July 20, 2008 02:23am pdt

1. uetian1707 67,628
2. DevilWAH 53,625
3. RobWill 52,805
4. lrmoore 19,748
5. Johnjces 16,450
6. toniur 12,800
7. martin_b... 12,700
8. ebjers 11,980
9. from_exp 11,000
10. KCTS 10,711
11. that1guy15 9,610
12. lnkevin 9,550
13. Chris-Dent 8,560
14. tigermatt 8,200
15. Richard_... 7,925

1. uetian1707 95,650
2. RobWill 83,949
3. DevilWAH 53,825
4. lrmoore 49,210
5. Johnjces 22,950
6. giltjr 22,110
7. KCTS 22,109
8. pseudocyber 20,416
9. rindi 18,684
10. keith_al... 18,200
11. ebjers 16,230
12. toniur 16,000
13. MrHusy 15,700
14. lnkevin 14,761
15. Fatal_Ex... 13,225

12.04.2007 at 04:52PM PST, ID: 23001923

	[x] Attachment Details

[x]

The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

The Grade of the Solution
The Zone Rank of the Expert Providing the Solution
The Number of Author and Expert Comments
The Number of Experts Contributing
The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!

7.4

Basic Routing Question

Zones: Network Management, Networking Hardware

Tags: routing

I don't quite understand the following scenerio:

I want to Ping from Server #1 to Server #2 across a point to point T1

Server #1 Router #1 Router #2 Server #2
192.168.1.1 --LAN-- 192.168.1.2 | 10.150.1.1 -- WAN -- 10.150.1.2 | 192.168.10.2 --LAN-- 192.168.10.1

If I add static Route #1 to server #1 I cannot ping Server #2, but if I add Route#1 and #2 I can.

Route #1 route add 192.168.10.0 MASK 255.255.255.0 192.168.1.2
Route #2 route add 10.150.1.0 MASK 255.255.255.252 192.168.1.2

If I need to send a packet to Server #2 from Server #1, I send the packet to Router #1,
1. Router #1 has a static route 'ip route 0.0.0.0 0.0.0.0 10.150.1.2' and sends any packet it gets to Router #2 anyway.
2. Router #2 has a static route 'ip route 0.0.0.0 0.0.0.0 10.150.1.1' and sends any packet it gets to Router #1 anyway.
Why do I have to add Route #2? Why does the Server have to know about the 10. network?

Start your free trial to view this solution

Question Stats

Zone: Networking

Question Asked By: Matrix1000

Solution Provided By: RouterDude

Participating Experts: 4

Solution Grade: A

Translate:

Loading Advertisement...

Microsoft

Internet Protocols
Applications

Development
OS

Hardware
Windows Security

Apple

Operating Systems
Hardware

Programming
Networking

Software

Internet

Search Engines
File Sharing
WebTrends / Stats
Spy / Ad Blockers

Web Browsers
New Net Users
Web Development
Chat / IM

Anti Spam
Web Servers
Anti-Virus
Email Clients

Gamers

Tips
Online / MMORPG
Puzzle
Emulators

Action / Adventure
Role Playing
Consoles
Game Programming

Strategy
Sports
Misc
Computer Games

Digital Living

Hardware
Automotive
New Net Users
New Users

Software
Digital Music
Gaming World
Home Security

Apple
Networking Hardware

Virus & Spyware

Vulnerabilities
IDS
Encryption
Anti-Virus

Operating Systems Security
Software Firewalls
WebApplications
Cell Phones

Operating Systems
Internet
Hardware Firewalls

Hardware

Displays / Monitors
Handhelds / PDAs
Components
Peripherals
Laptops/Notebooks

Servers
Misc
Apple
Embedded Hardware
Networking Hardware

Storage
Desktops
New Users

Software

System Utilities
Industry Specific
Network Management
Photos / Graphics
Page Layout
VMware
Misc
Web Development

OS
CYGWIN
Voice Recognition
Virtualization
Message Queue
Quality Assurance
Security
Firewalls

MultiMedia Applications
Development
Database
Office / Productivity
Business Management
OS/2 Apps
Server Software
Internet / Email

ITPro

OS
Storage
Encryption
Operating Systems Security
Apple Hardware
Laptops & Notebooks
Servers
Networking Hardware
Peripherals
Devices

Displays / Monitors
WebTrends / Stats
Search Engines
Firewalls
Web Computing
WebApplications
IDS
Vulnerabilities
Email Clients
File Sharing

Spy / Ad Blockers
Web Browsers
Web Servers
Networking
Anti-Virus
Consulting
Chat / IM
Anti Spam

Developer

Web Servers
Web Browsers
Game Programming
Dev Tools
Industry Specific
Office / Productivity

Database
CYGWIN
Web Development
Search Engines
File Sharing
WebTrends / Stats

Programming
Content Management
Application Servers
Protocols

Storage

Removable Backup Media
Storage Technology
Servers

Grid
Remote Access
Backup / Restore

Misc
Hard Drives

Miscellaneous
Security
Development
Linux
VMware

MainFrame OS
Unix
Apple
OS / 2
AS / 400

BeOS
Microsoft
VMS / OpenVMS

Database

Oracle
Miscellaneous
MySQL
Software
Sybase
Contact Management
PostgreSQL
Data Manipulation
Clarion
InterSystems Cache

Siebel
MUMPS
OLAP
SQLBase
SAS
GIS & GPS
4GL
Berkeley DB
DB2
Informix

Interbase / Firebird
FoxPro
Reporting
LDAP
Filemaker Pro
MS SQL Server
dBase
MS Access

Security

Misc
Web Browsers
Software Firewalls
Operating Systems Security
File Sharing

Spy / Ad Blockers
Vulnerabilities
WebApplications
IDS
Anti-Virus

Encryption
Anti Spam
Email Clients
VPN
Chat / IM

Programming

Editors IDEs
Installation
Handhelds / PDAs
Multimedia Programming
System / Kernel
Automation

Algorithms
Game
Signal Processing
Project Management
Open Source
Database

Misc
Languages
Processor Platforms
Theory

Web Development

Scripting
Blogs
Web Servers
Software
Search Engines
Web Graphics
Web Services

Images
Internet Marketing
Images and Photos
Components
Document Imaging
Web Languages/Standards
Illustration

WebApplications
Fonts
WebTrends / Stats
Authoring
Digital Camera Software
Miscellaneous

Networking

Protocols
Apple Networking
Network Management
Message Queue
Application Servers
Content Management
File Servers
Email Servers
Misc
Java Editors & IDEs

Wireless
Networking Hardware
Backup / Restore
System Utilities
ISPs & Hosting
Web Servers
Storage Technology
Removable Backup Media
Servers
Web Computing

Broadband
Grid
OS / 2
Novell Netware
Unix Networking
Windows Networking
Security
Telecommunications
Operating Systems
Linux Networking

Other

Lounge
Business Travel
Community Support
New Net Users

Philosophy / Religion
Math / Science
Miscellaneous
URLs

Expert Lounge
Politics
Puzzles / Riddles
Automotive

Community Support

Suggestions
New to EE
New Topics
CleanUp

Announcements
General
Feedback

Input
EE Bugs

12.04.2007 at 05:06PM PST, ID: 20408207

RouterDude:

It has been my experience that some routers, mostly Cisco, will not route private networks using the default route, and need to have more specific static routes added. Those networks are 10.x.x.x.8, 172.16.x.x/16 and 192.168.x.x/24. If you have your servers with the gateway as the routers they will forward all packets not seen in its routing table to the gateway. If the gateway does not have a specific route in it for those packets it will drop them. From what I have come across in my years is that even if there is a default route of 0.0.0.0/0 private networks may still be dropped, so manually adding specific routes for 192.168.x.x usually fixes the problem. In your example you can add the static route for 192.168.10.0/24 to point to the next hop IP in router 1 and for 192.168.1.0 to point to the next hop IP in router 2.

If you are trying to route a private network over the public network, unless you own or manage the public network infrastructure to some degree, you will not be able to route those networks unless you create GRE or IPSec tunnels even if you have a static route pointing to the next hop IP.

