f



Branch can't get to internet, can't ping anything but ethernet at main site.

Ok,
What am i missing?
I've got a new MPLS connection up and running.
I can ping the branch site from my main site just fine.
I can not ping ANYTHING past the main site ethernet port via
the branch router.  Can someone please help me out!!!

Heres so configs
Main:

interface FastEthernet0/0
 description $ETH-SW-LAUNCH$$INTF-INFO-FE 0/0$$ETH-LAN$
 ip address 192.168.1.251 255.255.255.0
 duplex auto
 speed auto
!
interface Serial0/0/0
 ip address 63.239.127.226 255.255.255.252
 ip access-group 189 in
 service-module t1 timeslots 1-12
!
router rip
 version 2
 passive-interface FastEthernet0/0
 passive-interface Serial0/0/0
 network 63.0.0.0
 network 192.168.1.0
 neighbor 192.168.2.0
 no auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.250
ip route 192.168.2.0 255.255.255.0 63.239.127.225
!

Branch router:

!
interface Serial0
 ip address 72.165.109.6 255.255.255.252
 ip helper-address 192.168.1.205
 no ip directed-broadcast
 fair-queue 64 256 0
 service-module t1 timeslots 1-6
 no cdp enable
!
interface FastEthernet0
 description connected to LAN
 ip address 192.168.2.254 255.255.255.0
 no ip directed-broadcast
 full-duplex
 no cdp enable
!
router rip
 version 2
 network 192.168.2.0
 neighbor 192.168.1.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0
no ip http server
!
no cdp run

0
tdivel (7)
4/22/2006 3:58:07 PM
comp.dcom.sys.cisco 25313 articles. 0 followers. Post Follow

9 Replies
1159 Views

Similar Articles

[PageSpeed] 1

td ha escrito:

> Ok,
> What am i missing?
> I've got a new MPLS connection up and running.
> I can ping the branch site from my main site just fine.
> I can not ping ANYTHING past the main site ethernet port via
> the branch router.  Can someone please help me out!!!
>

To me it sounds like whatever you are pinging behind the main site
router does not have a route to the new branch site to be able to
return the ICMP replies...
HTH,
James

0
acrux14
4/22/2006 4:56:33 PM
I assume I'm missing something.
I thought the ip route 192.168.2.0 255.255.255.0 63.239.127.225 route
on the mainsite router
would get all that traffic directed back to the remote router, but it
doesn't seem like it.

Its like the mainsite router isn't actually routing any of the remote
branch router traffic, as from
the branch i can't get on the internet.

0
td
4/22/2006 5:18:49 PM
I'm not sure how MPLS fits in here, but I'll give you my insight
anyways and you can decide if it's useful...

You said in your first post that you were able to ping the main site
ethernet interface from the branch site, right? So that means your
static route is working fine.

The problem is with whatever downsetream device you are trying to ping
*behind* the main site router (firewall, internal switch/router,
server, etc. - if you have a firewall make sure that it is not blocking
traffic). Does that downstream device have a route for the branch
subnet, with the main site ethernet as the next hop? The device needs
to know that to go back to the branch site it has to go through the
main site router.

It looks to me that you're not advertising that static route you have
set up on the main site router over your Fast Eth interface. BTW, who's
taking care of NAT in this scenario?

James

0
acrux14
4/22/2006 5:42:00 PM
No firewall in play here.

>From 192.168.2.254 (internal address of branch router, I can ping
72.165.109.6
72.165.109.5
63.239.127.225
63.239.127.226
192.168.1.251

It dies if I attempt to ping 192.168.1.250 (my internet router)
I've even put a specific route on the internet router that 192.168.2.0
traffic goes to 192.168.1.251

I'm at a loss, why can't I ping or get to anything off the local
192.168.1 subnet
from 192.168.2.x??

Also, NAT is working fine on my internet router, would I need NAT on my
MPLS network as well??  If so, I really need some help.

