10-16-2008 05:28 PM - edited 03-03-2019 11:57 PM
I currently have two 3845's connected point to point with the following configs
MESA3845001#sh run
Building configuration...
Current configuration : 1347 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname xxx
!
boot-start-marker
boot-end-marker
!
card type t3 2
logging buffered 51200 warnings
enable secret xxx
!
no aaa new-model
ip cef
!
!
!
!
username cisco privilege 15 secret xxx
username equitymethods privilege 15 secret xxx
!
!
controller T3 2/0
!
!
!
interface GigabitEthernet0/0
description **MESA-OORLANDO Traffic**
ip address 10.10.40.1 255.255.255.248
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
media-type rj45
!
interface Serial2/0
**Mesa-Orlando DS3**
ip address 10.20.50.2 255.255.255.248
dsu bandwidth 44210
!
no ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 10.20.50.1
ip route 172.16.100.0 255.255.255.0 10.10.40.2
!
no ip http server
ip http authentication local
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
control-plane
!
!
line con 0
login local
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
password Supp0rt@EM
--More-- login
transport input telnet
line vty 5 15
access-class 23 in
privilege level 15
login local
transport input telnet
!
scheduler allocate 20000 1000
!
end
10-16-2008 05:31 PM
ORLNDMESA001#
Current configuration : 3058 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ORLNDMESA001
!
boot-start-marker
boot system flash:c3845-advipservicesk9-mz.124-16b.bin
boot-end-marker
!
card type t3 2
logging buffered 51200 warnings
enable secret 5 $1$FJF6$1qEpgAw774hsDhL5eoQxi.
!
no aaa new-model
ip cef
!
!
!
ip domain name equitymethods.com
!
voice-card 0
no dspfarm
!
!
!
!
!
!
!
!
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-3555988581
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3555988581
revocation-check none
rsakeypair TP-self-signed-3555988581
!
!
crypto pki certificate chain TP-self-signed-3555988581
certificate self-signed 01
30820253 308201BC A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33353535 39383835 3831301E 170D3038 30383239 31363431
35375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 35353539
38383538 3130819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100CB2E 2721592F 072748DF 552802FC E6194B6F 89A76304 4567D0E6 CA5045BD
3D4156BD 235A4941 07F5E347 85971135 CA917975 90A247BD A950902F E3627E8D
58841BA4 BD1C916A 010A63E4 68BE652C 2C91FCF9 71BE342E 3917B055 7D89B592
890E7EC0 3EA8277B 825ED7F3 5DD225F3 C3D9127F AC586ED8 BD6ECB2E 96BAE45A
83E50203 010001A3 7B307930 0F060355 1D130101 FF040530 030101FF 30260603
551D1104 1F301D82 1B4F524C 4E444D45 53413030 312E796F 7572646F 6D61696E
2E636F6D 301F0603 551D2304 18301680 14B3326D 4F237A5A BA63E973 D6C5BF20
7CA0CB18 39301D06 03551D0E 04160414 B3326D4F 237A5ABA 63E973D6 C5BF207C
A0CB1839 300D0609 2A864886 F70D0101 04050003 81810005 E1646ED4 1238FDC2
A91078DD C175480A 519E5BB7 B010AF20 80611F4A 7BD9CCA8 9131A321 996583C3
3B47CD77 49D72F09 F00D5972 A8C42BD9 C062EDED 6709CA49 25245E63 496CED7A
57673E57 F84DD1A4 C7C74D63 2B7A2BAE E189B388 DEABC2EC 3DD6BEC5 899D6EF9
583CDB22 66C056C2 BEAE236F 3F135B04 FC7EB612 92B361
quit
username EquityMethods secret 5 $1$Q6Ry$g55tqorvy2IOoIe8DkE4m/
!
!
controller T3 2/0
cablelength 70
!
!
!
!
!
!
interface GigabitEthernet0/0
ip address 10.10.30.1 255.255.255.0
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
media-type rj45
!
interface Serial2/0
bandwidth 44210
ip address 10.20.50.1 255.255.255.248
dsu bandwidth 44210
!
ip route 0.0.0.0 0.0.0.0 10.20.50.2
ip route 172.16.200.0 255.255.255.0 10.10.30.2
ip route 172.16.255.0 255.255.255.0 10.10.30.2
!
!
ip http server
no ip http secure-server
!
!
!
!
!
control-plane
!
!
!
line con 0
login local
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
password Supp0rt@EM
login
transport input telnet ssh
line vty 5 15
access-class 23 in
privilege level 15
login local
transport input telnet ssh
!
As you can see, The one has the crypto installed, ZDoes that make a difference?
The problem is that on the other side of the gigabit interfaces I have Firewalls with interace IP's 10.10.40.2 and 10.10.30.2 I cannot ping from one side to the other past the gigabit interfaces
Say I ping 172.16.100.1, which is just inside the 10.10.40.1 interface I cannot, But I can ping 10.10.40.1
Any Ideas or help would be so appreciated?
10-16-2008 06:31 PM
Scott
It is highly unlikely that crypto (or not crypto) has anything to do with this issue. I suspect that the issue is that to get to 172.16.100.1 you must go through the firewall at 10.10.40.2. I suspect that the firewall is not allowing the ping to go through. Can you check on the firewall and see if it sees the ping? And if it sees the ping does it permit it through or does it deny the ping?
HTH
Rick
10-17-2008 03:56 AM
Hello Rick
I have the firewall to allow "any any" between the two interfaces, I can ping the serial interfaces and even the distant Gi interface, from one firewall I can even ping the interface on the firewall, Just not through )10.10.40.1 and 10.10.40.2) going the other way, I can only ping 10.10.30.1. I am befuddles.
10-17-2008 04:08 AM
Hello Scott,
has the firewall routes to be able to send back traffic originated in the different IP subnets ?
Hope to help
Giuseppe
10-17-2008 05:32 AM
Hi Scott,
There is no routing issue on these routers as the routes are properly configured , also there are no access lists to block any traffic .
You mentioned that you cannot ping 30.2 interface of firewall , there could be either routing issue or firewalls are not properly configured to handle the traffic.Are these cisco based firewalls PIX or ASA ? Can you post firewall configs?
HTH
Saju
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide