ip route is not working

choi.daisung · ‎04-11-2012

Hi fellas,

I just configured ip route and I can't ping from host to AboveNet. the diagram is like,

Host - Router - AboveNet

Network for host-Router is 209.249.194.32/27 and Router-AboveNet is 64.125.71.0/30 and please check the output below,

S* 0.0.0.0/0 [1/0] via 64.125.71.1

*.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

C *.125.71.0/30 is directly connected, GigabitEthernet0/2

L *.125.71.2/32 is directly connected, GigabitEthernet0/2

**.249.194.0/24 is variably subnetted, 2 subnets, 2 masks

C **.249.194.32/27 is directly connected, GigabitEthernet0/1

L **.249.194.33/32 is directly connected, GigabitEthernet0/1

and below is my configuration.

ip route 0.0.0.0 0.0.0.0 *.125.71.1

I spent more than 5 hours solving this simple problem. Please mercy on me. Thanks,

Richard Burts · ‎04-11-2012

Based on the information that we have so far it looks like the static default route is appropriate.

Can you post the output of ipconfig from the host? It would be good to confirm the address, mask, and default gateway used for the host.

HTH

Rick

HTH

Rick

choi.daisung · ‎04-11-2012

Thanks Rick,

Host IP 209.249.194.34

SM 255.255.255.224

GW 209.249.194.33

Dai

choi.daisung · ‎04-11-2012

fyi, I can ping to 64.125.71.2 but not to 64.125.71.1

Dai

Richard Burts · ‎04-11-2012

Dai

Thank you. The additional information is helpful. It does look like the host has appropriate address, mask, and default gateway. So my next question is whether you can confirm that the AboveNet router does have a route for the 209.249.194.32 network and that they are routing that network to you? The easy way to check this would be to do an extended ping from the router. In the extended ping specify the destination as the AboveNet router address and specify that the source of the ping is the Gig0/1 interface address of the router.

HTH

Rick

HTH

Rick

choi.daisung · ‎04-11-2012

It failed to ping with source interface gig0/1 and detail is as follow,

XORouter#ping

Protocol [ip]:

Target IP address: 64.125.71.1

Repeat count [5]: 5

Datagram size [100]:

Timeout in seconds [2]:

Extended commands [n]: y

Source address or interface: 209.249.194.33

Type of service [0]:

Set DF bit in IP header? [no]:

Validate reply data? [no]:

Data pattern [0xABCD]:

Loose, Strict, Record, Timestamp, Verbose[none]:

Sweep range of sizes [n]:

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 64.125.71.1, timeout is 2 seconds:

Packet sent with a source address of 209.249.194.33

.....

Success rate is 0 percent (0/5)

Richard Burts · ‎04-11-2012

Dai

Thank you for doing this test. It definitely shows that the problem is something on the AboveNet router. Do you have access to that router? If so can you tell us some things from that router? Most especially it might be good to start with the output of show ip route.

HTH

Rick

HTH

Rick

choi.daisung · ‎04-11-2012

I can't but let me contact to the AboveNet and I will let you know.

Thanks,

Dai

Richard Burts · ‎04-11-2012

Dai

I suggest that when you contact AboveNet that you share with them the results of the extended ping. It is conclusive proof that they are not routing the subnet to your router.

HTH

Rick

HTH

Rick

alcidio.tembe1 · ‎02-10-2016

Dear Richard Burts

How are you? I am good.

I am facing the same problem but in different way, as you can see on attached file:

From LAN_0 198.168.2.0/24 I cant ping to hosts on 192.168.71.0/24, but from the Router0 I can ping to LAN_1 192.168.71.0/24

Other point is that from LAN_1 192.168.71.0/24 I can ping to 192.168.2.0/24

When I traceroute to LAN_1 from LAN_0 the packet drop on the Router_0, but the ip route to LAN_1 is done on Router_0

Please help

Best Regards

Alcidio Tembe

Satwant Singh · ‎02-10-2016

Make sure reverse route is also configured on router 0 as well as router 1

alcidio.tembe1 · ‎02-10-2016

Dear Satwant It is done on both sites Best Regards ART

Richard Burts · ‎02-10-2016

Am I correct in understanding that from hosts in LAN0 you are not able to ping hosts in LAN1 but hosts in LAN1 are successful in pinging hosts in LAN0 (host to host pings not router to router pings)? If that is correct then it seems to show that ip routing is working ok and that the problems is something other than routing. Are there any access lists or other policies configured on the routers? It would be helpful if you post the config of router0.

