?
Solved

routing issue

Posted on 2011-10-26
7
Medium Priority
?
257 Views
Last Modified: 2012-08-13
My workstation is connected to the switch and i have a router connected to the switch. The default route from router points to 10.201.128.21
the fa0/1 of the router is 10.201.128.20
from router i can ping .21
from my workstation i can ping the .20 interface of the router but i cannot ping the "other" side .128.21

when i do tracert from the workstation , icmp makes it to the router 172.16.14.240 but it dies there.....

i was told that in order to hit .21 network i have to create access list so to connect to the following ports.

UDP destination ports 48129-48137
and TCP destination ports

8194-8198
8209-8220
8290-8264

any ideas  on how to create these access lists??
0
Comment
Question by:c_hockland
  • 3
  • 2
  • 2
7 Comments
 
LVL 17

Expert Comment

by:Marius Gunnerud
ID: 37036435
What router are you using?
0
 

Author Comment

by:c_hockland
ID: 37036913
cisco 2600
and doesnt take the distribution-list comand...
0
 
LVL 18

Accepted Solution

by:
jmeggers earned 1000 total points
ID: 37036983
The first question, before you even think about ACLs, is does the destination router know where to send return traffic?  If you're not advertising a route for the subnet that the host is sitting on from .20 to the .21 router, then .21 may not know where to find that host's subnet, and it may be just dropping the traffic because it doesn't have a route.  The fact that you can ping from the .20 router is because the traffic is originating on the directly connected subnet, so .21 knows where that is.

Start there and then we'll look at whether adjustments to ACLs are needed.  There is no "distribution-list" command.  What you're thinking of is a distribute-list, which is used to filter what routes are sent or received by a routing protocol.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:c_hockland
ID: 37037030
u r right . My router .20 doesnt advertise any network outside. So .21 doesnt know how to return.
Do i need to NAT my IP's or how else can i advertise ? Using eigrp maybe ?
0
 
LVL 17

Assisted Solution

by:Marius Gunnerud
Marius Gunnerud earned 1000 total points
ID: 37037097
I would agree with jmeggers that routes would need to be added to the .21 router. That can be done using a routing protocol or adding static routes to the .21 router.
0
 

Author Comment

by:c_hockland
ID: 37037154
They folks at .21 netwok asked me to add these on my router ( based on Ports traffic)
but i cannot use the distribute-list on my router

ip prefix-list ABC seq 5 permit 69.184.0.0/26 le 32
ip prefix-list ABC seq 10 permit 199.105.178.0/26 le 32
ip prefix-list ABC seq 15 permit 208.134.161.0/26 le 32
ip prefix-list ABC seq 20 permit 199.105.176.0/21 le 32
ip prefix-list ABC seq 25 permit 199.105.184.0/23 le 32


distribute-list prefix ABC out int fa0/1
0
 
LVL 18

Expert Comment

by:jmeggers
ID: 37062885
A prefix-list is usually configured in the routing protocol itself, not in the general configuration.  As in:

ip prefix-list  ABC  seq 5 permit 0.0.0.0/0

router bgp 300
 network 1.0.0.0
 network 2.0.0.0
 neighbor 10.10.10.10 remote-as 100
 neighbor 10.10.10.10  prefix-list  ABC in

What routing protocol are you running?
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We've been using the Cisco/Linksys RV042 for years as: - an internet Gateway - a site-to-site VPN device - a leased line site-to-site subnet-to-subnet interface (And, here I'm assuming that any RV0xx behaves the same way as an RV042.  So that's …
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question