Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Routing Problems 1

Status
Not open for further replies.
drbk563

drbk563

IS-IT--Management
Nov 21, 2006
194
US
Here is the situation. I have three remote sites. Site A, Site B, Site C. However for now let’s just concentrate on two sites. Site A and Site B. Site A is the main site. The problem that I am having is that users from Site A and Site B must be able to telnet into the server which has an ip address of 159.132.1.10. However, the only users which are able to accomplish this are the users located in Site A. The users in Site B are not even reaching the server. Something is wrong with the routing in the network, but I am not sure what. Internet traffic for Site A and Site B go through the ASA. However, some applications and server’s such as the 159.132.1.10 server is reached through the external network switch. The network mostly consists of static routes. A diagram of the network can be found at If configs need to be posted or ip’s are need for the interface’s in the diagram please let me know.
Thank you in advance for your help.
 
Sort by date Sort by votes
Have you tried doing a traceroute to see exactly where the packets are making it to? Have you checked ACLs?

Joey
A+, Network+, MCP
 
Upvote 0 Downvote
Yes I have tried trace routes from Site B and Site A Router below are the results. Also, I checked the ACL's and there are no ACL's that are blocking anything. As you can see below if I do a traceroute from the 6504A to the server it takes the correct path towards the PIX 515. Below are the PIX 515 interface ip address.

Site B

Trace to Server
3845-1#traceroute 159.132.1.10

Type escape sequence to abort.
Tracing the route to 159.132.1.10

1 10.178.188.65 0 msec 4 msec 0 msec
2 * * *
3 * * *
4

Site B

Trace to PIX 515
3845-1#traceroute 10.178.183.4

Type escape sequence to abort.
Tracing the route to 10.178.183.4

1 10.178.188.65 0 msec 4 msec 0 msec
2 * * *
3 * * *
4 * * *
5 * *

In Site A location

Trace to Server this is the correct path.
6504_A#traceroute 159.132.1.10

Type escape sequence to abort.
Tracing the route to 159.132.1.10

1 10.178.176.124 0 msec 0 msec 4 msec
2 143.104.183.2 0 msec 0 msec 4 msec
3 10.174.41.45 8 msec 4 msec 4 msec
4 143.104.2.34 4 msec 4 msec 4 msec
5 10.174.0.154 0 msec 4 msec 4 msec
6 * * *
7 *

PIX 515 interface IP address

ip address outside 143.104.183.4 255.255.255.240
ip address inside 10.178.183.4 255.255.255.240
ip address DMZ1 10.178.183.18 255.255.255.240
ip address Failover 10.178.183.41 255.255.255.252
ip address Unused1 10.178.183.45 255.255.255.252
ip address DMZ3 10.178.183.49 255.255.255.240
 
Upvote 0 Downvote
Alright I updated the diagram with ip address of all devices. Except for the ASA and WAN 1. I really need help to get this working.

Thank You
 
Upvote 0 Downvote
Post your show run command for 3845-1. I assume the switches performing Layer 3 operations too? If so post the config for 6504A.

Joey
A+, Network+, MCP
 
Upvote 0 Downvote
3845-1

Wyk3845-1#sh run
Building configuration...