0
td
4/22/2006 7:44:43 PM
That's strange... if you can ping all that you say you can ping from
the branch router, and you add:

ip route 192.168.2.0 255.255.255.0 192.168.1.251 (which is probably
what you added)

in your Internet router, you should definately be able to ping from the
branch site...

Only things I can think as possible source of problems:

1) You are not sourcing your ping with your Fast Eth address at the
branch site. Are you doing "ping 192.168.1.250 source Fast 0/0/0" (or
"ping 192.168.1.250 source 192.168.2.254") ?

2) There's some higher precedence route for that subnet in your
Internet router. What do you get when you do "sh ip route 192.168.2.0"
in your Internet router?

Let me know.

James

0
James
4/22/2006 8:46:04 PM
I'm definatley sourcing from 192.168.2.254...
The only route to 192.168.2.0 was the static set
to 192.168.1.251.
I considered some old route stuck somewhere because
we've got junky old Motorolas that are being replaced.

from 192.168.1.250 I can ping 192.168.1.251 but can't
ping its WAN (63.239.127.226) or anything beyond on the
way to 192.168.2.x.

I think something is turned on that router that I just don'tknow
about...
Heres more of the config.  Its a newer router 2800 series and the IOS
has more capacity
than I'm used to!!!


!
!
interface FastEthernet0/0
 description $ETH-SW-LAUNCH$$INTF-INFO-FE 0/0$$ETH-LAN$
 ip address 192.168.1.251 255.255.255.0
 duplex auto
 speed auto
!
interface Serial0/0/0
 ip address 63.239.127.226 255.255.255.252
 service-module t1 timeslots 1-12
!
router rip
 version 2
 passive-interface FastEthernet0/0
 passive-interface Serial0/0/0
 network 63.0.0.0
 network 192.168.1.0
 neighbor 72.165.109.4
 neighbor 192.168.2.0
 no auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.250
ip route 10.1.10.0 255.255.255.0 192.168.1.254
ip route 72.165.109.4 255.255.255.252 63.239.127.225
ip route 192.168.2.0 255.255.255.0 72.165.109.5
!
ip http server
ip http authentication local
ip http timeout-policy idle 5 life 86400 requests 10000
!
!
control-plane

0
td
4/22/2006 9:08:22 PM
Very strange indeed... only thing I can think of now is doing some
sniffing on the main site LAN (I use a Linux box and tcpdump). That way
you'll be able see if the ping packets are making it to the wire when
pinging your internet router and the internet router is not sending
them back, or if they are not making it to the wire at all.

Something strange in the last config you posted... how did the router
allow you to set the static route "ip route 192.168.2.0 255.255.255.0
72.165.109.5", if the next hop address (72.165.109.5) is not part of
any directly connected subnet??? I would think the router would reject
such a command...

J.

0
James
4/23/2006 2:16:47 AM
Ok,
Got it figured out.
The 0.0.0.0 0.0.0.0 route was pointed to my internet router
(192.168.1.250)
Since it didn't know about the MPLS addresses (the 72.165.109.5 &
63.239.127.226 networks)
it didn't know how to get back....

Dumb, I know.

Also, once I got that figured out, I found out that for the remote site
to get out on the internet
I need to NAT an address, I didn't have to do this with my old frame
relay circuit.  Why do I have
to do that now?

0
td
4/23/2006 6:58:34 PM
Glad you solved it.

Will your remote site Internet-bound traffic be accessing the Internet
through the remote site router, or will it traverse the MPLS network to
the main site and access the Internet from there? If you do the latter,
you may get away without the need to do any special NAT for this site,
plus you will be able to exercise more control on that traffic. Just
have the remote site follow the same path as your main site Internet
users...

If you want the remote site users to access the Internet "locally" then
you will definately need NAT done by the remote site router.

J.

0
James
4/24/2006 3:29:52 PM
Reply:

Similar Artilces:

Windows "routing" server separating two subnets
Gurus, I have a small lab with a bunch of servers setup on two different subnets, 192.168.1.1 is the gateway for one and 172.16.1.1 is the gateway for the other. Installed on my Router (Windows Server with three NICs - I know, please don't comment on this, it's is for learning purposes, not production), the third NIC is the gateway to the Internet. What works: The Router server can reach the Internet as well as the computers in the 192.168.1.0/24 subnet (the first subnet built). What's broken: The computers on the 172.16.1.0/16 subnet cannot get to the Inter...

Windows "routing" server separating two subnets
Gurus, I have a small lab with a bunch of servers setup on two different subnets, 192.168.1.1 is the gateway for one and 172.16.1.1 is the gateway for the other. Installed on my Router (Windows Server with three NICs - I know, please don't comment on this, it's is for learning purposes, not production), the third NIC is the gateway to the Internet. What works: The Router server can reach the Internet as well as the computers in the 192.168.1.0/24 subnet (the first subnet built). What's broken: The computers on the 172.16.1.0/16 subnet cannot get to the Inter...

Can't use my //e because I can't get any software for it
Here's my problem. I have an Apple //e, but I have absolutely no software for it. I have an older Mac. All of the images I have found are 5.25" and I can't write those back to the floppy using the Mac (or a PC for that matter). I don't have a null modem, but that doesn't matter because I don't have any comm software. Basically I have no way to get anything onto a bootable floppy. Now, if I could find a bootable image of a 3.5" disk I would be in business, but everything is in 5.25" format. Would an emaulator be able to create a bootable 3.5" disk for me? Would someone be able to email me an image of a 3.5" bootable Prodos system disk? Luis "Luis de Santos" <desantos@cfl.rr.nospam.com> wrote in message news:ivbeiv4l3u5qtn59dkj4q243af9eu8s9b6@4ax.com... > > Here's my problem. I have an Apple //e, but I have absolutely no > software for it. I have an older Mac. All of the images I have found > are 5.25" and I can't write those back to the floppy using the Mac (or > a PC for that matter). I don't have a null modem, but that doesn't > matter because I don't have any comm software. Basically I have no > way to get anything onto a bootable floppy. > > Now, if I could find a bootable image of a 3.5" disk I would be in > business, but everything is in 5.25" format. Would an emaulator be > able to create a bootable 3.5" disk for me? ...

OS X
after a bit of reading, it looks like I did a veeeeery shtupid thing... (I'm copying my post to this newsgroup, as the alt.sys.mac.newuser-help group didn't look quite as highly-trafficked...) anyways, here's what I did... ----------------------------------- in an effort to help the owner of a nice shiny new eMac 'clean up' their personal folder, I moved a few items... including the Library folder! it appears.... correct me if I'm wrong... that Mac OS X then created a NEW library... so we restarted it, and all the Quicken data, dialup info, (etc.) was gone... so we ...

config.sys corrupted; can't fix; can't start windows 2000
The computer attempts to open windows 2000 pro and gets hung up with the message that winn config.sus is corrupted. I tried booting from the win 2000 cd-rom and then creating floppy boot disks. The computer won't recognize or run off of these. Rename the Config.sys file in the root directly to ConfigOLD.sys. See if the machine will boot without it for now. Any release of NT should be able to. If you work out for sure that the Config.sys file is faulty, you can go in with your text editor, and troubleshoot it. You will need the base knowledge to work in this file. Jerry G. ======== ...

Can't see all of the queries when merging to MS Word and can't get to reports
I'm working with a database developed by an untrained person over several years - and on a network that has recently been upgraded with a new server installed and MS office upgraded from 2K (I think - it might have been XP) to 2003. The database is impressive, both in what it does and the obtuse and inconsistent ways it works. There are several hundred queries, for example, with no indication of where they are used or if they are in fact necessary at all... The database is for the local Hospice service, and their entire operation is based on it - from patient records to donations. The ...

can't get the $_GET['id'] after the header is sent but page doesn't redirect
In the first if, the page is displayed without any company cars selected. If there is a company selected, then the id value is posted and captured by the redirect (1st elseif). Then one of two things can happen. The final else the selected company/id cars get displayed in the browser, or in the case of a post to a form for excel, the a header gets sent to the to the current_sightingsXL.php page. The current_sightingsXL.php and current_sightings.php pages test out. The second elseif works with one minor problem. I have to type in the url with the id to get it to download to excel. i...

