Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ip route is not working

1.png

Hi fellas,

I just configured ip route and I can't ping from host to AboveNet. the diagram is like,

Host - Router - AboveNet

Network for host-Router is 209.249.194.32/27 and Router-AboveNet is 64.125.71.0/30 and please check the output below,

S*    0.0.0.0/0 [1/0] via 64.125.71.1

      *.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

C        *.125.71.0/30 is directly connected, GigabitEthernet0/2

L        *.125.71.2/32 is directly connected, GigabitEthernet0/2

      **.249.194.0/24 is variably subnetted, 2 subnets, 2 masks

C        **.249.194.32/27 is directly connected, GigabitEthernet0/1

L        **.249.194.33/32 is directly connected, GigabitEthernet0/1

and below is my configuration.

ip route 0.0.0.0 0.0.0.0 *.125.71.1

I spent more than 5 hours solving this simple problem. Please mercy on me. Thanks,

Everyone's tags (4)
22 REPLIES
Hall of Fame Super Silver

ip route is not working

Based on the information that we have so far it looks like the static default route is appropriate.

Can you post the output of ipconfig from the host? It would be good to confirm the address, mask, and default gateway used for the host.

HTH

Rick

New Member

ip route is not working

Thanks Rick,

Host IP 209.249.194.34

SM 255.255.255.224

GW 209.249.194.33

Dai

New Member

ip route is not working

fyi, I can ping to 64.125.71.2 but not to 64.125.71.1

Dai

Hall of Fame Super Silver

ip route is not working

Dai

Thank you. The additional information is helpful. It does look like the host has appropriate address, mask, and default gateway. So my next question is whether you can confirm that the AboveNet router does have a route for the 209.249.194.32 network and that they are routing that network to you? The easy way to check this would be to do an extended ping from the router. In the extended ping specify the destination as the AboveNet router address and specify that the source of the ping is the Gig0/1 interface address of the router.

HTH

Rick

New Member

ip route is not working

It failed to ping with source interface gig0/1 and detail is as follow,

XORouter#ping

Protocol [ip]:

Target IP address: 64.125.71.1

Repeat count [5]: 5

Datagram size [100]:

Timeout in seconds [2]:

Extended commands [n]: y

Source address or interface: 209.249.194.33

Type of service [0]:

Set DF bit in IP header? [no]:

Validate reply data? [no]:

Data pattern [0xABCD]:

Loose, Strict, Record, Timestamp, Verbose[none]:

Sweep range of sizes [n]:

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 64.125.71.1, timeout is 2 seconds:

Packet sent with a source address of 209.249.194.33

.....

Success rate is 0 percent (0/5)

Hall of Fame Super Silver

ip route is not working

Dai

Thank you for doing this test. It definitely shows that the problem is something on the AboveNet router. Do you have access to that router? If so can you tell us some things from that router? Most especially it might be good to start with the output of show ip route.

HTH

Rick

New Member

ip route is not working

I can't but let me contact to the AboveNet and I will let you know.

Thanks,

Dai

Hall of Fame Super Silver

ip route is not working

Dai

I suggest that when you contact AboveNet that you share with them the results of the extended ping. It is conclusive proof that they are not routing the subnet to your router.

HTH

Rick

New Member

Dear Richard Burts

Dear Richard Burts

How are you? I am good.

I am facing the same problem but in different way, as you can see on attached file:

From LAN_0 198.168.2.0/24 I cant ping to hosts on 192.168.71.0/24, but from the Router0 I can ping to LAN_1 192.168.71.0/24

Other point is that from LAN_1 192.168.71.0/24 I can ping to 192.168.2.0/24

When I traceroute to LAN_1 from LAN_0 the packet drop on the Router_0, but the ip route to LAN_1 is done on Router_0

Please help

Best Regards

Alcidio Tembe

New Member

Make sure reverse route is

Make sure reverse route is also configured on router 0  as well as router 1

New Member

Dear Satwant

Dear Satwant It is done on both sites Best Regards ART
Hall of Fame Super Silver

Am I correct in understanding

Am I correct in understanding that from hosts in LAN0 you are not able to ping hosts in LAN1 but hosts in LAN1 are successful in pinging hosts in LAN0 (host to host pings not router to router pings)? If that is correct then it seems to show that ip routing is working ok and that the problems is something other than routing. Are there any access lists or other policies configured on the routers? It would be helpful if you post the config of router0.

HTH

Rick

New Member

Dear Richard

Dear Richard

Yes from LAN0 I can't ping to LAN1 but from the Router0 I can ping to LAN1, also from LAN1 I can ping to LAN0. I will share with you some configuration as soon as possible

