INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Jobs

Please help routing issue (I think) from Branch office

Please help routing issue (I think) from Branch office

(OP)
Ok Gals and Guys this is a pretty lengthy post so I will make the narrative as short as possible.  It has been many years since I have done any of this so I need HELP!!

This is with a Juniper SSG320 with ScreenOS 6.0

I am having a routing issue I believe.  I am pretty confident it is int he NetScreen Firewall.
 
The situation is I have communication to and from the Branch Office from the Main network (PING, RDP, etc.) and to and from the Trusted Interface of the Firewall to Branch Office.  I can access the Interent from the Main Office just fine.  But I cannot access the Internet from the Branch office.  When I try to ping Google from the Branch Office it resolves DNS just fine with the DNS server in the Main Office but it does not go any further than the Trusted interface of the firewall as far as I can tell.  There is not any logging when I ping from the Branch Office to the Trusted Interface.  I just cannot determine where the breakdown is.
 
If you have a moment can you look at the config files below and see if there is anything you notice may be incorrrect?  I put the Branch Office Router, Main Office Router, Internet ROuter and listed the Static routes and policies from the Juniper device.
 
One las tntoe this is an MPLS IP VPN WAN



Branch Office Router Config
 
Building configuration...
Current configuration : 1200 bytes
!
version 12.2
service timestamps debug datetime localtime show-timezone
service timestamps log datetime localtime show-timezone
service password-encryption
!
hostname BranchOffice
!
logging buffered 4096 debugging
no logging console
enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
!
clock timezone EST -5
clock summer-time EDT recurring
ip subnet-zero
!
!
ip domain-list mycompany.com
ip domain-name mycompany.com
ip name-server 10.44.0.30
!
!
!
!
interface Ethernet0/0
 description IP VPN Location 5
 ip address 10.44.16.1 255.255.252.0
 ip helper-address 10.44.0.30
 ip accounting output-packets
 full-duplex
!
interface Serial0/0
 description IP VPN Location 5
 ip address 192.168.1.26 255.255.255.252
 ip accounting output-packets
 no ip route-cache
 no ip mroute-cache
 service-module t1 timeslots 1-24
 no cdp enable
!
router eigrp 150
 redistribute static
 network 10.0.0.0
 no auto-summary
!
ip default-gateway 192.168.1.25
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0 192.168.1.25
ip http server
!
no logging trap
!
line con 0
 login
line aux 0
line vty 0 4
 password 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 login
!
ntp clock-period 17208327
ntp server 198.82.1.204
ntp server 10.44.0.30 prefer
end
 
 
=====================================

Main Office Router Config
 
Building configuration...
Current configuration : 2033 bytes
!
! Last configuration change at 15:42:32 EDT Fri Jun 27 2008
! NVRAM config last updated at 11:57:17 EDT Fri Jun 27 2008
!
version 12.3
service timestamps debug datetime localtime show-timezone
service timestamps log datetime localtime show-timezone
service password-encryption
!
hostname MainOffice
!
logging buffered 4096 debugging
enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
!
clock timezone EST -5
clock summer-time EDT recurring
ip subnet-zero
!
!
ip domain list Mycompany.com
ip domain name mycompany.com
ip name-server 10.44.0.30
!
!
!
!
!
interface FastEthernet0/0
 description MainOffice 0
 ip address 10.44.0.2 255.255.252.0
 ip accounting output-packets
 duplex auto
 speed auto
 no cdp enable
!
interface Serial0/0
 description MainOffice
 ip address 192.168.1.10 255.255.255.252
 ip accounting output-packets
 service-module t1 timeslots 1-24
!
interface FastEthernet0/1
 description Uplink to Firewall/INternet for all sites
 ip address 10.44.40.1 255.255.252.0
 ip accounting output-packets
 duplex auto
 speed auto
!
interface FastEthernet1/0
 no ip address
 shutdown
 duplex auto
 speed auto
!
router eigrp 150
 redistribute static
 network 10.0.0.0
 network 192.168.1.0
 no auto-summary
!
ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1 10.44.40.2
ip route 10.44.0.0 255.255.252.0 FastEthernet0/0
ip route 10.44.4.0 255.255.252.0 Serial0/0 192.168.1.9
ip route 10.44.8.0 255.255.252.0 Serial0/0 192.168.1.9
ip route 10.44.12.0 255.255.252.0 Serial0/0 192.168.1.9
ip route 10.44.16.0 255.255.252.0 Serial0/0 192.168.1.9
ip route 10.44.20.0 255.255.252.0 Serial0/0 192.168.1.9
ip route 10.44.24.0 255.255.252.0 Serial0/0 192.168.1.9
ip route 10.44.40.0 255.255.252.0 FastEthernet0/1 10.44.40.2
ip route 192.168.1.0 255.255.255.0 Serial0/0 192.168.1.9
!
!
no logging trap
logging facility local2
!
line con 0
 login
line aux 0
 password 7 xxxxxxxxxxxxxxxxxxxxxxxxx
 login
line vty 0 4
 password 7 xxxxxxxxxxxxxxxxxxxxxxxxxx
 login
!
ntp clock-period 17177059
ntp server 198.82.1.204
ntp server 10.44.0.30 prefer
!
end
 
