Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Default Route Issue

Hi,

I am experiencing a interesting problem with my default route on my router. As an example, I have a default route pointing to 192.168.1.254, i.e "ip route 0.0.0.0 0.0.0.0 192.168.1.254"

There are a few address that do not go to the default gateway automatically. However, if I put in their route "ip route 10.1.1.34 255.255.255.255 192.168.1.254" then they can be routed correctly. If I take them out, the traffic cannot be routed. However, address before and after it are ok, i.e 10.1.1.33 or 10.1.1.35 do not need to put a route to the gateway and they can be routed correctly but for 10.1.1.34, I must put in a static route to the gateway if not the traffic will just stop at the router.

Anyone know what could be the problem?

Daniel.

23 REPLIES
Purple

Re: Default Route Issue

Hi Daniel,

Can you try applying the command 'ip classless' to your router and then checking if that makes it work. I suspect your router may be behaving in a classful fashion.

Paresh.

New Member

Re: Default Route Issue

The ip classless command is already there. Actually the router has been running fine. Not sure when this started, it is only recently that we realise that we can't connect to some machines and after much trouble shooting, we found this issue. It took us a while to realise as we would expect any route not stated will go to the default route which did not happen for this case. Only after explicitly putting in the route then it can work. Very puzzled!

Thanks for your help anyway. Any other area I can look into?

Daniel

New Member

Re: Default Route Issue

Hi Daniel,

I'm a bit confused!

Router has default route out of the network.OK

The Lan ip address for the router is what?

Is 10.1.1.34,34 and 35 client machines?

Where are you configuring the routes?

New Member

Re: Default Route Issue

Sorry for the confusion, I am just using some ip as an example. Basically what is happening is that some of my router traffic is not going to the default route and only after explicitly putting in the route to point to the default gateway then they get routed correctly. If not the traffic just drop at the router. The router was working fine and this started only recently.

As to the .33 .34 and .35 thingy, I was trying to illustrate that the ip in concern here which can't be routed with a static route have neighbouring ip address working fine. It is just a few ip that is giving this problem. Meaning, if I can't route traffic to 10.1.1.34, I need to add a static route but for 10.1.1.33 and 10.1.1.35, they can be routed out without the static route as they use the default route. The ips are all on the same network.

Hope that clear the confusion. Thanks!

Daniel

New Member

Re: Default Route Issue

Thanks for clearing that up. Yep, does sound odd.

Can you try an extended ping and traceroute from the router for the affected address without the host route configured.

You can do the extended ping by typing "ping" and follow the options. Change the source addess to the affected address 10.1.1.34.

Cheers

Sarb

New Member

Re: Default Route Issue

From a PC when I ping to the affected addresses, if the static route is not added, I will get time out but if I put in the static route, it will be ok. When I do a trace from the PC to the affected addresses, if the static route is not added, the trace will reach the router and die from there on. If I put in the static route, it will go to the next hop which is a firewall and from there reach its destination.

Could it be a hardware issue??

Daniel

New Member

Re: Default Route Issue

Hi Daniel,

Please check the route for the particular IP/Subnet which you are pointing to.

For eg.

sh ip route 10.1.1.34

There may be a static or dynamically learnt route for that particular IP/subnet. This may be causing the problem for you. Request you to post the output of show ip route command incase if this does not work.

Rgds,

Naveen B

New Member

Re: Default Route Issue

Ok, forget about the 10.1.1.34 ip. Here is the route entries on the router

ip classless

ip route 0.0.0.0 0.0.0.0 10.1.20.21

ip route 192.168.77.197 255.255.255.255 10.1.22.250

ip route 192.168.77.198 255.255.255.255 10.1.22.250

ip route 192.168.77.246 255.255.255.255 10.1.20.21

ip route 192.168.75.134 255.255.255.255 10.1.22.250

ip route 192.168.173.99 255.255.255.255 10.1.20.21

ip route 192.168.173.118 255.255.255.255 10.1.22.250

ip route 205.183.246.0 255.255.255.0 10.1.9.253

ip route 206.190.105.208 255.255.255.255 10.1.1.148

ip route 206.190.105.210 255.255.255.255 10.1.1.148

ip route 208.134.161.0 255.255.255.0 10.1.9.253

If you notice, there are 2 routes that points to the default gateway, 192.168.77.246 and 192.168.173.99 . These are the problem ip. There is another one that I have removed to show the sh ip route. See below

sh ip route 192.168.77.193

% Subnet not in table

LAN_Router2#sh ip route 192.168.77.193 255.255.255.255 longer-prefixes

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area

* - candidate default, U - per-user static route, o - ODR

P - periodic downloaded static route

Gateway of last resort is 10.1.20.21 to network 0.0.0.0

LAN_Router2#sh ip route 192.168.77.193 255.255.255.0 longer-prefixes

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area

* - candidate default, U - per-user static route, o - ODR

P - periodic downloaded static route

Gateway of last resort is 10.1.20.21 to network 0.0.0.0

192.168.77.0/32 is subnetted, 3 subnets

S 192.168.77.246 [1/0] via 10.1.20.21

S 192.168.77.198 [1/0] via 10.1.22.250

S 192.168.77.197 [1/0] via 10.1.22.250

LAN_Router2#

Presently I cannot connect to 192.168.77.193 but 192.168.77.246 is ok with the static route in.

Thanks!

Daniel

New Member

Re: Default Route Issue

Hi,

Is 10.1.20.21 a Nortel device???

-Sai.

New Member

Re: Default Route Issue

It is a CheckPoint Firewall on a Sun server. On NGX R60. Is this an issue with the Firewall?

dan

New Member

Re: Default Route Issue

It is a CheckPoint Firewall on a Sun server. On NGX R60. Is this an issue with the Firewall?

dan

New Member

Re: Default Route Issue

It is a CheckPoint Firewall on a Sun server. On NGX R60. Is this an issue with the Firewall?

dan

New Member

Re: Default Route Issue

I would be curious to hear the outcome of this problem. I am having a similar one where I have a static network route (for example 10.x.x.x/16) pointing to a next hop that is a Checkpoint firewall and on occasion I get hosts within that /16 that require host routes pinting to the same next hop because they don't get routed via the /16 route. Tried an IOS upgrade without success. Using workaround keyword permanent on the host routes so they always work. Sounds like this could be a similar situation.

New Member

Re: Default Route Issue

Hi,

If you look at FW logs, do you see the packets for IPs that you assume router is dropping? This would verify which device drops the packets, router or FireWall.

David

New Member

Re: Default Route Issue

If I do not put in the static route, the traffic do not seem to reach the FW as we could not see any traffic going to the FW. The looks of it shows that the traffic is dropped at the router as the router does not know where to route this traffic.

Looks like I am not the only one facing this problem. Really hoping that someone can give an explanation on this. Thanks!

Daniel

Re: Default Route Issue

Daniel,

Do one thing, do not put the specific host route in the router. Try setting up a host route on your Client PC which is behind the F/W

c:/> route add x.x.x.x mask y.y.y.y z.z.z.z -p

Let us know if that works.

I have really seen this issue with the checkpoint firewall. There are around 100 of servers in our Datacenter which are behind the Checkpoint firewall and users can only access it, if we add specific host routes.

HTH,

-amit singh

New Member

Re: Default Route Issue

I am not able to replicate the problem on the PCs or Servers. However, that may also be due to some firewall rules on the FW. So far the problem is only consistent on our core router. Anyway, all the traffic are route via the core router before they reach the FW.

If I do a continuous ping from my PC to any of the problematic ip when the static route is there, the ping will not drop even after I remove the static route. However, if I stop the ping and start it again, I can't connect any more until I add back that static route.

How do I convince my FW engineer that it is a FW issue when any changes to resolve the problem is done on the router and nothing need to be done on the FW. According to my FW engineer, they even put an allow all rule for my PC during testing and they only see traffic when I add in the static route.

Anyway, Thanks for telling me that I am not alone in this puzzling issue. Hopefully someone with the solution will see this soon.

Happy New Year!!

Daniel

Re: Default Route Issue

Hi,

could that be an ARP/ Proxy ARP issue between router and FW? Just a wild guess ... can´t forward Layer3 when no Layer2 info is there.

Hope this helps

Martin

Silver

Re: Default Route Issue

Can you check your switching process i.e. show ip cef or show ip cache, to know how the packet are being switched when it is being dropped.

As a last resort, you might want to debug, be careful though as packet debugging can crash the router, but if used carefully it will tell you the reason the packet is being dropped. I will advice the debugging to be done at a non-critical hour.

New Member

Re: Default Route Issue

Hi Daniel,

In the configuration posted you have mentioned that static routes as

ip route 192.168.77.197 255.255.255.255 10.1.22.250

ip route 192.168.77.198 255.255.255.255 10.1.22.250

Also u have tell that

192.168.77.193 is reachable by 10.1.20.21 (the default gateway). How exactly is the network 192.168.77.x connected behind the firewall? Are the firewalls working in Active/Active mode? why have you given the route to hosts in the same subnet to different gateways?

Please share with us your brief network diagram, so that we may understand the issue completely.

Rgds,

Naveen B

New Member

Re: Default Route Issue

I am encountering the same error too,see my attachment for the network diagram and configuration i did.

I cannot ping the UK network from the 172.31.20.0 network.

New Member

Re: Default Route Issue

Hi ,

Please attach your network diagram. I dont see the network diagram attached.

Rgds,

Naveen B

New Member

Re: Default Route Issue

attached is the network diagram.

227
Views
0
Helpful
23
Replies