HTH

Rick

HTH

Rick

alcidio.tembe1 · ‎02-10-2016

Dear Richard

Yes from LAN0 I can't ping to LAN1 but from the Router0 I can ping to LAN1, also from LAN1 I can ping to LAN0. I will share with you some configuration as soon as possible

Best Regards

ART

alcidio.tembe1 · ‎02-10-2016

Dear Richard

Here you have some configuration of both routers

Router0

interface GigabitEthernet0/0
description LINK_TO_PROVIDER
ip address 205.210.132.18 255.255.255.252
ip nat outside
ip virtual-reassembly in max-fragments 64 max-reassemblies 1024
duplex auto
speed auto
end

interface GigabitEthernet0/1.425
description CLIENT425
encapsulation dot1Q 425
ip address 187.251.116.121 255.255.255.252
ip flow monitor MONITOR_CLIENT425 input
ip flow ingress
ip flow egress
service-policy input CLIENT425_5Mbps
service-policy output CLIENT425_5Mbps

policy-map CLIENT425_5Mbps
class class-default
police 5000000 conform-action transmit exceed-action drop

ip nat inside source list 1 interface GigabitEthernet0/0 overload
ip nat inside source list ARGOTTI interface GigabitEthernet0/1.403 vrf ARGOTTI overload

ip access-list standard ARGOTTI
permit 10.11.3.0 0.0.0.63
permit 10.11.3.64 0.0.0.63
!
!
ip prefix-list SAITEC-OUT seq 5 permit 187.251.116.0/22 le 32
ip prefix-list SAITEC-OUT seq 35 deny 0.0.0.0/0 le 32
!
ip prefix-list PROVIDER-IN seq 5 deny 0.0.0.0/8 le 32
ip prefix-list PROVIDER-IN seq 10 deny 10.0.0.0/8 le 32
ip prefix-list PROVIDER-IN seq 15 deny 127.0.0.0/8 le 32
ip prefix-list PROVIDER-IN seq 20 deny 169.254.0.0/16 le 32
ip prefix-list PROVIDER-IN seq 25 deny 172.16.0.0/12 le 32
ip prefix-list PROVIDER-IN seq 30 deny 192.0.2.0/24 le 32
ip prefix-list PROVIDER-IN seq 35 deny 192.168.0.0/16 le 32
ip prefix-list PROVIDER-IN seq 40 deny 224.0.0.0/4 le 32
ip prefix-list PROVIDER-IN seq 45 permit 0.0.0.0/0 le 32
logging trap errors
logging host 197.231.216.45
access-list 1 permit 10.11.3.0 0.0.0.255
access-list 2 permit 187.251.116.17

Router0#show ip route | be 192.168.71.0
S 192.168.71.0/24 [1/0] via 187.251.116.122

Router1# show runn
Building configuration...

Current configuration : 1593 bytes
!
!
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router1
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
no ipv6 cef
ip source-route
ip cef
!
!
!
!
no ip domain lookup
multilink bundle-name authenticated
!
!
license udi pid CISCO1921/K9 sn FCZ1520C1QL
!
!
interface GigabitEthernet0/0
description ARTIL_LAN
ip address 192.168.71.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface GigabitEthernet0/1
description ARTIL_PUBLIC
ip address 187.251.116.122 255.255.255.252
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat pool ARTIL_INTERNAL 187.251.116.122 187.251.116.122 prefix-length 30
ip nat inside source list 7 pool ARTIL_INTERNAL overload
ip nat inside source static tcp 192.168.71.16 3389 187.251.116.122 3389 extendable
ip nat inside source static udp 192.168.71.16 3389 187.251.116.122 3389 extendable
ip route 0.0.0.0 0.0.0.0 187.251.116.121
!
access-list 7 permit 192.168.71.0 0.0.0.255
!
!
control-plane
!
!
line con 0
login local
line aux 0
line vty 0 5
login local
transport input telnet ssh
transport output telnet ssh
!
scheduler allocate 20000 1000
end

Best Regards

ART