Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 691
  • Last Modified:

cisco 2600 router and ping

We have a cisco 2610 router at a remote location that we are trying to back up to our ftp server.  We do not seem to be able to get the router to ping the ftp server.  The wierd thing is, we can ping from a server on the far side of the router without any problems.  When we try a traceroute it shows the router hitting the local router and then times out, even though the ftp server is directly connected to the eth-0 side of the local router.  Basic setup is like this -


192.168.85.2  (eth0 on remote)  -> 192.168.6.26 (s0 on remote)  <---------->  192.168.6.25 (s0 on local) <-> 192.168.73.96 (eth0 on local)

we also have a 192.168.173.xxx network on the local side.  The show ip route shows the 173.xxx route to be directly connected via eth0.

the default gateway address on remote is 192.168.6.25  
the default gateway address on local is 192.168.173.3  (a watchguard that also routes to the internet)

from the remote router  we can ping 192.168.173.1  (a server) but not any of the remaining 173.xxx addresses.

The problem is that the ftp server is 192.168.173.180  and we can't seem to get there.

No one here is really familiar with routers, so any assistance would be appreciated.

thanks,
Don
0
dldegner
Asked:
dldegner
  • 5
  • 4
1 Solution
 
lrmooreCommented:
>default gateway address on local is 192.168.173.3  (a watchguard that also routes to the internet)
Therein lies the problem.
Set the default gateway to be the eth0 .173.96 on local (or whatever IP you have on the eth0 for this subnet)
On tthis router, point its default to the watchguard
  ip route 0.0.0.0 0.0.0.0 192.168.173.3

Routing needs to go like this:

  local PC --- def----2600 e/0 ---- WAN ---
                                |
                               Watchguard

What you are doing is basically "bouncing" packets off the e0 interface that don't go across the WAN. This is OK and is what routers do. Most firewalls won't bounce a packet off the same interface.
Else, if the watchguard will handle it (Cisco PIX won't), add static routes for both the 192.168.85.0 subnet and the 192.168.6.0 subnet pointing back to the local eth0 interface
0
 
dldegnerAuthor Commented:
I think that I am doing as you state.  Perhaps if I print the show ip routes for both locations -

*REMOTE*
Gateway of last resort is 192.168.6.26 to network 0.0.0.0

D    192.168.73.0/24 [90/2195456] via 192.168.6.26, 7w0d, Serial0/1
D    192.168.180.0/24 [90/2195456] via 192.168.6.26, 7w0d, Serial0/1
D    192.168.200.0/24 [90/2195456] via 192.168.6.26, 7w0d, Serial0/1
D    192.168.80.0/24 [90/2195456] via 192.168.6.26, 7w0d, Serial0/1
     192.168.6.0/24 is variably subnetted, 2 subnets, 2 masks
C       192.168.6.26/32 is directly connected, Serial0/1
C       192.168.6.24/30 is directly connected, Serial0/1
D    192.168.173.0/24 [90/2195456] via 192.168.6.26, 7w0d, Serial0/1
C    192.168.85.0/24 is directly connected, Ethernet0/0
C    192.168.185.0/24 is directly connected, Ethernet0/0
D*EX 0.0.0.0/0 [170/2195456] via 192.168.6.26, 7w0d, Serial0/1


*LOCAL*
Gateway of last resort is 192.168.173.3 to network 0.0.0.0

C    192.168.73.0/24 is directly connected, Ethernet0/0
C    192.168.180.0/24 is directly connected, Ethernet1/0
C    192.168.200.0/24 is directly connected, Ethernet0/0
C    192.168.80.0/24 is directly connected, Ethernet1/0
     192.168.6.0/24 is variably subnetted, 3 subnets, 3 masks
D       192.168.6.0/24 is a summary, 7w0d, Null0
C       192.168.6.24/30 is directly connected, Serial0/1
C       192.168.6.25/32 is directly connected, Serial0/1
C    192.168.173.0/24 is directly connected, Ethernet0/0
D    192.168.85.0/24 [90/2195456] via 192.168.6.25, 7w0d, Serial0/1
D    192.168.185.0/24 [90/2195456] via 192.168.6.25, 7w0d, Serial0/1
S*   0.0.0.0/0 [1/0] via 192.168.173.3

Again 192.168.173.1 will respond when I ping, but not 192.168.173.3 (nor any other173.x number).

Thanks for your help.



0
 
lrmooreCommented:
Right. Post a print of C:\route print  from one of the PC's on the 173.x subnet.
That PC's default gateway points to the Watchguard?
Change that PC's default gateway to the LOCAL router's Eth 0/0 interface - .173.X

On REMOTE, do you have "no auto-summary" in your EIGRP config?
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
dldegnerAuthor Commented:
I think I have failed to communicate fully.  I can successfully ping from a pc on either end of the local or remote router.
It is only when I issue the ping command from the remote router that I do not get a response.  A traceroute command issued from the remote router shows that I get a response from 192.168.6.26 but then the next leap times out.

ex:  Router_485#traceroute 192.168.173.3

Type escape sequence to abort.
Tracing the route to 192.168.173.3

  1 192.168.6.26 28 msec 24 msec 28 msec
  2  *  *  *
  3  *  *  *

the local PC's are pointing to 173.3, although I am hoping to change that to the Eth 0/0 interface soon.  (There are also routes to remote vpn branches that are handled only through 173.3, so it gets a little more complicated.)
 
I do not know how to tell if "no auto-summary" is listed or not, since we have been unable to save the config file..

Thanks.
0
 
lrmooreCommented:
Ahso, the fog clears...
When you ping from the remote router console, your source IP becomes your serial interface .6.25
The gateway 173.3 has no idea where this network is, nor should it really care because no hosts should ever be on this subnet - it's just the WAN link between the sites.

Just try doing an extended ping using the ethernet port as your source.
router_485#ping <enter>
 protocol [ip]: <enter>
 target address: 192.168.173.13
 <etc>
 Use extended commands? [n] y
 Source IP address: 192.168.85.2
 <etc>

0
 
dldegnerAuthor Commented:
Thank you for the enlightenment.  The extended ping works perfectly.  I suspect the same issue is preventing us from backing up the configuration to the ftp on the local side...  Is there a way to specify the source address on the ftp command?  

thanks
0
 
lrmooreCommented:
Yes, I think you can use

  ip ftp source-interface fast 0/0

0
 
dldegnerAuthor Commented:
Thanks for your help.  I've increased the points since you answered both halves of my question.  As an addendum to future readers, I had to replace the word fast 0/0 with the name of our interface (ethernet0/0).  Also, if you are using tftp, you must change the ftp to tftp.

I appreciate your quick responses and patience.  We've finally gotten the router backed up!  (now I can sleep a *little* better at nights.)

Don
0
 
lrmooreCommented:
Thanks!
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now