Re: Site to Customer connection not working.

bradlesliect · ‎11-28-2006

I have been battling with this for days now. I have posted this question before but still no answer. I have a router at a customer site. This router is used to connect to my office network and back into the customer's network. Connection to my office network and Internet is fine. Connection to customer site does not work. The customer is able to connect to my router but to devices connected to my router. I inturn am not able to see anything on the customer side. I have re-created the scenario hoping to find a fix. Still nothing.nada.zip..... please help me with this.Its a 877 ADSL router. This is an extract from the config, hope it helps. I really need to fix this.

!

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname brad-home-cr1

!

boot-start-marker

boot-end-marker

!

logging buffered 4096 debugging

logging console errors

enable password <removed>

!

aaa new-model

!

resource policy

!

ip cef

!

no ip dhcp use vrf connected

ip dhcp excluded-address 172.18.44.1 172.18.44.128

!

ip dhcp pool brad-home

import all

network 172.18.44.0 255.255.255.0

domain-name home.brad.co.za

dns-server 172.18.18.65 172.18.16.65

default-router 172.18.44.1

netbios-name-server 172.18.18.65 172.18.16.65

!

ip domain name home.brad.co.za

ip name-server ISP PRI DNS

ip name-server ISP SEC DNS

!

username <removed> password <removed>

!

bridge irb

!

interface FastEthernet0

!

interface FastEthernet1

switchport access vlan 2

!

interface FastEthernet2

switchport access vlan 2

!

interface FastEthernet3

switchport access vlan 2

!

interface Dot11Radio0

no ip address

shutdown

speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0

station-role root

!

interface Vlan1

description connected to other-inside

ip address 172.20.96.3 255.255.252.0

ip nat outside

ip virtual-reassembly

ip tcp adjust-mss 1452

!

interface Vlan2

no ip address

bridge-group 1

!

interface Dialer0

no ip address

!

interface BVI1

description home-brad-network

ip address 172.18.44.1 255.255.255.0

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1452

!

ip route 172.20.96.0 255.255.252.0 172.20.96.1

ip route 172.20.96.0 255.255.252.0 VLAN 1

!

ip http server

ip http authentication local

no ip http secure-server

ip nat inside source route-map SDM_RMAP_6 interface Vlan1 overload

!

ip radius source-interface BVI1

!

control-plane

!

bridge 1 protocol ieee

bridge 1 route ip

!

line con 0

no modem enable

line aux 0

line vty 0 4

transport input telnet

!

scheduler max-task-time 5000

!

webvpn context Default_context

ssl authenticate verify all

!

no inservice

!

end

bradlesliect · ‎11-28-2006

I have even added route statements to this. Still did not work. There is no access list applied to any of the interfaces or anywhere on the router. What next?

steveo123 · ‎11-28-2006

You need to supply more info: what address block does the customer use ?? because there is no route back to the customer network as far as i can see from your config (static routing will need a route back if not running any dynamic routing). You have two equal metric routes for the 172.20.96.0 255.255.252.0 network, why is that there ? where is your default route to the internet ? unless the ISP routing is performed on 172.20.96.1.

In summary you will need to run a ISP provided VPN GRE/IPSEC tunnel over the internet (if customer site is remotly away) to the customer router inorder to estabilish IP connectivity then add static routes over that tunnel for ip routing. Please provide more info regarding the customer network and how the physical connectivity is estabilished.

Regards,

Steve Knockswell

bradlesliect · ‎11-28-2006

We are on the customer site. No routing to customer site should take place through the internet.

We connect to the customer's switch on Fe0 on this router. Fe0 has been added to Vlan1. I have heard of ppl mentioning that I should have a route back. The funny thing is that from the customer network I can ping the ADSL router but not anything on my network.

I don't think VPN connection is needed to cust network. The default route to ISP is not needed as we connect via ethernet cable to customer, hence the routing statement.

steveo123 · ‎11-29-2006

I see, well you are NAT'ing inbound from this router out to customer network 172.20.96.0 255.255.252.0. where is the route-map SDM_RMAP_6 ?? you need to specify that route map inorder to reach the customer network. You might want to try static one to one NAT statements to check connectivity.

Steve

bradlesliect · ‎11-30-2006

Steve, I have taken what you said into consideration. Added the SDM_RMAP_6 but this still did not work.

Take a look at this config. The router has been split into 2 vlans. VLAN 1 is to the customer and VLAN2 to our onsite engineer. I can ping the IP on VLAN1 but can?t ping the notebook that I have connected to Fe0. What is wrong with this config? I?ve added a route map and access-list. The minute I apply access list 107 to VLAN1, I can?t ping the ptp on VLAN1. What?s missing?

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname

!

boot-start-marker

boot-end-marker

!

logging buffered 4096 debugging

logging console errors

enable password

!

aaa new-model

!

aaa session-id common

!

resource policy

!

ip cef

!

no ip dhcp use vrf connected

ip dhcp excluded-address 172.18.44.1 172.18.44.128

!

ip dhcp pool pool-test

import all

network 172.18.44.0 255.255.255.0

domain-name domain.com

dns-server 172.18.18.65 172.18.16.65

default-router 172.18.44.1

netbios-name-server 172.18.18.65 172.18.16.65

!

ip domain name home.domain.com

ip name-server 196.25.255.34 (ISP NAME SERVER 1)

ip name-server 196.25.255.3 (ISP NAME SERVER 2)

!

username password

!

bridge irb

!

interface ATM0

no ip address

shutdown

no atm ilmi-keepalive

dsl operating-mode auto

!

interface FastEthernet0

!

interface FastEthernet1

switchport access vlan 2

!

interface FastEthernet2

switchport access vlan 2

!

interface FastEthernet3

switchport access vlan 2

!

interface Dot11Radio0

no ip address

shutdown

speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0

station-role root

!

interface Vlan1

description connected to CUST NETWORK

ip address 172.20.96.3 255.255.252.0

ip nat outside

ip virtual-reassembly

ip tcp adjust-mss 1452

!

interface Vlan2

no ip address

bridge-group 1

!

interface Dialer0

no ip address

!

interface BVI1

description CONNECT TO MY NETWORK

ip address 172.18.44.1 255.255.255.0

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1452

!

ip route 172.20.96.0 255.255.252.0 Vlan1

ip route 172.20.96.0 255.255.252.0 172.20.96.1

!

ip http server

ip http authentication local

no ip http secure-server

ip nat inside source route-map SDM_RMAP_6 interface Vlan1 overload

!

ip radius source-interface BVI1

access-list 107 remark IPSec Rule

access-list 107 permit ip 172.18.44.0 0.0.0.255 any

!

route-map SDM_RMAP_6 permit 1

match ip address 107

!

control-plane

!

bridge 1 protocol ieee

bridge 1 route ip

!

line con 0

no modem enable

line aux 0

line vty 0 4

transport input telnet

!

scheduler max-task-time 5000

!

webvpn context Default_context

ssl authenticate verify all

!

no inservice

!

end