=========================================
 
Internet Router Config
 
 
Using 2102 out of 29688 bytes
!
! Last configuration change at 16:41:54 EDT Thu Jun 26 2008
! NVRAM config last updated at 16:42:45 EDT Thu Jun 26 2008
!
version 12.2
service timestamps debug datetime localtime show-timezone
service timestamps log datetime localtime show-timezone
service password-encryption
!
hostname INTERNET
!
logging buffered 4096 debugging
no logging console
enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
!
clock timezone EST -5
clock summer-time EDT recurring
ip subnet-zero
ip cef
!
!
ip domain-name Mycompany.com
ip name-server xxx.xxx.yyy.a
ip name-server ggg.ggg.ggg.ggg
!
ip audit notify log
ip audit po max-events 100
!
!
!
interface Multilink1
 description Multilink to Internet
 ip address xxx.xxx.xxx.b 255.255.255.252
 ppp multilink
 no ppp multilink fragmentation
 multilink-group 1
!
interface FastEthernet0/0
 ip address ccc.ccc.ccc.a 255.255.255.248
 duplex auto
 speed auto
!
interface Serial0/0
 description Multilink Internet0
 no ip address
 ip accounting output-packets
 encapsulation ppp
 no ip mroute-cache
 no fair-queue
 service-module t1 timeslots 1-24
 ppp multilink
 multilink-group 1
!
interface Serial0/1
 description Multilink Internet1
 no ip address
 ip accounting output-packets
 encapsulation ppp
 no ip mroute-cache
 no fair-queue
 service-module t1 timeslots 1-24
 ppp multilink
 multilink-group 1
!
router eigrp 150
 network 10.0.0.0
 network 192.168.1.0
 network ccc.ccc.ccc.0 0.0.7.255
 neighbor ccc.ccc.ccc.b FastEthernet0/0
 auto-summary
!
ip default-gateway xxx.xxx.xxx.a
ip classless
ip route 0.0.0.0 0.0.0.0 xxx.xxx.xxx.a
ip route 10.44.0.0 255.255.0.0 FastEthernet0/0 10.44.40.2
ip route 192.168.1.0 255.255.255.0 FastEthernet0/0 209.197.32.74
ip http server
!
logging trap debugging
logging facility local3

!
line con 0
 login
line aux 0
line vty 0 4
 password 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 login
!
ntp clock-period 17208317
ntp server 198.82.1.204
end
 
 
 
===============================================
 
 
Juniper Routes
 
IPv4 Dest-Routes for <trust-vr> (19 entries)
--------------------------------------------------------------------------------
------
         ID          IP-Prefix      Interface         Gateway   P Pref    Mtr
  Vsys
--------------------------------------------------------------------------------
------
* 0.0.0.0/0         eth0/2   209.197.32.73   S   
* 10.44.0.0/16      eth0/0      10.44.40.1   S         
* 192.168.1.8/30    eth0/0      10.44.40.1   S
* 192.168.1.24/30   eth0/0      10.44.40.1   S
* 10.44.24.0/22     eth0/0      10.44.40.1   S
* 10.44.28.0/22     eth0/0      10.44.40.1   S
* 10.44.16.0/22     eth0/0      10.44.40.1   S
* 10.44.20.0/22     eth0/0      10.44.40.1   S
* 10.44.8.0/22      eth0/0      10.44.40.1   S
* 10.44.12.0/22     eth0/0      10.44.40.1   S   
* 10.44.0.0/22      eth0/0      10.44.40.1   S
* 10.44.4.0/22      eth0/0      10.44.40.1   S
* 10.44.32.0/22     eth0/0      10.44.40.1   S
 
 
Juniper Policies
 
Total regular policies 4, Default deny.
    ID From     To       Src-address  Dst-address  on   CB
     2 Untrust  Trust    Any          MIP MAIL                 Permit enabled ---X-X
     3 Untrust  DMZ      Any          MIP HTTP                 Permit enabled ---X-X
     8 Trust    Untrust  Any          Any          ANY                  Permit enabled ---X-X
  

RE: Please help routing issue (I think) from Branch office

you have a route... but do you have a policy for the traffic?

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Resources

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close