Can't Print, Can't Forward
Dear LN Experts, I have a simple Lotus Notes database containing a form with several fields but no subforms. In production, the application does not allow anyone to print documents created with the main form or to forward them via email. I have checked each field individually and confirmed that the form security setting allows printing and forwarding and I am at a loss to resolve the problem. Although I am a manager in the db, I myself am not allowed to print a document. The print option is grey in the file menu. If I create a new document, enter some data and save it,...

Can't do math. Can't read.
Can't do math. Can't read. We must be talking about Snit. LOL! ...

OT: Ah Lawyers. Can't live with 'em, can't shoot them...
http://zdnet.com.com/2100-1104_2-1024234.html Is Google's cache cutting a cash flow? By Stefanie Olsen CNET News.com July 10, 2003, 7:03 AM PT Quote: "Many of us copyright lawyers have been waiting for this issue to come up: Google is making copies of all the Web sites they index and they're not asking permission," said Fred von Lohman, an attorney at the Electronic Frontier Foundation. "From a strict copyright standpoint, it violates copyright." * To join/leave the list, search archives, change list settings, * * etc., please visit http://rave...

Re: OT: Ah Lawyers. Can't live with 'em, can't shoot them...
Does that mean that every PC that maintains a cache of web content is violating copyright ? -----Original Message----- From: Mark Wonsil [mailto:wonsil@4m-ent.com] Sent: Friday, July 11, 2003 10:40 AM To: HP3000-L@RAVEN.UTC.EDU Subject: [HP3000-L] OT: Ah Lawyers. Can't live with 'em, can't shoot them... http://zdnet.com.com/2100-1104_2-1024234.html Is Google's cache cutting a cash flow? By Stefanie Olsen CNET News.com July 10, 2003, 7:03 AM PT Quote: "Many of us copyright lawyers have been waiting for this issue to come up: Google is making cop...

Re: OT: Ah Lawyers. Can't live with 'em, can't shoot them...
Mark writes: > Is Google's cache cutting a cash flow? But on the positive side, last week the federal 9th circuit court affirmed that offering "thumbnails" of graphic images is "fair use"... http://yro.slashdot.org/article.pl?sid=03/07/07/2141216 G. * To join/leave the list, search archives, change list settings, * * etc., please visit http://raven.utc.edu/archives/hp3000-l.html * ...

iBlog: can't preview, can't publish
I've done a very simple Blog, when I click on preview, I have a little wheel near the preview turning around for ever, nothing happens. Same problem with the Publish function. Using iBlog 1.3.9/panther and a .mac accont. I've set everything like they say. -- *** remove "_no_junk" for mail replies *** ...

Can't cd , can't use wildcard
Hi , I am running Windows 2000 service pack 4.Whenever I try to "cd" into some of the directories(which exist), I get an "Invalid directory". I can use to get into few of the directories(using cd) but for other it just says "Invalid directory". Moreover, I can't use any wildcard characters..(*, ? etc) at all.. Any idea what is wrong? Thanks Arun On Sun, 31 Aug 2003 17:13:52 GMT, Arun Goel <arun.goel@sbcglobal.net> wrote the following to comp.os.msdos.misc: > Hi , > > I am running Windows 2000 service pack 4.Whene...

