cisco 1811 not talking correctly

[frogman23]

Hi,

We are upgrading our exisiting T1 wan to an ethernet based WAN and i have the job of configuring routers to make this all work. I currently have 2 routers setup in a test environemnt (aka a big table) running a config that all i have to do is change ips and it run over the wan and the lan. The routers are setup in this way:

hostname: TestRtr1
WAN IP (FastEthernet0): 192.168.1.2 /24
LAN IP (FastEthernet1): 10.10.1.1 /24

hostname: TestRtr2
WAN IP (FastEthernet0): 192.168.1.1 /24
LAN IP (FastEthernet1): 10.10.2.1 /24

I have a test machine on each "LAN" using the IP addresses of 10.10.1.10 and 10.10.2.10. The routers have identical configs (except for the obvious IPs). I can ping and telnet from 10.10.1.10 all the way to 192.168.1.1. Sometimes I can ping to the 10.10.2.1 interface but no telnet, then again sometimes i can't even get a reply to the ping. From the 10.10.2.10 machine i can ping and telnet all the way to the 192.168.1.2 interface but no further. Using the Cisco's SDM i can ping from the 10.10.1.1 to the 10.10.2.1 interface all day with 100% sucess. I've tried everything i can think of with no luck and my deadline is quicly approaching. Please can anyone help me. Its probably something simple that i'm overlooking but a fresh set of eyes might help me out.

Thanks

 

[plshlpme]

you need routing.. either static or through on a routing protocol..

look at it this way

PC1 rtr1fa1 rtr1fa0 -- rtr2fa0 rtr2fa1 PC2

PC1 can ping rtrfa1 because it is its gateway
it can ping rtr1fa0 because it is a connected interface on its gateway
it can ping rtr2fa0 because again its part of a connected network on the gateway router... so far no routing has been needed.

now you want to cross over to a foreign network when you want to ping rtr2fa1

so you need some sort of routing

a static route would be the easiest

on tstrtr1 you need
ip route 10.10.2.1 255.255.255.0 192.168.1.1

and on tstrtr2 you need
ip route 10.10.1.1 255.255.255.0 192.168.1.2

 

[leedsit]

Hi, probably a slight overlook, I always do it....

on tstrtr1 you need
ip route 10.10.2.0 255.255.255.0 192.168.1.1

and on tstrtr2 you need
ip route 10.10.1.0 255.255.255.0 192.168.1.2


LEEroy
MCNE6,CCNP,CWNA,CCSA,Project+

 

[frogman23]

Thanks but no luck. I had static routing in place but i blew that away and recreated the statements. Still acting the same way. I was doing some research and found that some people who had similar problems configured irb and that fixed it. Is that the solution for my problem? I have never configured ibr before (or at least to my knowledge). If that is my solution, does anyone know a website that has an tutorial or example that i might learn from? I know i'm a bit rusty but this is even pathetic for me. Then again the last time i configured a router was in 02 on IOS version 11.x and the routers i'm using have version 12.4(9)T. Again thanks for all your help. (Belive me i need it at this point)

 

[Jimtron26]

Hi frogman23

Try running the "show ip interface brief" command on both routers and ensure all interfaces are constantly up, you may wish to change your cable between the two routers.

The static routing that leedit has posted should work fine.

Also, you could try running a basic routing protocol on both routers (RIP) and make sure that they each learn of the other`s connected LAN by doing a "show ip route" and seeing if there is an entry for the network with an "R" against it...

You can also run an extended ping from each router and specify the interface you wish to ping from. Command is simply #ping then press return, then fill in as appropriate until you get to Extended commands? type y and return and you will be prompted to state which interface (ie LAN or WAN) you wish to send the ping from

Hope this helps

Jim :O)
CCNA

 

[frogman23]

Again thanks so much for the help. I'm really glad i found these fourms. I am running EIGRP on the routers simply because thats what our current routers are using and they will have to work together for a while. I looked at the ip routes and everything is attached to the appropriate interface. I can still ping from TestRtr1 FE1 to TestRtr2 FE1 with 100% sucess and vice versa. I cannot ping from my test machines to the other routers LAN interface. The only exception is everyone once in a while i can ping from 10.10.1.10 (a test machine) to TestRtr FE1 (the lan interface). I will work on posting router configs and hopefully that will give a better insight into my problem. Thanks again.

 

[frogman23]

As promised router config. Hopefully someone can see what i'm missing.

Authorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!

User Access Verification

Username:
Password:
fcnbnet-STL1#show run
Building configuration...