Current configuration : 3263 bytes
!
version 12.4
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
!
hostname wyk3845-1
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 xxxxxxxxxxxxxxxxxxxxxx
!
no aaa new-model
!
resource policy
!
clock timezone EST -5
clock summer-time EDT recurring
ip cef
!
!
!
!
ip domain name yourdomain.com
!
!
crypto pki trustpoint TP-self-signed-3415963422
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3415963422
revocation-check none
rsakeypair TP-self-signed-3415963422
!
!
crypto pki certificate chain TP-self-signed-3415963422
certificate self-signed 01
3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33343135 39363334 3232301E 170D3036 31303236 30373233
33355A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 34313539
36333432 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100B773 4CE13E32 AD7AE25A EDAD22FC 385DDBCC 896A41B1 A5642DB4 4BED697C
DA7A387F 51CEA650 29319D7C 31F10A01 356C5D2B 892D71B3 ABF1D2CE 340E6552
E40EDEFF B3733E70 5EB92CD8 BC2BF888 7B2C6E81 70251ABD 233F0980 56CD8881
2C33B21D 8863ECBD 13F5AC01 41672058 400A714C 394D9236 140F59C2 F10122A3
97930203 010001A3 77307530 0F060355 1D130101 FF040530 030101FF 30220603
551D1104 1B301982 17796F75 726E616D 652E796F 7572646F 6D61696E 2E636F6D
301F0603 551D2304 18301680 144B656F 15744E4B 2969481F D84B3AD0 C7DDE324
C5301D06 03551D0E 04160414 4B656F15 744E4B29 69481FD8 4B3AD0C7 DDE324C5
300D0609 2A864886 F70D0101 04050003 818100A1 78F60597 52EC9E60 815ADB3A
DFADF75F 4ED583D8 4770E4F3 902D4DBA 25F714BF 25C4FAA4 51BA5C2E DF0F5E9C
EDA126F9 CA341CBA BD685D48 3F863003 0C155423 5766F7D9 22AA92CB B48A7BBE
8A9395C3 FC3B505D 5DCDD7D0 88B76633 6CC76B00 3B221CB1 DC19C4B7 4F51507F
341BAC57 C9E45D94 089538A4 03E2F389 9B59E0
quit
username aaaaaaaa privilege 15 password 7 xxxxxxxxx
!
!
track 4 interface GigabitEthernet0/0 ip routing
!
!
interface GigabitEthernet0/0
description Primary InternalWAN
ip address 10.178.188.65 255.255.255.192
ip nbar protocol-discovery
duplex auto
speed auto
media-type sfp
negotiation auto
!
interface GigabitEthernet0/1
ip address 10.178.188.4 255.255.255.192
duplex auto
speed auto
media-type rj45
negotiation auto
no keepalive
standby 132 ip 10.178.188.6
standby 132 priority 105
standby 132 preempt
standby 132 track 4
!
router eigrp 101
redistribute static
network 10.0.0.0
no auto-summary
!
ip route 0.0.0.0 0.0.0.0 10.178.188.3
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
access-list 23 permit 10.10.10.0 0.0.0.7
access-list 23 permit any
!
control-plane
!
!
line con 0
login local
stopbits 1
line aux 0
stopbits 1
line vty 0 4
privilege level 15
login local
transport input telnet ssh
line vty 5 15
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 20000 1000
!
end

6504_A

6504_A#sh run
Building configuration...

Current configuration : 6994 bytes
!
!
!
upgrade fpd auto
version 12.2
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
service internal
service counters max age 5
!
hostname 6504_A
!
boot system flash sup-bootdisk:
enable secret 5 xxxxxxxxxxxx
!
username aaaaaaaa privilege 15 password 7 xxxxxxxxxxx
no aaa new-model
clock timezone EST -5
clock summer-time EDT recurring 2 Sun Mar 2:00 1 Sun Nov 2:00
ip subnet-zero
ip wccp web-cache
!
!
no ip domain-lookup
!
udld enable

