Cisco 3750 Router to Nortel VPN and GRE Tunnel Cannot see domain...

Have a network with several vlans running.  Recently added Nortel 1100 Contivity VPN's that are at each end of a GRE Tunnel.
Location 1 - 3750 router enabled
Vlan 10 Network A 191.168.0.1/16
Vlan 42 Network B 172.50.0.1/27
Vlan 99 Management Network 10.1.0.1/24
GW 10.1.0.2

Port g1/0/24 connected to Nortel
Switchport access vlan 99
Ports g1/0/25
trunked port allowing all vlans through

Connected to Nortel 1100 Contivity
Private IP 10.1.0.2/24
Public IP 10.191.X.X/24
GW 10.1.0.1

Connected to Telus device going out into a cloud GRE Tunnel to Location 2 - IP's unknown (config'd by other dept)

Location 2 - 3750 router enabled
Vlan 10 Network A 191.169.1.1/24
Vlan 42 Network B 172.50.1.1/27
Vlan 99 Management Network 10.1.1.1/24
GW 10.1.1.2

Port g1/0/24 Connected to Nortel
switchport access vlan 99
Ports g1/0/25
trunked port allowing all vlans through (HP2524 hangs off this for workstations)

Connected to Nortel 1100 Contivity
Private IP 10.1.1.2/24
Public IP 10.23.X.X/24
GW 10.1.1.1

Connected to Telus device going out into a cloud GRE Tunnel to Location 1 - IP's unknown (config'd by other dept)

Am able to ping, connectivity is not the problem.

Main network is at location 1. At this location there is several switches with similar config as below.

Switch 1 - 3750-12S switch from Port Location 1 - 3750 Router G1/0/25
Connected on Port g1/0/12
Vlan 10 Network A 191.168.0.19/16
Vlan 42 Network B 172.50.0.4/27
Vlan 99 Mgmt Network 10.1.0.4/24
Trunked port allowing all three vlans through

THE PROBLEM:
At location 2 there is a workstation with IP of VLAN 10 191.169.1.51/24 default GW: 191.169.1.1
It can ping Location 1 and 2 switches, but not the switch after Loc 1 switch which would take it out to the network where the domain controller resides.  I know the IP addressing for a private network is wrong, so please do not dwell on that.  I need to be able to ping beyond the Loc 1 switch.

Attached ip router config from both loc 1 and 2.

Thanks for any help, this is becoming critical. Loc1.txt Loc2.txt
hayesieAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
bjoveConnect With a Mentor Commented:
should the DNS server be typed in? even though it is on the 191.168.0.X network? --- YES
What is the IP address of domain controler?
0
 
bjoveCommented:
What is the output of tracert command on workstation toward 191.168.0.19 .
0
 
hayesieAuthor Commented:
Okay, just found out that it is not the route and you were on the right track bjove...the wrkstn is 3 hours away, so cannot look at it.  But I added the default-gateway of 10.1.0.1 to Switch 1 - 3750-12S switch.  And am able to ping to it now from location 2.  Attached is basic diagram showing switch path to Domain Controller and to location of feed that all has to go to location 2.  I am now confused as to what my default gateway should be on switches.  I have made the network smaller than it is in reality to save space.  But would I have GW 10.1.0.1 on SW2 - 6 or GW 10.1.0.4 on SW2, GW 10.1.0.5 on SW3?  I am obviously not grasping the concept of default gateway....and lack of sleep due to this project and time spent at work is starting to make me croggy.  Thanks for any help.
Drawing1.jpg
0
Building an Effective Phishing Protection Program

Join Director of Product Management Todd OBoyle on April 26th as he covers the key elements of a phishing protection program. Whether you’re an old hat at phishing education or considering starting a program -- we'll discuss critical components that should be in any program.

 
hayesieAuthor Commented:
Okay, am thinking now that the Gateway on the workstations will be the Loc 1 3750 IP if they are at loc 1, and loc 2's IP if at loc 2.  The switches beyond the Loc1 will have the default gateway of Loc 1 10.1.0.1 if all 3 VLANS are on there or only VLAN 10 IP of Loc 1 if only a VLAN 10 switch, only VLAN 42 IP of Loc 1 if only VLAN 42 if they are in LOC 1.

Is this correct?
0
 
bjoveCommented:
On Loc1:
 - all device in VLAN 10 should have default gateway 191.168.0.1 .
 - all device in VLAN 42 should have default gateway 172.50.0.1 .
Delete all other routes on other switches in Loc1.
Same for Loc2.
0
 
hayesieAuthor Commented:
Yes I came to that conclusion myself, but the workstation in the remote locale Location 2, cannot log onto the domain.  Some of the devices have more than one VLAN, so in that case I used 10.1.0.1 or 10.1.1.1 as the gateway.
Are you saying that the gateway on LOC 2 should also be 191.168.0.1 or 172.50.0.1, should they not be 191.169.1.0 and 172.50.1.0 ?
0
 
bjoveCommented:
On Loc2 191.169.1.1 and 172.50.1.1 .
0
 
hayesieAuthor Commented:
I can ping all over location 1 or 2 from/to either side.  It is just the workstations in location 2 (remote) now that are having issues.  Attached an up dated sh ip route and ip route config in a word doc.
At loc 2 workstation
VLAN 10
191.169.1.51/24
GW: 191.169.1.1
should the DNS server be typed in? even though it is on the 191.168.0.X network?

VLAN 42
192.9.211.3/24
192.9.211.1
DNS Server IP?

BTW I had to change my VLAN 42 IP's due to another system.  This system also has a server in Loc 1, which I can ping from Loc 2 fine as the servers gateway is 192.9.210.9 (which is now Loc 1 switch)

Loc-1.doc
0
 
hayesieAuthor Commented:
191.168.0.10
 for the VLAN 10 machine
0
 
hayesieAuthor Commented:
Thanks, bjove!  Between you and me, the system in the remote locale is now on the local domain.  Putting in the DNS address was the final trick, it has been a learning experience for me.  Now to document all this to my memory banks in a logical matter.  Thanks again.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.