05-09-2009 01:08 PM - edited 03-04-2019 04:42 AM
Ok here is the issue;
2 sites JoeSchmoCo and Optical
Joeschmoco has 2 routers one going to the internet and 1 handling their WAN connections
Optical has 1 router and is a WAN site connected to the Joeschmoco WAN router.
JoeSchmoco routers are named internet and internal
Internet has 1 serial connection to the ISP and ethernet 172.16.0.1
Internal has 2 serial connections and ethernet 172.16.0.2
Optical location has 1 serial to Joeschmoco-internal and ethernet 172.16.2.1
I can get from joeschmoco-internal to optical location and to internet router as shown by the ping commands
here;
JoeSchmoCo-internal#ping 172.16.0.1
Sending 5, 100-byte ICMP Echos to 172.16.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
JoeSchmoCo-internal#ping 172.16.2.1
Sending 5, 100-byte ICMP Echos to 172.16.2.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms
I can get from joeschmo-internet to optical and to internal also as shown here;
JoeSchmoCo-internet#ping 172.16.0.2
Sending 5, 100-byte ICMP Echos to 172.16.0.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
JoeSchmoCo-internet#ping 172.16.2.1
Sending 5, 100-byte ICMP Echos to 172.16.2.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/5/8 ms
Now I go to the optical router which is connected via serial interface to the internal router and I can not
get to the internet router so I can not get internet access as shown here;
optical#ping 172.16.0.2
Sending 5, 100-byte ICMP Echos to 172.16.0.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/5/8 ms
optical#ping 172.16.0.1
Sending 5, 100-byte ICMP Echos to 172.16.0.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
So when traffic is originated from the internet router I can get to the optical location router but I can not
get traffic when its originated from the optical location.
I know its something easy so I have attached my configs for your browsing pleasure..
Solved! Go to Solution.
05-09-2009 01:26 PM
Phillip
When you ping from optical to Internet router the source address will be 10.0.0.5 ie. the serial interface of optical. But your Internet router doesn't have a route back to this network.
So either
1) use an extended ping on optical router specifying the source address as fa0/1 interface address ie. 172.16.2.1
OR
2) add route to Internet router -
ip route 10.0.0.4 255.255.255.252 172.16.0.2
Jon
05-09-2009 01:35 PM
Phillip
No problem, happens to us all :-)
When you say you cannot ping the ISP end of the serial link do you mean from the optical router with a source address of 10.0.0.5 ?
If so that is because you haven't included this in your NAT config on the Internet router ie.
ip nat inside source list 1 pool net172 overload
access-list 1 permit 172.16.0.0 0.0.255.255
You need to add this line to access-list 1
access-list 1 permit 10.0.0.4 0.0.0.3
Jon
05-09-2009 01:26 PM
Phillip
When you ping from optical to Internet router the source address will be 10.0.0.5 ie. the serial interface of optical. But your Internet router doesn't have a route back to this network.
So either
1) use an extended ping on optical router specifying the source address as fa0/1 interface address ie. 172.16.2.1
OR
2) add route to Internet router -
ip route 10.0.0.4 255.255.255.252 172.16.0.2
Jon
05-09-2009 01:30 PM
Jon I feel like an idiot.. I reviewed my posts on here and I ased the exact smae question 2 years ago ona different install :) You gave the exact same answer.. Thank you...
Now I can ping the serial interface on the internet router but I can not get to the next hop, the other end of the serial on the internet to get to the internet...
05-09-2009 01:35 PM
Phillip
No problem, happens to us all :-)
When you say you cannot ping the ISP end of the serial link do you mean from the optical router with a source address of 10.0.0.5 ?
If so that is because you haven't included this in your NAT config on the Internet router ie.
ip nat inside source list 1 pool net172 overload
access-list 1 permit 172.16.0.0 0.0.255.255
You need to add this line to access-list 1
access-list 1 permit 10.0.0.4 0.0.0.3
Jon
05-09-2009 01:44 PM
Its always the obvious... I worked the fire department last night from 8-8 so I should not be working on a router this early...
Thank you for the help..
05-09-2009 01:46 PM
Phillip
No problem, glad to have helped and thanks for the ratings.
Jon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide