-2003 09:06 AM

Can you put an analyzer on the Partner/Web side?

It's possible that the packets from your users are getting there, but the return path is being redirected or logically obstructed.

Can you put up some similar resource on your side and see if your partner's office users can reach your side?

The goal, however you do it, is to confirm the traffic from your network is / is not reaching the other side. If it is, what return parameters are being assigned (route / port) to the return traffic?

- Scott

0 Helpful

loyalty
Level 1
Level 1
In response to scottmac

‎02-18-2003 10:45 AM

My Partener's network has no problems connecting to us neither do we have any problems connecting to resources at their end. The website we have a problem with is avaliable on the internet and like I said we go out the firwall to connect to the internet, I donot think the problem is with routing within the internal Network. I am wondering if this might have to do with the route selection process, is it possible that my router is trying to match the high order bits for 192.168.130.8 and because there is no match it drops the packet rather than send it to the default gateway. Thanks.

0 Helpful

rjackson
Level 5
Level 5
In response to loyalty

‎02-18-2003 01:46 PM

How are you getting to a private IP network over the Internet?

0 Helpful

loyalty
Level 1
Level 1
In response to rjackson

‎02-19-2003 07:29 AM

The addresses I have presented for this conversation aren't our actual addresses, I have used them purely for illustration.

0 Helpful
Customers Also Viewed These Support Documents