Solved

can't get sites to communicate

Posted on 2009-07-08
17
189 Views
Last Modified: 2012-05-07
please see diagram. We have a remote network (10.24.2.0/24) which needs to speak to corporate (172.16.0.0/16). What do we need to do? why isnt this working. I have the following static routes:

static route for BRDG
172.16.0.0   255.255.0.0   10.240.2.2

static route for ESNG
172.16.0.0   255.255.0.0   10.24.1.2

static route in pix
10.24.2.0  255.255.255.0   10.24.1.1

I believe the wan technology is frame. There could be more than one router in between, but I think there is only one
scada.jpg
0
Comment
Question by:WERAracer
  • 8
  • 8
17 Comments
 
LVL 23

Expert Comment

by:that1guy15
ID: 24805117
The first thing i see is the ESNG router needs a route back to BRDG. ESNG has no clue how to return traffic to BRDG.

0
 
LVL 14

Expert Comment

by:grimkin
ID: 24805252
The static routes seem fine but the router(s) in the middle need to know about these networks (10.24.2.0/24 and 172.16.0.0/16) as well otherwise it will simply drop the packets or forward them to its own default gateway, wherever that might be.

Are you running RIP / OSPF or how are these routes to be advertised to the inbetween router(s)?
0
 
LVL 1

Author Comment

by:WERAracer
ID: 24805806
thatguy, I didnt include the other static routes. But ESNG has full connectivity back to BRDG. THe route looks like this  10.24.0.0  255.255.0.0   10..240.1.2

grimkin, since we do not own the router(s) in the middle, I relied on our service provider to enter the proper static routes. This is what they entered:

172.16.0.0   255.255.0.0    10.24.1.1   and it is not working

any ideas?

Thanks
0
 
LVL 23

Accepted Solution

by:
that1guy15 earned 500 total points
ID: 24805865
Traceroute to the 172 network from the remote site let us know how far you can get.
0
 
LVL 1

Author Comment

by:WERAracer
ID: 24806477
here is the tracert. Keeps bouncing back and forth
scad.JPG
0
 
LVL 23

Expert Comment

by:that1guy15
ID: 24806819
Your ESNG server is pointing a route to the 172 network back to 10.240.2.2.

Doulbe check your routes on that router for errors or post your "sh ip route" and we will take a look at it.
0
 
LVL 1

Author Comment

by:WERAracer
ID: 24806847
The ESNG router has this:

172.16.0.0   255.255.0.0   10.24.1.2
10.24.0.0 255.255.0.0   10.240.1.2
0
 
LVL 1

Author Comment

by:WERAracer
ID: 24806852
that traceroute is from BRDG by the way
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 23

Expert Comment

by:that1guy15
ID: 24806895
Those routes are correct but you are having a routing loop (hence the traceroute going back and forth). Please post your "Sh ip route" or a cleaned up "sh run"
0
 
LVL 1

Author Comment

by:WERAracer
ID: 24806912
the routers we control for this network, are actually not cisco. They are verilink wansuite (aka big POS).  The routers in between are controlled by our service provider
0
 
LVL 23

Expert Comment

by:that1guy15
ID: 24806927
Since the traceroute keep bouncing back and forth on ESNG this is were i think the problem is. Do you control this router?

If so could you post something showing all your routes?
0
 
LVL 1

Author Comment

by:WERAracer
ID: 24806952
the ESNG router we own . However, isn't this bouncing between the router in the middle and BRDG?  The address bouncing in the tracert is 10.240 , not 10.24
0
 
LVL 23

Expert Comment

by:that1guy15
ID: 24808219
Oh yes you are correct, My mistake.

Yeah your traceroute (and traffic) is making it to the router in the middle. But it is bouncing it back. Do you control this router? This is the router with the routing loop.

Run a traceroute from the 172 network to the BRDG network 10.24 to verify this is were your issue is.
0
 
LVL 1

Author Comment

by:WERAracer
ID: 24809035
Yes I have our provider looking at this.   We do not manage that router
0
 
LVL 23

Expert Comment

by:that1guy15
ID: 24809074
To verify this is were the trouble is Run a traceroute from the 172 network to the BRDG network 10.24
0
 
LVL 1

Author Comment

by:WERAracer
ID: 24813853
Tracing route to 10.24.2.102
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  172.16.14.1
  2     1 ms     1 ms     1 ms  172.17.1.31
  3     1 ms     1 ms     2 ms  [10.24.1.1
  4     8 ms     7 ms     7 ms  10.240.1.2
  5     *        *        *     Request timed out.
  6     *        *        *     Request timed out.
  7     *        *        *     Request timed out.
  8     *        *        *     Request timed out.
  9     *        *        *     Request timed out.
 10     *        *        *     Request timed out.
 11     *        *        *     Request timed out.
 12     *        *        *     Request timed out.
 13     *        *        *     Request timed out.
 14     *        *
0
 
LVL 23

Expert Comment

by:that1guy15
ID: 24815137
Here are several things I am seeing:

Routes on ESNG:

172.16.0.0   255.255.0.0   10.24.1.2 <-this looks good
10.24.0.0 255.255.0.0   10.240.1.2 < --points both 10.24.1 and .2 to the 10.240.1.2 router which is the ISP router. Traffic can not get to the 10.24.1 network because it is sent back to the ISP.

This is an issue since the two subnets are on either side of the router. So split that route into two seperate routes on ESNG.

10.24.1.0 255.255.255.0   10.24.1.2 <-points routes to your f/w
10.24.2.0 255.255.255.0   10.240.1.2 <-points routes to the ISP

ISP route (per earlier post):

172.16.0.0   255.255.0.0    10.24.1.1   and it is not working

This route is pointing to the wrong interface on ESNG. Your ISP most likley has no idea how to get to this subnet. You need to have them change the route to the next hop address.

172.16.0.0   255.255.0.0    10.2401.1 <--this will point all traffic for this network to ESNG

Also your ISP will need a route to point traffic to the 10.24.2 network at your remote location.

10.24.2.0   255.255.255.0    10.240.2.1

This should correct your routing issues.
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Problem Description:   Couple of months ago we upgraded the ADSL line at our branch office from Home to Business line. The purpose of transforming the service to have static public IP’s. We were in need for public IP’s to publish our web resour…
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now