12.04.2007 at 06:57PM PST, ID: 20408629

harbor235:

Router dude, I do not not agree with your assertions about Cisco routers and Private networks.

What does the routing table look like on Server #2? Without a default route or a route back to 192.168.1.0
Server#2 would drop the traffic.

-1. Router #1 has a static route 'ip route 0.0.0.0 0.0.0.0 10.150.1.2' and sends any packet it gets to Router #2 anyway.

Is the default route the only routes in Router1 and route 2?

There is something else wrong with your config, youo should not have to add the second route.

harbor235 ;}

12.04.2007 at 08:47PM PST, ID: 20409023

tvman_od:

I'm with harbor235

Simple question, can you post results of "route print" from both servers?

Actually default routes in the servers pointing to routers and statics routes to each other in the routers will do its job.
To figure out the process imagine yourself as a routing engine. You receive an envelop with destination address. Start matching networks localy connected to the router. If you see one, use that interface to forward. If there is no local networks, then start matching static routes, when you see the first match, look for the next gateway which is reachable through one of the local interfaces.
Simple...

12.05.2007 at 06:52AM PST, ID: 20411584

RouterDude:

Note I said some routers, mainly those running IOS firewall feature set will block private networks. Considering that the OP didn't describe what routers he is using nor what IOS feature set I just put that out there. He could be using 851 routers setup with the SDM wizard, we don't know that. By all rights with a default route in both routers pointing to each other, he shouldn't need to add anything to either server in order for it to work.

Here is an ACL from a 2801 using the ADVservices firewall feature set after running the firewall wizard, these are at the end of the ACL generated by the wizard.

710 deny ip 10.0.0.0 0.255.255.255 any
720 deny ip 127.0.0.0 0.255.255.255 any
730 deny ip 172.16.0.0 0.15.255.255 any
740 deny ip 192.168.0.0 0.0.255.255 any (247 matches)
750 deny ip host 255.255.255.255 any
760 permit ip host 0.0.0.0 any
770 deny ip any any log (18589 matches)

Accepted Solution

12.05.2007 at 06:59AM PST, ID: 20411645

harbor235:

routerdude,

I understand what you are saying, however, a firewall is a differenet animal, by default it blocks traffic unless implicitly told to allow it. Perhaps thats were the confusion lies. In your example the 2801 is essentially a firewall. I do understand your point though.

harbor235 ;}

12.05.2007 at 07:22AM PST, ID: 20411896

RouterDude:

Harbor, Right, if you read what the OP posted, he has the necessary information on order for this to work, so maybe there is something else in the mix blocking it, like firewalling on the routers. I have come across a couple instances of non firewalled routers that would not pass private addresses unless a more specific route was added to both ends, they were using public IP's on the serials, but they were both on our managed network with our supernet, and in that case I needed to have static routes.

In any case, what is shown in his example he should not need routes added to the servers provided he has the proper gateway information in the servers. With the static default routes in the routers he should be able to pass traffic to the other network without added routes.

12.05.2007 at 07:24AM PST, ID: 20411916

tvman_od:

If servers have default gateway to some other destination, static will be required on order to make it work.

12.05.2007 at 07:32AM PST, ID: 20412005

tvman_od:

RouterDude, never seen a Cisco router which will block something unless specificaly configured. There is no technical difference between private and public networks. The only difference that private blocks should not be routed by any ISP in the world.

Assisted Solution

12.05.2007 at 07:33AM PST, ID: 20412014

tvman_od:

Looks like Author is not interesting...

12.05.2007 at 07:44PM PST, ID: 20417229

HOPE-IT:

Turn on a routing protocol. and include the two network.
router 1 will include
network 192.168.1.0
network 10.150.1.0

router 2 will need
network 10.150.1.0
network 192.128.10.0

there are many flavor to choose from if you're using Cisco. Rip version 1 and 2, igrp, eigrp, osfp, and a few older one. Good luck.

Assisted Solution

20080716-EE-VQP-33 / EE_QW_2_20070628