Why can't my serial driver can't keep up?
Hi, I'm trying to write a serial driver for Linux 2.6.7 on an Intel Xscale PXA255 for a custom UART implemented in an FPGA. The UART is accessed through the PCI bus and seems to be working correctly. I'm testing out the driver by sending it 260,000 bytes at 19200 no parity, 8 data bits, 1 stop bit. Unfortunately it doesn't always receive all the data. It frequently is missing a block of about 30-100 bytes. I set up the UART to be 64 bytes deep and interrupt the processor when the FIFO gets 14 bytes full, but I think something is delaying my ISR because the data is mis...

Re: OT: Ah Lawyers. Can't live with 'em, can't shoot them... #2
> -----Original Message----- > From: John Lee [mailto:jlee@vaskecomputer.com] > Sent: Friday, July 11, 2003 11:41 AM > To: HP3000-L@RAVEN.UTC.EDU > Subject: Re: [HP3000-L] OT: Ah Lawyers. Can't live with 'em, > can't shoot > them... > > > Good question. And what if it's a cookie? And how do you > determine that? > And if I get a cookie that I didn't "authorize", am I entitled to > compensation for rental use of my disk space? > > John Lee Or worse yet, what if it's one of these: Hackers Hijack PC's for Sex Sites By JOHN SCHWARTZ http://www.nytimes.com/2003/07/11/technology/11HACK.html?th (You gotta be a subscriber, free, yada-yada, minor copyright violation below:) More than a thousand unsuspecting Internet users around the world have recently had their computers hijacked by hackers, who computer security experts say are using them for pornographic Web sites. The hijacked computers, which are chosen by the hackers apparently because they have high-speed connections to the Internet, are secretly loaded with software that makes them send explicit Web pages advertising pornographic sites and offer to sign visitors up as customers. Unless the owner of the hijacked computer is technologically sophisticated, the activity is likely to go unnoticed. The program, which only briefly downloads the pornographic material to the usurped compute...

Can't get patches via smpatch, update manager, web, or wget; can't re-register with sconadm or update manager
I have a Sun software support contract. Since the new My Oracle thing went alive, I've been unable to update via smpatch or the update manager--voluminous Java error messages in / var/adm/messages include: Jan 23 16:33:41 osprey root: [ID 702911 user.error] => com.sun.patchpro.util.CachingDownloader@16c79d7 <=Downloader.getResponseCode() : IOExceptionNo route to host Other messages seem to suggest failure to use a proxy server (I have no proxy server here), although my network is behind a Solaris 10 'ipfilter' firewall that nat's the internal hosts. I&#...

if lisp can add any feature, then why doesn't it get used? I don't get it..
I really don't and for some odd reason I have this fascination with forth lisp smalltalk io haskell aggghhh!! On 2008-09-06 11:46:32 +0100, gavino <gavcomedy@gmail.com> said: > I really don't > > and for some odd reason I have this fascination with forth lisp > smalltalk io haskell > > aggghhh!! Isn't the answer *precisely* in your asking the question? Lisp is not used by "people who don't get it". Not because those that do are any smarter or born geniuses, but surely *because* they decided to put in *the effort* to learn and see "...

Can't see hard drive/can't boot.
Using an Intel Mac with 2gb ram with updated Leopard. When starting up, the hard drive does its usual whine, then stops, and starts again. I get the Apple logo on the grey background. But it refuses to go further. Just does this over and over. Its like its hitting some block on the startup. So I take that hard drive and try it on another Mac. It sees it perfectly. I try some utilities to test it - tests 100%. It behaves perfectly. Then I take the 2nd hard drive I use all the time on that system (firewire) and plug it into the other Mac. Its invisible. Nothing in the Finder. ...