Best Regards

ART 

New Member

Dear Richard

Dear Richard

Here you have some configuration of both routers

Router0

interface GigabitEthernet0/0
description LINK_TO_PROVIDER
ip address 205.210.132.18 255.255.255.252
ip nat outside
ip virtual-reassembly in max-fragments 64 max-reassemblies 1024
duplex auto
speed auto
end

interface GigabitEthernet0/1.425
description CLIENT425
encapsulation dot1Q 425
ip address 187.251.116.121 255.255.255.252
ip flow monitor MONITOR_CLIENT425 input
ip flow ingress
ip flow egress
service-policy input CLIENT425_5Mbps
service-policy output CLIENT425_5Mbps

policy-map CLIENT425_5Mbps
class class-default
police 5000000 conform-action transmit exceed-action drop

ip nat inside source list 1 interface GigabitEthernet0/0 overload
ip nat inside source list ARGOTTI interface GigabitEthernet0/1.403 vrf ARGOTTI overload


ip access-list standard ARGOTTI
permit 10.11.3.0 0.0.0.63
permit 10.11.3.64 0.0.0.63
!
!
ip prefix-list SAITEC-OUT seq 5 permit 187.251.116.0/22 le 32
ip prefix-list SAITEC-OUT seq 35 deny 0.0.0.0/0 le 32
!
ip prefix-list PROVIDER-IN seq 5 deny 0.0.0.0/8 le 32
ip prefix-list PROVIDER-IN seq 10 deny 10.0.0.0/8 le 32
ip prefix-list PROVIDER-IN seq 15 deny 127.0.0.0/8 le 32
ip prefix-list PROVIDER-IN seq 20 deny 169.254.0.0/16 le 32
ip prefix-list PROVIDER-IN seq 25 deny 172.16.0.0/12 le 32
ip prefix-list PROVIDER-IN seq 30 deny 192.0.2.0/24 le 32
ip prefix-list PROVIDER-IN seq 35 deny 192.168.0.0/16 le 32
ip prefix-list PROVIDER-IN seq 40 deny 224.0.0.0/4 le 32
ip prefix-list PROVIDER-IN seq 45 permit 0.0.0.0/0 le 32
logging trap errors
logging host 197.231.216.45
access-list 1 permit 10.11.3.0 0.0.0.255
access-list 2 permit 187.251.116.17


Router0#show ip route | be 192.168.71.0
S 192.168.71.0/24 [1/0] via 187.251.116.122


Router1# show runn
Building configuration...

Current configuration : 1593 bytes
!
!
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router1
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
no ipv6 cef
ip source-route
ip cef
!
!
!
!
no ip domain lookup
multilink bundle-name authenticated
!
!
license udi pid CISCO1921/K9 sn FCZ1520C1QL
!
!
interface GigabitEthernet0/0
description ARTIL_LAN
ip address 192.168.71.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface GigabitEthernet0/1
description ARTIL_PUBLIC
ip address 187.251.116.122 255.255.255.252
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat pool ARTIL_INTERNAL 187.251.116.122 187.251.116.122 prefix-length 30
ip nat inside source list 7 pool ARTIL_INTERNAL overload
ip nat inside source static tcp 192.168.71.16 3389 187.251.116.122 3389 extendable
ip nat inside source static udp 192.168.71.16 3389 187.251.116.122 3389 extendable
ip route 0.0.0.0 0.0.0.0 187.251.116.121
!
access-list 7 permit 192.168.71.0 0.0.0.255
!
!
control-plane
!
!
line con 0
login local
line aux 0
line vty 0 5
login local
transport input telnet ssh
transport output telnet ssh
!
scheduler allocate 20000 1000
end

Best Regards

ART

Hall of Fame Super Silver

I am having some difficulty

I am having some difficulty relating what is in this post to your earlier description of the environment since the IP addressing does not match up. But there may be an indication of the problem in what you have posted. These configs show dynamic address translation/PAT being done. One common result of address translation/PAT is that devices inside can send packets to outside and receive responses while devices from outside are not able to initiate traffic to devices inside.

HTH

Rick

New Member

Hi Rick

Hi Rick

"These configs show dynamic address translation/PAT being done. One common result of address translation/PAT is that devices inside can send packets to outside and receive responses while devices from outside are not able to initiate traffic to devices inside."

I think that is the problem, so how to fix it.

Best Regards

ART

Hall of Fame Super Silver

If you want devices from

If you want devices from outside to be able to initiate traffic to devices on inside then you need to provide some static address translation.

HTH

Rick

New Member

Dear Rich

Dear Rich

As you said: "These configs show dynamic address translation/PAT being done. One common result of address translation/PAT is that devices inside can send packets to outside and receive responses while devices from outside are not able to initiate traffic to devices inside."

Could you please explain why from the Router0 I can ping to LAN1 if PAT block inbound traffic?

Best Regards

ART

Hall of Fame Super Silver

Here is the config that you

Here is the config that you posted. On this router interface there is not PAT configured

interface GigabitEthernet0/1.425
description CLIENT425
encapsulation dot1Q 425
ip address 187.251.116.121 255.255.255.252
ip flow monitor MONITOR_CLIENT425 input
ip flow ingress
ip flow egress
service-policy input CLIENT425_5Mbps
service-policy output CLIENT425_5Mbps

HTH

Rick

New Member

Dear Rick

Dear Rick

So based on your last post what suppose to be done.

Best Regards

ART

Hall of Fame Super Silver

If you have address

If you have address translation on the outside interface and if you want the hosts inside to be reachable from outside then you need static translations for each inside host that should be reachable from outside.

HTH

Rick

New Member

Re: ip route is not working

The ISP said I should use LX or ZX module to connect to their router and it is working now.

It was not a ip route or any other configuration problem.

Any way, thank you Rick! You were very helpful.

By the way, how can i close this case?

Dai

3318
Views
0
Helpful
22
Replies