Current configuration : 5726 bytes
!
! Last configuration change at 08:11:02 PCTime Wed Nov 22 2006 by
! NVRAM config last updated at 13:14:53 PCTime Tue Nov 21 2006 by
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname TestRtr1
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$t9C9$taye1u049slXOChB5O2AG.
!
no aaa new-model
!
resource policy
!
clock timezone PCTime -6
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
no ip source-route
!
!
ip cef
!
!
ip tcp synwait-time 10
no ip bootp server
ip domain name test.com

ip ssh time-out 60
ip ssh authentication-retries 2
!
!
crypto pki trustpoint TP-self-signed-2321686316
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2321686316
revocation-check none
rsakeypair TP-self-signed-2321686316
!
!
crypto pki certificate chain TP-self-signed-2321686316
certificate self-signed 01
3082024D 308201B6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32333231 36383633 3136301E 170D3036 31313137 32313130
33345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 33323136
38363331 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100A435 791EAB56 F48BDA09 5111697D F2746EA7 C4CEB0A3 CC827410 20F02D00
59DF5D76 B7BFB107 813A6313 2A02EC30 6FA7ED30 E5022776 E5EB2793 CCDD36C1
BAA4D1E4 0C940BEF 446CB063 1EDC14B3 834B3195 10F4E302 C14CFAC6 6BBBF9AD
C76E2C61 DA6459DB E6FFF7AE E3E46F2C AEAC10BA C56015E4 47545FB5 3EE70785
9D170203 010001A3 75307330 0F060355 1D130101 FF040530 030101FF 30200603
551D1104 19301782 1566636E 626E6574 2D53544C 312E6663 6E622E63 6F6D301F
0603551D 23041830 1680148F C610744B 012C6332 31FECA26 8AFA4FF5 2A220B30
1D060355 1D0E0416 04148FC6 10744B01 2C633231 FECA268A FA4FF52A 220B300D
06092A86 4886F70D 01010405 00038181 00290EFA DE383EC6 C30F439F CF2503D5
346FE208 1F7D53AE C6168B63 6B943783 94C6A1E6 73A249DA C8CE6FED 25BA6FBA
454040B5 0E34FBE8 C7354F76 0E288464 37A2FCBC D6B9D30E 7EF6D5B8 CE4ADD53
AF62EFAC 6A501E88 CD9AC34E F56315D7 76B0022E 8C53642D 2FBC5AE1 94D4EB5D
3F225BAF 6A007232 15A11788 01DF2609 4C
quit
username privilege 15 secret 5 $1$VwGX$xxv/YlbqUwmmRTAPzWYA//
!
!
!
!
!
!
interface FastEthernet0
description WAN Interface.$ETH-WAN$
ip address 192.168.1.2 255.255.255.0
ip access-group sdm_fastethernet0_in in
ip access-group sdm_fastethernet0_out out
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
!
interface FastEthernet1
description $FW_OUTSIDE$$ES_WAN$$ETH-WAN$
ip address 10.10.1.1 255.255.255.0
ip access-group sdm_fastethernet1_in in
ip access-group sdm_fastethernet1_out out
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
!
interface FastEthernet9
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-FE 2$$ES_LAN$$FW_INSIDE$
ip address 10.10.7.1 255.255.255.0
ip access-group sdm_vlan1_in in
ip access-group sdm_vlan1_out out
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1452
shutdown
!
interface Async1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
encapsulation slip
!
router eigrp 1
network 10.0.0.0
network 192.168.1.0
auto-summary
no eigrp log-neighbor-changes
!
ip route 0.0.0.0 0.0.0.0 FastEthernet0
ip route 10.10.7.0 255.255.255.0 192.168.1.1
!
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface FastEthernet0 overload
!
ip access-list extended sdm_fastethernet0_in
remark SDM_ACL Category=1
permit ip any any
ip access-list extended sdm_fastethernet0_out
remark SDM_ACL Category=1
permit ip any any
ip access-list extended sdm_fastethernet1_in
remark SDM_ACL Category=1
remark Open Back Door
permit ip any any
ip access-list extended sdm_fastethernet1_out
remark SDM_ACL Category=1
remark Open door 2
permit ip any any
ip access-list extended sdm_vlan1_in
remark SDM_ACL Category=1
permit udp host 10.10.1.3 eq domain any
remark Open Door
permit ip any any
ip access-list extended sdm_vlan1_out
remark SDM_ACL Category=1
remark Open Back Door
permit ip any any
!
no logging trap
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.10.1.0 0.0.0.255
access-list 1 permit 10.10.7.0 0.0.0.255
no cdp run
!
!
!
!
!
!
control-plane
!
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
transport output telnet
line 1
modem InOut
stopbits 1
speed 115200
flowcontrol hardware
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet ssh
line vty 5 15
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 4000 1000
scheduler interval 500
end

 

[frogman23]

Can you say noob. I can't belive that this problem avoided me for almost a week. The reason it wasn't working is becuase of a stupid nat statement that i forgot to remove on 1 of the routers. Houston, we have a noob a the controls. Anyway thanks for all your help and i'm off to setup the VPNs and the QOS. Never messed with QOS before so that means i might be back asking more questions.