Solved

Cisco 3750 Router to Nortel VPN and GRE Tunnel Cannot see domain...

Posted on 2010-09-20
10
1,025 Views
Last Modified: 2012-05-10
Have a network with several vlans running.  Recently added Nortel 1100 Contivity VPN's that are at each end of a GRE Tunnel.
Location 1 - 3750 router enabled
Vlan 10 Network A 191.168.0.1/16
Vlan 42 Network B 172.50.0.1/27
Vlan 99 Management Network 10.1.0.1/24
GW 10.1.0.2

Port g1/0/24 connected to Nortel
Switchport access vlan 99
Ports g1/0/25
trunked port allowing all vlans through

Connected to Nortel 1100 Contivity
Private IP 10.1.0.2/24
Public IP 10.191.X.X/24
GW 10.1.0.1

Connected to Telus device going out into a cloud GRE Tunnel to Location 2 - IP's unknown (config'd by other dept)

Location 2 - 3750 router enabled
Vlan 10 Network A 191.169.1.1/24
Vlan 42 Network B 172.50.1.1/27
Vlan 99 Management Network 10.1.1.1/24
GW 10.1.1.2

Port g1/0/24 Connected to Nortel
switchport access vlan 99
Ports g1/0/25
trunked port allowing all vlans through (HP2524 hangs off this for workstations)

Connected to Nortel 1100 Contivity
Private IP 10.1.1.2/24
Public IP 10.23.X.X/24
GW 10.1.1.1

Connected to Telus device going out into a cloud GRE Tunnel to Location 1 - IP's unknown (config'd by other dept)

Am able to ping, connectivity is not the problem.

Main network is at location 1. At this location there is several switches with similar config as below.

Switch 1 - 3750-12S switch from Port Location 1 - 3750 Router G1/0/25
Connected on Port g1/0/12
Vlan 10 Network A 191.168.0.19/16
Vlan 42 Network B 172.50.0.4/27
Vlan 99 Mgmt Network 10.1.0.4/24
Trunked port allowing all three vlans through

THE PROBLEM:
At location 2 there is a workstation with IP of VLAN 10 191.169.1.51/24 default GW: 191.169.1.1
It can ping Location 1 and 2 switches, but not the switch after Loc 1 switch which would take it out to the network where the domain controller resides.  I know the IP addressing for a private network is wrong, so please do not dwell on that.  I need to be able to ping beyond the Loc 1 switch.

Attached ip router config from both loc 1 and 2.

Thanks for any help, this is becoming critical. Loc1.txt Loc2.txt
0
Comment
Question by:hayesie
  • 6
  • 4
10 Comments
 
LVL 4

Expert Comment

by:bjove
Comment Utility
What is the output of tracert command on workstation toward 191.168.0.19 .
0
 

Author Comment

by:hayesie
Comment Utility
Okay, just found out that it is not the route and you were on the right track bjove...the wrkstn is 3 hours away, so cannot look at it.  But I added the default-gateway of 10.1.0.1 to Switch 1 - 3750-12S switch.  And am able to ping to it now from location 2.  Attached is basic diagram showing switch path to Domain Controller and to location of feed that all has to go to location 2.  I am now confused as to what my default gateway should be on switches.  I have made the network smaller than it is in reality to save space.  But would I have GW 10.1.0.1 on SW2 - 6 or GW 10.1.0.4 on SW2, GW 10.1.0.5 on SW3?  I am obviously not grasping the concept of default gateway....and lack of sleep due to this project and time spent at work is starting to make me croggy.  Thanks for any help.
Drawing1.jpg
0
 

Author Comment

by:hayesie
Comment Utility
Okay, am thinking now that the Gateway on the workstations will be the Loc 1 3750 IP if they are at loc 1, and loc 2's IP if at loc 2.  The switches beyond the Loc1 will have the default gateway of Loc 1 10.1.0.1 if all 3 VLANS are on there or only VLAN 10 IP of Loc 1 if only a VLAN 10 switch, only VLAN 42 IP of Loc 1 if only VLAN 42 if they are in LOC 1.

Is this correct?
0
 
LVL 4

Expert Comment

by:bjove
Comment Utility
On Loc1:
 - all device in VLAN 10 should have default gateway 191.168.0.1 .
 - all device in VLAN 42 should have default gateway 172.50.0.1 .
Delete all other routes on other switches in Loc1.
Same for Loc2.
0
 

Author Comment

by:hayesie
Comment Utility
Yes I came to that conclusion myself, but the workstation in the remote locale Location 2, cannot log onto the domain.  Some of the devices have more than one VLAN, so in that case I used 10.1.0.1 or 10.1.1.1 as the gateway.
Are you saying that the gateway on LOC 2 should also be 191.168.0.1 or 172.50.0.1, should they not be 191.169.1.0 and 172.50.1.0 ?
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 
LVL 4

Expert Comment

by:bjove
Comment Utility
On Loc2 191.169.1.1 and 172.50.1.1 .
0
 

Author Comment

by:hayesie
Comment Utility
I can ping all over location 1 or 2 from/to either side.  It is just the workstations in location 2 (remote) now that are having issues.  Attached an up dated sh ip route and ip route config in a word doc.
At loc 2 workstation
VLAN 10
191.169.1.51/24
GW: 191.169.1.1
should the DNS server be typed in? even though it is on the 191.168.0.X network?

VLAN 42
192.9.211.3/24
192.9.211.1
DNS Server IP?

BTW I had to change my VLAN 42 IP's due to another system.  This system also has a server in Loc 1, which I can ping from Loc 2 fine as the servers gateway is 192.9.210.9 (which is now Loc 1 switch)

Loc-1.doc
0
 
LVL 4

Accepted Solution

by:
bjove earned 500 total points
Comment Utility
should the DNS server be typed in? even though it is on the 191.168.0.X network? --- YES
What is the IP address of domain controler?
0
 

Author Comment

by:hayesie
Comment Utility
191.168.0.10
 for the VLAN 10 machine
0
 

Author Comment

by:hayesie
Comment Utility
Thanks, bjove!  Between you and me, the system in the remote locale is now on the local domain.  Putting in the DNS address was the final trick, it has been a learning experience for me.  Now to document all this to my memory banks in a logical matter.  Thanks again.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

This article is in response to a question (http://www.experts-exchange.com/Networking/Network_Management/Network_Analysis/Q_28230497.html) here at Experts Exchange. The Original Poster (OP) requires a utility that will accept a list of IP addresses …
David Varnum recently wrote up his impressions of PRTG, based on a presentation by my colleague Christian at Tech Field Day at VMworld in Barcelona. Thanks David, for your detailed and honest evaluation!
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now