no mls flow ip
no mls acl tcam share-global
mls ip multicast flow-stat-timer 9
mls cef error action freeze
!
!
!
!
!
!
!
fabric buffer-reserve queue
diagnostic cns publish cisco.cns.device.diag_results
diagnostic cns subscribe cisco.cns.device.diag_commands
!
redundancy
mode sso
main-cpu
auto-sync running-config
!
spanning-tree mode rapid-pvst
spanning-tree loopguard default
spanning-tree portfast bpduguard default
spanning-tree extend system-id
!
vlan internal allocation policy ascending
vlan access-log ratelimit 2000
!
!
no crypto ipsec nat-transparency udp-encaps
!
!
interface Port-channel2
switchport
switchport trunk encapsulation dot1q
no ip address
!
interface Port-channel4
switchport
switchport trunk encapsulation dot1q
no ip address
!
interface GigabitEthernet1/1
switchport
switchport trunk encapsulation dot1q
no ip address
channel-group 4 mode desirable
!
interface GigabitEthernet1/2
switchport
switchport trunk encapsulation dot1q
no ip address
channel-group 4 mode desirable
!
interface GigabitEthernet3/1
description Temp3750 Switch
switchport
switchport access vlan 31
switchport trunk encapsulation dot1q
no ip address
udld port
!
interface GigabitEthernet3/2
description To IPS 4G - Primary ASA Inside G0/1
switchport
switchport access vlan 31
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet3/3
description Wyckoff3845-1
switchport
switchport access vlan 32
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet3/4
switchport
switchport access vlan 31
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet3/5
description Vlan33-Layer 2 Segment
switchport
switchport access vlan 33
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet3/6
description Vlan33-Layer 2 Segment
switchport
switchport access vlan 33
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet3/7
description Trunk to Core2
switchport
switchport trunk encapsulation dot1q
no ip address
channel-group 2 mode desirable
!
interface GigabitEthernet3/8
description Trunk to Core2
switchport
switchport trunk encapsulation dot1q
no ip address
channel-group 2 mode desirable
!
interface GigabitEthernet3/9
switchport
switchport access vlan 31
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet3/10
switchport
switchport access vlan 31
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet3/11
switchport
switchport access vlan 31
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet3/12
switchport
switchport access vlan 31
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet3/13
switchport
switchport access vlan 31
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet3/14
switchport
switchport access vlan 31
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet3/15
switchport
switchport access vlan 31
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet3/16
switchport
switchport access vlan 31
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet3/17
description Vlan33-Layer 2 Segment
switchport
switchport access vlan 33
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet3/18
description Vlan33-Layer 2 Segment
switchport
switchport access vlan 33
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet3/19
description Vlan33-Layer 2 Segment
switchport
switchport access vlan 33
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet3/20
description Vlan33-Layer 2 Segment
switchport
switchport access vlan 33
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet3/21
switchport
switchport access vlan 31
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet3/22
switchport
switchport access vlan 31
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet3/23
switchport
switchport access vlan 31
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet3/24
description Bluecoat 2
switchport
switchport access vlan 34
switchport mode access
no ip address
spanning-tree portfast
!
interface Vlan1
ip address 10.178.176.34 255.255.255.128
!
interface Vlan31
ip address 10.178.183.68 255.255.255.224
standby 31 ip 10.178.183.70
standby 31 priority 105
standby 31 preempt
!
interface Vlan32
ip address 10.178.188.1 255.255.255.192
standby 32 ip 10.178.188.3
standby 32 priority 105
standby 32 preempt
!
interface Vlan33
no ip address
!
interface Vlan34
ip address 10.178.188.202 255.255.255.248
standby 34 ip 10.178.188.201
standby 34 priority 105
standby 34 preempt
!
interface Vlan35
ip address 10.178.183.98 255.255.255.224
standby 35 ip 10.178.183.97
standby 35 priority 105
standby 35 preempt
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.178.183.71
ip route 0.0.0.0 0.0.0.0 10.178.183.4 10
ip route 10.0.0.0 255.0.0.0 10.178.183.100
ip route 10.178.188.65 255.255.255.255 10.178.188.4
ip route 10.178.192.0 255.255.255.0 10.178.183.8
ip route 143.104.176.0 255.255.240.0 10.178.183.100
ip route 159.132.1.10 255.255.255.255 10.178.176.124
ip route 172.22.0.0 255.255.0.0 10.178.183.100
ip route 172.22.16.0 255.255.248.0 10.178.183.100
ip route 172.22.24.0 255.255.248.0 10.178.183.100
ip route 172.25.0.0 255.255.0.0 10.178.183.100
ip route 192.168.128.0 255.255.224.0 10.178.188.6
ip route 192.168.160.0 255.255.224.0 10.178.183.100
ip route 192.168.200.0 255.255.255.0 10.178.183.71
!
no ip http server
!
!
!
!
control-plane
!
!
!
dial-peer cor custom
!
!
!
!
line con 0
line vty 0 4
password 7 xxxxxxxxxx
login local
!
exception core-file
scheduler runtime netinput 300
ntp clock-period 17415854
ntp update-calendar
ntp server 10.178.176.125
no cns aaa enable
end

6504_A#

 
Upvote 0 Downvote
Can you post show ip route and show ip interfaces on 3845-1 and 6504A? Can you ping 10.178.183.98 from 3845-1? Also, did the routing ever work before?

Joey
A+, Network+, MCP
 
Upvote 0 Downvote
I am sorry that I did not get back to you before but I finally got this up and running. Thank you for your help.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Pankaj88
  • Locked
  • Question
BGP Routing Clarification
Replies
0
Views
281
Pankaj88
Pankaj88
mikey789
  • Locked
  • Question
Can 4000-M Routing VLANs ?
Replies
0
Views
170
mikey789
mikey789
paramjotsingh
  • Locked
  • Question
InterVALN Routing in Switch 3850
Replies
4
Views
263
paramjotsingh
paramjotsingh
jmkelly
  • Locked
  • Question
Dynamic routing protocols for catalyst 3850 switches
Replies
4
Views
447
ADB100
ADB100
mutantx
  • Locked
  • Question
CiscoVG202 and Vertical PBX - routing calls
Replies
0
Views
153
mutantx
mutantx

Part and Inventory Search

Sponsor

Back
Top