?
Solved

cisco 2600 router and ping

Posted on 2005-04-04
9
Medium Priority
?
670 Views
Last Modified: 2008-02-01
We have a cisco 2610 router at a remote location that we are trying to back up to our ftp server.  We do not seem to be able to get the router to ping the ftp server.  The wierd thing is, we can ping from a server on the far side of the router without any problems.  When we try a traceroute it shows the router hitting the local router and then times out, even though the ftp server is directly connected to the eth-0 side of the local router.  Basic setup is like this -


192.168.85.2  (eth0 on remote)  -> 192.168.6.26 (s0 on remote)  <---------->  192.168.6.25 (s0 on local) <-> 192.168.73.96 (eth0 on local)

we also have a 192.168.173.xxx network on the local side.  The show ip route shows the 173.xxx route to be directly connected via eth0.

the default gateway address on remote is 192.168.6.25  
the default gateway address on local is 192.168.173.3  (a watchguard that also routes to the internet)

from the remote router  we can ping 192.168.173.1  (a server) but not any of the remaining 173.xxx addresses.

The problem is that the ftp server is 192.168.173.180  and we can't seem to get there.

No one here is really familiar with routers, so any assistance would be appreciated.

thanks,
Don
0
Comment
Question by:dldegner
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
9 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 13702528
>default gateway address on local is 192.168.173.3  (a watchguard that also routes to the internet)
Therein lies the problem.
Set the default gateway to be the eth0 .173.96 on local (or whatever IP you have on the eth0 for this subnet)
On tthis router, point its default to the watchguard
  ip route 0.0.0.0 0.0.0.0 192.168.173.3

Routing needs to go like this:

  local PC --- def----2600 e/0 ---- WAN ---
                                |
                               Watchguard

What you are doing is basically "bouncing" packets off the e0 interface that don't go across the WAN. This is OK and is what routers do. Most firewalls won't bounce a packet off the same interface.
Else, if the watchguard will handle it (Cisco PIX won't), add static routes for both the 192.168.85.0 subnet and the 192.168.6.0 subnet pointing back to the local eth0 interface
0
 
LVL 2

Author Comment

by:dldegner
ID: 13707201
I think that I am doing as you state.  Perhaps if I print the show ip routes for both locations -

*REMOTE*
Gateway of last resort is 192.168.6.26 to network 0.0.0.0

D    192.168.73.0/24 [90/2195456] via 192.168.6.26, 7w0d, Serial0/1
D    192.168.180.0/24 [90/2195456] via 192.168.6.26, 7w0d, Serial0/1
D    192.168.200.0/24 [90/2195456] via 192.168.6.26, 7w0d, Serial0/1
D    192.168.80.0/24 [90/2195456] via 192.168.6.26, 7w0d, Serial0/1
     192.168.6.0/24 is variably subnetted, 2 subnets, 2 masks
C       192.168.6.26/32 is directly connected, Serial0/1
C       192.168.6.24/30 is directly connected, Serial0/1
D    192.168.173.0/24 [90/2195456] via 192.168.6.26, 7w0d, Serial0/1
C    192.168.85.0/24 is directly connected, Ethernet0/0
C    192.168.185.0/24 is directly connected, Ethernet0/0
D*EX 0.0.0.0/0 [170/2195456] via 192.168.6.26, 7w0d, Serial0/1


*LOCAL*
Gateway of last resort is 192.168.173.3 to network 0.0.0.0

C    192.168.73.0/24 is directly connected, Ethernet0/0
C    192.168.180.0/24 is directly connected, Ethernet1/0
C    192.168.200.0/24 is directly connected, Ethernet0/0
C    192.168.80.0/24 is directly connected, Ethernet1/0
     192.168.6.0/24 is variably subnetted, 3 subnets, 3 masks
D       192.168.6.0/24 is a summary, 7w0d, Null0
C       192.168.6.24/30 is directly connected, Serial0/1
C       192.168.6.25/32 is directly connected, Serial0/1
C    192.168.173.0/24 is directly connected, Ethernet0/0
D    192.168.85.0/24 [90/2195456] via 192.168.6.25, 7w0d, Serial0/1
D    192.168.185.0/24 [90/2195456] via 192.168.6.25, 7w0d, Serial0/1
S*   0.0.0.0/0 [1/0] via 192.168.173.3

Again 192.168.173.1 will respond when I ping, but not 192.168.173.3 (nor any other173.x number).

Thanks for your help.



0
 
LVL 79

Expert Comment

by:lrmoore
ID: 13707277
Right. Post a print of C:\route print  from one of the PC's on the 173.x subnet.
That PC's default gateway points to the Watchguard?
Change that PC's default gateway to the LOCAL router's Eth 0/0 interface - .173.X

On REMOTE, do you have "no auto-summary" in your EIGRP config?
0
Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

 
LVL 2

Author Comment

by:dldegner
ID: 13708063
I think I have failed to communicate fully.  I can successfully ping from a pc on either end of the local or remote router.
It is only when I issue the ping command from the remote router that I do not get a response.  A traceroute command issued from the remote router shows that I get a response from 192.168.6.26 but then the next leap times out.

ex:  Router_485#traceroute 192.168.173.3

Type escape sequence to abort.
Tracing the route to 192.168.173.3

  1 192.168.6.26 28 msec 24 msec 28 msec
  2  *  *  *
  3  *  *  *

the local PC's are pointing to 173.3, although I am hoping to change that to the Eth 0/0 interface soon.  (There are also routes to remote vpn branches that are handled only through 173.3, so it gets a little more complicated.)
 
I do not know how to tell if "no auto-summary" is listed or not, since we have been unable to save the config file..

Thanks.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 13708155
Ahso, the fog clears...
When you ping from the remote router console, your source IP becomes your serial interface .6.25
The gateway 173.3 has no idea where this network is, nor should it really care because no hosts should ever be on this subnet - it's just the WAN link between the sites.

Just try doing an extended ping using the ethernet port as your source.
router_485#ping <enter>
 protocol [ip]: <enter>
 target address: 192.168.173.13
 <etc>
 Use extended commands? [n] y
 Source IP address: 192.168.85.2
 <etc>

0
 
LVL 2

Author Comment

by:dldegner
ID: 13708325
Thank you for the enlightenment.  The extended ping works perfectly.  I suspect the same issue is preventing us from backing up the configuration to the ftp on the local side...  Is there a way to specify the source address on the ftp command?  

thanks
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 2000 total points
ID: 13708406
Yes, I think you can use

  ip ftp source-interface fast 0/0

0
 
LVL 2

Author Comment

by:dldegner
ID: 13709941
Thanks for your help.  I've increased the points since you answered both halves of my question.  As an addendum to future readers, I had to replace the word fast 0/0 with the name of our interface (ethernet0/0).  Also, if you are using tftp, you must change the ftp to tftp.

I appreciate your quick responses and patience.  We've finally gotten the router backed up!  (now I can sleep a *little* better at nights.)

Don
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 13710690
Thanks!
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the hope of saving someone else's sanity... About a year ago we bought a Cisco 1921 router with two ADSL/VDSL EHWIC cards to load balance local network traffic over the two broadband lines we have, but we couldn't get the routing to work consi…
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question