Solved

Routing traffic between segments

Posted on 2006-06-20
7
375 Views
Last Modified: 2010-04-17
I have a Cisco 2811 router sittinng between to seperate network segments.
I put a static route on the ASA of route inside 10.10.20.0 255.255.255.0 10.10.0.5
On the 2811 router I have ip routing turned on.  I need to access the server on the seperate segment via RDP, ping, drive mappings, etc.. Why is not working or what am I missing?


Server                         FA0/1 10.10.20.3        FA0/0 10.10.0.5                         FA0/0 10.10.0.1         FA0/1 public ip to internet
10.10.20.10 -------------------------------|(2811)|---------------------[SW]------------------------|ASA 5510|----------------
                                                                                                   |
                                                                                                   |
                                                                                                   |
                                                                                                   |
                                                                                                 wkst 10.10.0.145
                                                                                                 GW 10.10.0.1
0
Comment
Question by:cisco_2k2
  • 4
  • 3
7 Comments
 
LVL 12

Expert Comment

by:Scotty_cisco
ID: 16945158
The ASA is probably a lot like the pix turn your DF gw to the FA 0/0 or 10.10.0.5 many security devices can not route a packet out the same interface which they recieve the packet on they usually eat them.

Thanks
Scott
0
 

Author Comment

by:cisco_2k2
ID: 16945266
Even if I switch my GW to 10.10.0.5 or add a route to my workstation, I can not get past the 10.10.20.3 interface of the router to the seperate segment.  I can successfully ping the interface for the segment but any other hosts do not respond to pings or connection attempts.
0
 
LVL 12

Expert Comment

by:Scotty_cisco
ID: 16945289
what is the servers gateway and does it have any static routes?  Are there any ACL's in place on the router?

Thanks
Scott
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 

Author Comment

by:cisco_2k2
ID: 16945381
The servers GW is 10.10.20.1 which goes out to a separate Internet/VPN connection.  I currently do not have any static routes set on the server.  Here is the cfg from the router:

Current configuration : 1024 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname 2811RTR
!
boot-start-marker
boot-end-marker
!
logging buffered 4096 debugging
enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxx
enable password xxxxxxxxxxxxxxxx
!
clock timezone NewYork -5
clock summer-time NewYork date Apr 6 2003 2:00 Oct 26 2003 2:00
no network-clock-participate aim 0
no network-clock-participate aim 1
no aaa new-model
ip subnet-zero
!
!
ip cef
!
!
ip name-server 10.10.0.201
no ftp-server write-enable
!
!
!
!
interface FastEthernet0/0
 description $ETH-LAN$
 ip address 10.10.0.5 255.255.255.0
 duplex auto
 speed auto
 no mop enabled
!
interface FastEthernet0/1
 description $ETH-LAN$
 ip address 10.10.20.2 255.255.255.0
 duplex auto
 speed auto
!
ip classless
ip http server
!
!
access-list 101 permit icmp any any echo
access-list 101 permit icmp any any
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
 password xxxxxxxx
 login
!
scheduler allocate 20000 1000
!
end
0
 
LVL 12

Accepted Solution

by:
Scotty_cisco earned 500 total points
ID: 16945412
well there is the problem if you do a route print how does it know to get to the workstation.... try putting a route add 10.10.0.0 mask 255.255.255.0 10.10.20.3 -p in the server from the command prompt.

see if that fixes the problem the VPN could be causing issues if that does not work post a route print.

Thanks
Scott
0
 

Author Comment

by:cisco_2k2
ID: 16945626
Thanks scott for the help!  Considering I have some developers making changes onn the server, they removed the route statement and turned on the windows firewall after turning it over to them.   I just assumed that the server was in the same state.  It is working again.

Thanks
Cisco_2k2
0
 
LVL 12

Expert Comment

by:Scotty_cisco
ID: 16945646
Ah Developers..... got to love to hate them!!! I have a pretty good crew of them now but in past jobs not so lucky they always blame the network as well think it is their favorite pastime.

Thanks
scott
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Static route between two Sonicwalls 6 33
GRE Trunnel with IPsec Encryption Issue 3 34
RIP Routing 5 45
Network Config 9 53
While it is possible to put two routes in place with the secondary having a higher metric, this may not always work. In the event of a failure that does not bring down the physical interface on the router the primary route is not removed. There is a…
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now