Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

OSPF and Default routes

Status
Not open for further replies.
Mark192

Mark192

IS-IT--Management
Joined
May 15, 2002
Messages
67
Location
GB
I've just inheratited a new OSPF network, although there seems to be some strange errors

Originally there was no default route, I've setup static routes on the all routers pointing to router in building A, which in turn has its default set to our firewall.

Building A works fine, everyone can ping all sites and access the net without any problems

All the other sites are able to ping all sites but not able to surf.

I've tried a trace and it seems as the external port of the router in Building A is dropping the traffic but I can't see why.

No access lists on any routers

 
Sort by date Sort by votes
Let OSPF source the default route! On the router closest to the Firewall:

Router ospf xxx
default-information-originate metric 1 type 1
!
ip route 0.0.0.0 0.0.0.0 <next-hop>

Do this only in the router closest to the firewall. That router will generate a default route and propagate that back to the other routers. Then go back and remove all static routes for 0.0.0.0 from the other routers.
 
Upvote 0 Downvote
Thanks

Tried it already and it doesn't seem to work either

 
Upvote 0 Downvote
When you say, "ping all sites", what are you referring to? They can ping all your local subnets, but not the internet at large?

 
Upvote 0 Downvote
1.All your routers send unknown routes down the default- route to a router in building A.

2. The router in building A sends all unknown traffic down the default to the firewall.

3. All nodes in building A can surf just fine.

4. All of the nodes attached to the other routers can ping building A as well as the other sites, but can't surf.

5. When you perform a traceroute (from other than building A?) the traffic appears to be stopping at router A.

Seems the firewalls routes may need to be scrutinized. The firewall obviously knows the route back to building A, but does it know the route back to the subnets attached to the other routers?
 
Upvote 0 Downvote
doing a trace stops on the inbound interface on the router, it doesn't even get as far as the firewall

but other than that everything is exactly right
 
Upvote 0 Downvote
If the inbound interface is the last hop seen in the trace I would still suspect the firewalls route table; or maybe the mask attached to it.

If you see router A's IP interface in the trace it means the packet is following the default route to router A but is unable to get past router A. Now, one may suspet router A, but the issue most likely lies beyond that point. See, if the firewall can't return the trace packet then router A would be the last good hop you'd see in the trace.

Without an access-list configured in router A there is no reason for traffic bound for the internet to stop there unless the default-route or the firewall is configured wrong.
 
Upvote 0 Downvote
got you

give it a check in the later
Cheers
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

CPM86
  • Locked
  • Question Question
Cisco isr 4331 with IOS and sip busy fail over to 2nd sip number on pbx?
Replies
0
Views
559
CPM86
CPM86
Lccarter
  • Locked
  • Question Question
Cisco CUCM Provisioning and Order Management System
Replies
1
Views
463
Lccarter
Lccarter
acabezas2014
  • Locked
  • Question Question
Need to create QoS for SNMP and Radius traffic on Cisco 4948 Switches
Replies
0
Views
304
acabezas2014
acabezas2014
mrdom
  • Locked
  • Question Question
RV325: Accessing LAN and WAN resources using the same hostname ...
Replies
0
Views
325
mrdom
mrdom
mattbarkerlfc
  • Locked
  • Question Question
Excessive OSPF re-transmissions
Replies
0
Views
211
mattbarkerlfc
mattbarkerlfc

Part and Inventory Search

Sponsor

Back
Top