Cisco Routing Issues After L3

[skk391]

Hi All,

I've got the following problem ....

172.16.0.x ------> Router --------> 10.1.1.x

I can ping from my 10.1.1.x range to a host on 172.16.0.x, but when I try to run an application say for example remote desktop I cannot connect to the client on the 17.16.0.x. I thought it would be something to do with ACL's but I dont have anything configured. I've copied my config .... BTW does the config look good in terms of my routing statements?


router#show config
Using 1949 out of 29688 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname router
!
boot-start-marker
boot-end-marker
!
!
no network-clock-participate slot 1
no network-clock-participate wic 0
no aaa new-model
ip subnet-zero
ip cef
!
!
ip domain lookup source-interface FastEthernet0/1
ip domain name test
ip host **** 10.1.1.2
ip host **** 10.1.1.12
ip host **** 10.1.1.11
ip host **** 10.1.1.35
ip host **** 10.1.1.44
ip host **** 10.1.1.13
ip host **** 172.16.0.5
ip host **** 10.1.1.8
ip host **** 10.1.1.19
ip host **** 10.1.1.18
ip host **** 172.16.0.8
ip host **** 172.16.0.8
ip host **** 10.1.1.6
ip name-server 10.1.1.12
ip name-server 10.1.1.18
ip dhcp excluded-address 172.16.0.1 172.16.0.30
!
ip dhcp pool VOIP
network 172.16.0.0 255.255.255.0
default-router 172.16.0.1
dns-server 10.1.1.12
option 242 ascii "172.16.0.2,MCPORT=1719,HTTPSRVR=172.16.0.2,VLANTEST=1"
option 176 ascii "MCIPADD=172.16.0.2,MCPORT=1719,TFTPSRVR=172.16.0.2,HTTPSRVR=172.16.0.2,VLANTEST=1"
domain-name *****
lease 7 16 30
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
description Interface to the VOIP network
ip address 172.16.0.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
description Connection to Data Network
ip address 10.1.1.28 255.255.255.0
duplex auto
speed auto
!
ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1
ip route 0.0.0.0 0.0.0.0 10.1.1.1
ip route 10.0.0.0 255.255.255.0 FastEthernet0/1
ip route 172.0.0.0 255.0.0.0 FastEthernet0/0
ip route 172.16.0.0 255.255.0.0 FastEthernet0/0
ip route 172.16.0.0 255.255.255.0 FastEthernet0/1
ip route 172.16.0.0 255.255.255.0 FastEthernet0/0
!
!
!
snmp-server community public RW
snmp-server enable traps tty
!
!
!
!
!
!
line con 0
password *****
line aux 0
line vty 0 4
password *****
no login
!
!
!

 

[Viconsul]

Hi

You need to remove the following;

ip route 0.0.0.0 0.0.0.0 FastEthernet0/1
ip route 10.0.0.0 255.255.255.0 FastEthernet0/1
ip route 172.0.0.0 255.0.0.0 FastEthernet0/0
ip route 172.16.0.0 255.255.0.0 FastEthernet0/0
ip route 172.16.0.0 255.255.255.0 FastEthernet0/1
ip route 172.16.0.0 255.255.255.0 FastEthernet0/0

Once those routing statement are gone, try tour rdp again.

HTH
-Viconsul

 

[skk391]

Hi,

Thanks for your reply. Just for my understanding more than anything, can you explain the reason why?

 

[Viconsul]

The network 172.16.0.0/24 is directly connected to Fa0/0 so the router is aware of it and so is 10.1.1.0/24.
You only need to configure static routes if the network is not directly connected to the router or there are no routing protocols configured.

 

[skk391]

Thanks, yep that makes sense, I'll give it a go. Why would the statements cause it not to route though?

 

[Viconsul]

Because of this

ip route 172.16.0.0 255.255.255.0 FastEthernet0/1

It sends the traffic into a loop

 

[skk391]

Hi again, I've remove all the ip route statements. I noticed that I was dropping one packet while pinging from 10.1.1.x to 172.16.0.143 while maklng the changes. However I still cannot connect using a remote manahement software which uses port 4899. Is thereany way to see what connections the router is dealing with, is there such a command?? That way I can confirm that my connection attempts are at least hitting the router. Tracert from the client on 10.1.1.x says it is ---

C:\WINDOWS\system32>tracert 172.16.0.143

Tracing route to tr15.horizon.net [172.16.0.143]
over a maximum of 30 hops:

1 1 ms <1 ms <1 ms router.test.net [10.1.1.28]
2 <1 ms <1 ms <1 ms tr15.test.net [172.16.0.143]

Trace complete.

 

[Viconsul]

You can do a continuous ping from your host and do a show int fa0/1 and check that the your output packet value increases, that will be an indication that the traffice is getting to the router.

 

[BadgerTony]

This may be a silly question, but the remote computer is set up for RDP right?

 

[imbadatthis]

*facepalm..

create the following :

conf t
ip access-list ext TETS-ACL
remark ==== Permit Traffic and log =====
permit tcp any any log
permit udp any any log
permit icmp any any log

int fa0/1
ip access-group TEST-ACL in

end
term mon

there now your router is showing all the traffic received by FA0/1.

remove ACL with the NO command.
rinse and repeat for all interfaces (In and OUT) .
and you'll find out if all traffic is going through and getting through.

then check and see if windows firewall is on.. >.>


We must go always forward, not backward
always up, not down and always twirling twirling towards infinity.