Solved

Cisco 3750 Router to Nortel VPN and GRE Tunnel Cannot see domain...

Posted on 2010-09-20
10
1,052 Views
Last Modified: 2012-05-10
Have a network with several vlans running.  Recently added Nortel 1100 Contivity VPN's that are at each end of a GRE Tunnel.
Location 1 - 3750 router enabled
Vlan 10 Network A 191.168.0.1/16
Vlan 42 Network B 172.50.0.1/27
Vlan 99 Management Network 10.1.0.1/24
GW 10.1.0.2

Port g1/0/24 connected to Nortel
Switchport access vlan 99
Ports g1/0/25
trunked port allowing all vlans through

Connected to Nortel 1100 Contivity
Private IP 10.1.0.2/24
Public IP 10.191.X.X/24
GW 10.1.0.1

Connected to Telus device going out into a cloud GRE Tunnel to Location 2 - IP's unknown (config'd by other dept)

Location 2 - 3750 router enabled
Vlan 10 Network A 191.169.1.1/24
Vlan 42 Network B 172.50.1.1/27
Vlan 99 Management Network 10.1.1.1/24
GW 10.1.1.2

Port g1/0/24 Connected to Nortel
switchport access vlan 99
Ports g1/0/25
trunked port allowing all vlans through (HP2524 hangs off this for workstations)

Connected to Nortel 1100 Contivity
Private IP 10.1.1.2/24
Public IP 10.23.X.X/24
GW 10.1.1.1

Connected to Telus device going out into a cloud GRE Tunnel to Location 1 - IP's unknown (config'd by other dept)

Am able to ping, connectivity is not the problem.

Main network is at location 1. At this location there is several switches with similar config as below.

Switch 1 - 3750-12S switch from Port Location 1 - 3750 Router G1/0/25
Connected on Port g1/0/12
Vlan 10 Network A 191.168.0.19/16
Vlan 42 Network B 172.50.0.4/27
Vlan 99 Mgmt Network 10.1.0.4/24
Trunked port allowing all three vlans through

THE PROBLEM:
At location 2 there is a workstation with IP of VLAN 10 191.169.1.51/24 default GW: 191.169.1.1
It can ping Location 1 and 2 switches, but not the switch after Loc 1 switch which would take it out to the network where the domain controller resides.  I know the IP addressing for a private network is wrong, so please do not dwell on that.  I need to be able to ping beyond the Loc 1 switch.

Attached ip router config from both loc 1 and 2.

Thanks for any help, this is becoming critical. Loc1.txt Loc2.txt
0
Comment
Question by:hayesie
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
10 Comments
 
LVL 4

Expert Comment

by:bjove
ID: 33720018
What is the output of tracert command on workstation toward 191.168.0.19 .
0
 

Author Comment

by:hayesie
ID: 33720885
Okay, just found out that it is not the route and you were on the right track bjove...the wrkstn is 3 hours away, so cannot look at it.  But I added the default-gateway of 10.1.0.1 to Switch 1 - 3750-12S switch.  And am able to ping to it now from location 2.  Attached is basic diagram showing switch path to Domain Controller and to location of feed that all has to go to location 2.  I am now confused as to what my default gateway should be on switches.  I have made the network smaller than it is in reality to save space.  But would I have GW 10.1.0.1 on SW2 - 6 or GW 10.1.0.4 on SW2, GW 10.1.0.5 on SW3?  I am obviously not grasping the concept of default gateway....and lack of sleep due to this project and time spent at work is starting to make me croggy.  Thanks for any help.
Drawing1.jpg
0
 

Author Comment

by:hayesie
ID: 33721321
Okay, am thinking now that the Gateway on the workstations will be the Loc 1 3750 IP if they are at loc 1, and loc 2's IP if at loc 2.  The switches beyond the Loc1 will have the default gateway of Loc 1 10.1.0.1 if all 3 VLANS are on there or only VLAN 10 IP of Loc 1 if only a VLAN 10 switch, only VLAN 42 IP of Loc 1 if only VLAN 42 if they are in LOC 1.

Is this correct?
0
Defend Your Organization from The Greatest Threats

Looking to fill the gaps in your security? Bring together information from the network, endpoint and threat intelligence feeds to really see what's happening in your organization. Join the WatchGuardians in their adventures fighting cyber crime!

 
LVL 4

Expert Comment

by:bjove
ID: 33723611
On Loc1:
 - all device in VLAN 10 should have default gateway 191.168.0.1 .
 - all device in VLAN 42 should have default gateway 172.50.0.1 .
Delete all other routes on other switches in Loc1.
Same for Loc2.
0
 

Author Comment

by:hayesie
ID: 33727410
Yes I came to that conclusion myself, but the workstation in the remote locale Location 2, cannot log onto the domain.  Some of the devices have more than one VLAN, so in that case I used 10.1.0.1 or 10.1.1.1 as the gateway.
Are you saying that the gateway on LOC 2 should also be 191.168.0.1 or 172.50.0.1, should they not be 191.169.1.0 and 172.50.1.0 ?
0
 
LVL 4

Expert Comment

by:bjove
ID: 33727894
On Loc2 191.169.1.1 and 172.50.1.1 .
0
 

Author Comment

by:hayesie
ID: 33728024
I can ping all over location 1 or 2 from/to either side.  It is just the workstations in location 2 (remote) now that are having issues.  Attached an up dated sh ip route and ip route config in a word doc.
At loc 2 workstation
VLAN 10
191.169.1.51/24
GW: 191.169.1.1
should the DNS server be typed in? even though it is on the 191.168.0.X network?

VLAN 42
192.9.211.3/24
192.9.211.1
DNS Server IP?

BTW I had to change my VLAN 42 IP's due to another system.  This system also has a server in Loc 1, which I can ping from Loc 2 fine as the servers gateway is 192.9.210.9 (which is now Loc 1 switch)

Loc-1.doc
0
 
LVL 4

Accepted Solution

by:
bjove earned 500 total points
ID: 33728273
should the DNS server be typed in? even though it is on the 191.168.0.X network? --- YES
What is the IP address of domain controler?
0
 

Author Comment

by:hayesie
ID: 33729001
191.168.0.10
 for the VLAN 10 machine
0
 

Author Comment

by:hayesie
ID: 33729263
Thanks, bjove!  Between you and me, the system in the remote locale is now on the local domain.  Putting in the DNS address was the final trick, it has been a learning experience for me.  Now to document all this to my memory banks in a logical matter.  Thanks again.
0

Featured Post

Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

So, you're experiencing issues on your network and you've decided that you need to perform some tests to determine whether your cabling is good.  You're likely thinking that you may need to spend money which you probably don't have on hiring/purchas…
Arrow Electronics was searching for a KVM  (Keyboard/Video/Mouse) switch that could display on one single monitor the current status of all units being tested on the rack.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question