Eudora can't write to file so can't start
I start Eudora. I get the mailbox In has been changed and is different from the table of contents error. I click rebuild. I get the error message saying can'r open file eudora\attachablah-blah (loads of sgquiggle charcters I can't recreate). I click ok and get an unhandled exception error. Then I get the illegal operation closing down error. then we cycle endlessly though it. I can't get Eudora started and would be grateful for ideas. Thanks in advance, BB Big Bill <kruse@cityscape.co.uk> wrote in news:qhedk0lpmnjgkd9hnia5q82cqfbccnfrfl@4ax.com: > I start Eudora. I get the mailbox In has been changed and is different > from the table of contents error. I click rebuild. I get the error > message saying can'r open file eudora\attachablah-blah (loads of > sgquiggle charcters I can't recreate). > I click ok and get an unhandled exception error. Then I get the > illegal operation closing down error. then we cycle endlessly though > it. > I can't get Eudora started and would be grateful for ideas. > Thanks in advance, > > BB > Assuming that Eudora is not running (all renaming operations etc should be done with Eudora *NOT* running). Further assuming you do NOT have a virus. Copy/Backup the in.mbx and in.toc files to another location. Then delete the in.toc, and retry opening Eudora. If another error comes up, you have to rename the in.mbx file to something like in-old.mbx...

Maple9 Can't run, can't re-install
-I installed the maple-9 on laptop without any problem. But when I run it, nothing happens. -I tried to uninstall it with start->settings->control panel->add/remove program->maple9, the "add/remove program" freeze (for long--------). All other programs still work at that time (computer is not froozen). -I tried to shut down the computer, it needs to 'end' the 'un-installation' -I tried to re-install the maple9 from the original CD, nothing happens. -With 'autorun', it runs a few seconds and nothing happens. -Tried to installed it ...

Getting Error can't find '__main__' module in 'X'
Hey I am newbie in python.I have installed python 2.7.5 correctly.It is working fine but I am having some issues.I have set windows Enviroment variables. The problem is when I try to save my program in a folder(C:\Users\John\X)it shows that module error but when I save it outside this X folder ( C:\Users\John ) It runs successfully.How to fix it? On 06/02/2013 07:04 AM, meakaakka wrote: > Hey I am newbie in python.I have installed python 2.7.5 correctly.It is working fine but I am having some issues.I have set windows Enviroment variables. Please be a lot more specific. Do you have ...

Can ping sites but can't connect to them
After upgrading win98 to win98se, I installed a new network card, Belkin F5D5000. I am connected to a network through a router and cable modem. This computer is able to recognize and communicate with all other computers on the network, but it will not connect to internet addresses, not even the router address 192.168.0.1 I can, however ping any address and get a response. Why can't I get a normal internet connection? Other computers on the network connect normally to the internet. Your help would be appreciated. The Limey Check and make sure Proxy is checked to 'Automat...

I don't work for IBM and I don't make promises I can't deliver on
I wish I could afford an advertising campaign to compete with what they have on the Internet now. I promise to go totally ballistic at the next LLLNL contract. Robert. On 8/12/2011 11:24 PM, Robert Myers wrote: > I wish I could afford an advertising campaign to compete with what they > have on the Internet now. > > I promise to go totally ballistic at the next LLLNL contract. > > Robert. I don't work for IBM (anymore) either. If you are talking about the death of Blue Waters, I don't believe they said they couldn't deliver. They said they chose not to because they would lose a bunch of money on the project since it turned out to cost a lot more than the initial guess. And I guess Ben chose not to print some more to pay for it. On Aug 24, 11:17=A0pm, Del Cecchi <delcec...@gmail.com> wrote: > On 8/12/2011 11:24 PM, Robert Myers wrote: > > > I wish I could afford an advertising campaign to compete with what they > > have on the Internet now. > > > I promise to go totally ballistic at the next LLLNL contract. > > > Robert. > > I don't work for IBM (anymore) either. =A0If you are talking about the > death of Blue Waters, I don't believe they said they couldn't deliver. > They said they chose not to because they would lose a bunch of money on > the project since it turned out to cost a lot more than the initial guess= .. > > And I guess Ben chose not to print some mor...

Web resources about - Branch can't get to internet, can't ping anything but ethernet at main site. - comp.dcom.sys.cisco

Resources last updated: 3/10/2016 1:59:02 AM