Solved

Cisco 3750 Router to Nortel VPN and GRE Tunnel Cannot see domain...

Posted on 2010-09-20
10
1,042 Views
Last Modified: 2012-05-10
Have a network with several vlans running.  Recently added Nortel 1100 Contivity VPN's that are at each end of a GRE Tunnel.
Location 1 - 3750 router enabled
Vlan 10 Network A 191.168.0.1/16
Vlan 42 Network B 172.50.0.1/27
Vlan 99 Management Network 10.1.0.1/24
GW 10.1.0.2

Port g1/0/24 connected to Nortel
Switchport access vlan 99
Ports g1/0/25
trunked port allowing all vlans through

Connected to Nortel 1100 Contivity
Private IP 10.1.0.2/24
Public IP 10.191.X.X/24
GW 10.1.0.1

Connected to Telus device going out into a cloud GRE Tunnel to Location 2 - IP's unknown (config'd by other dept)

Location 2 - 3750 router enabled
Vlan 10 Network A 191.169.1.1/24
Vlan 42 Network B 172.50.1.1/27
Vlan 99 Management Network 10.1.1.1/24
GW 10.1.1.2

Port g1/0/24 Connected to Nortel
switchport access vlan 99
Ports g1/0/25
trunked port allowing all vlans through (HP2524 hangs off this for workstations)

Connected to Nortel 1100 Contivity
Private IP 10.1.1.2/24
Public IP 10.23.X.X/24
GW 10.1.1.1

Connected to Telus device going out into a cloud GRE Tunnel to Location 1 - IP's unknown (config'd by other dept)

Am able to ping, connectivity is not the problem.

Main network is at location 1. At this location there is several switches with similar config as below.

Switch 1 - 3750-12S switch from Port Location 1 - 3750 Router G1/0/25
Connected on Port g1/0/12
Vlan 10 Network A 191.168.0.19/16
Vlan 42 Network B 172.50.0.4/27
Vlan 99 Mgmt Network 10.1.0.4/24
Trunked port allowing all three vlans through

THE PROBLEM:
At location 2 there is a workstation with IP of VLAN 10 191.169.1.51/24 default GW: 191.169.1.1
It can ping Location 1 and 2 switches, but not the switch after Loc 1 switch which would take it out to the network where the domain controller resides.  I know the IP addressing for a private network is wrong, so please do not dwell on that.  I need to be able to ping beyond the Loc 1 switch.

Attached ip router config from both loc 1 and 2.

Thanks for any help, this is becoming critical. Loc1.txt Loc2.txt
0
Comment
Question by:hayesie
  • 6
  • 4
10 Comments
 
LVL 4

Expert Comment

by:bjove
ID: 33720018
What is the output of tracert command on workstation toward 191.168.0.19 .
0
 

Author Comment

by:hayesie
ID: 33720885
Okay, just found out that it is not the route and you were on the right track bjove...the wrkstn is 3 hours away, so cannot look at it.  But I added the default-gateway of 10.1.0.1 to Switch 1 - 3750-12S switch.  And am able to ping to it now from location 2.  Attached is basic diagram showing switch path to Domain Controller and to location of feed that all has to go to location 2.  I am now confused as to what my default gateway should be on switches.  I have made the network smaller than it is in reality to save space.  But would I have GW 10.1.0.1 on SW2 - 6 or GW 10.1.0.4 on SW2, GW 10.1.0.5 on SW3?  I am obviously not grasping the concept of default gateway....and lack of sleep due to this project and time spent at work is starting to make me croggy.  Thanks for any help.
Drawing1.jpg
0
 

Author Comment

by:hayesie
ID: 33721321
Okay, am thinking now that the Gateway on the workstations will be the Loc 1 3750 IP if they are at loc 1, and loc 2's IP if at loc 2.  The switches beyond the Loc1 will have the default gateway of Loc 1 10.1.0.1 if all 3 VLANS are on there or only VLAN 10 IP of Loc 1 if only a VLAN 10 switch, only VLAN 42 IP of Loc 1 if only VLAN 42 if they are in LOC 1.

Is this correct?
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 4

Expert Comment

by:bjove
ID: 33723611
On Loc1:
 - all device in VLAN 10 should have default gateway 191.168.0.1 .
 - all device in VLAN 42 should have default gateway 172.50.0.1 .
Delete all other routes on other switches in Loc1.
Same for Loc2.
0
 

Author Comment

by:hayesie
ID: 33727410
Yes I came to that conclusion myself, but the workstation in the remote locale Location 2, cannot log onto the domain.  Some of the devices have more than one VLAN, so in that case I used 10.1.0.1 or 10.1.1.1 as the gateway.
Are you saying that the gateway on LOC 2 should also be 191.168.0.1 or 172.50.0.1, should they not be 191.169.1.0 and 172.50.1.0 ?
0
 
LVL 4

Expert Comment

by:bjove
ID: 33727894
On Loc2 191.169.1.1 and 172.50.1.1 .
0
 

Author Comment

by:hayesie
ID: 33728024
I can ping all over location 1 or 2 from/to either side.  It is just the workstations in location 2 (remote) now that are having issues.  Attached an up dated sh ip route and ip route config in a word doc.
At loc 2 workstation
VLAN 10
191.169.1.51/24
GW: 191.169.1.1
should the DNS server be typed in? even though it is on the 191.168.0.X network?

VLAN 42
192.9.211.3/24
192.9.211.1
DNS Server IP?

BTW I had to change my VLAN 42 IP's due to another system.  This system also has a server in Loc 1, which I can ping from Loc 2 fine as the servers gateway is 192.9.210.9 (which is now Loc 1 switch)

Loc-1.doc
0
 
LVL 4

Accepted Solution

by:
bjove earned 500 total points
ID: 33728273
should the DNS server be typed in? even though it is on the 191.168.0.X network? --- YES
What is the IP address of domain controler?
0
 

Author Comment

by:hayesie
ID: 33729001
191.168.0.10
 for the VLAN 10 machine
0
 

Author Comment

by:hayesie
ID: 33729263
Thanks, bjove!  Between you and me, the system in the remote locale is now on the local domain.  Putting in the DNS address was the final trick, it has been a learning experience for me.  Now to document all this to my memory banks in a logical matter.  Thanks again.
0

Featured Post

Webinar: Aligning, Automating, Winning

Join Dan Russo, Senior Manager of Operations Intelligence, for an in-depth discussion on how Dealertrack, leading provider of integrated digital solutions for the automotive industry, transformed their DevOps processes to increase collaboration and move with greater velocity.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How do I modify Ubigate for new ISP? 2 102
Identify bottom to remote server 2 59
Sonicwall blocks a site 49 91
adjusting startup config 6 24
This article is in response to a question (http://www.experts-exchange.com/Networking/Network_Management/Network_Analysis/Q_28230497.html) here at Experts Exchange. The Original Poster (OP) requires a utility that will accept a list of IP addresses …
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question