Solved

VLAN Routing Help - Cisco 2620

Posted on 2013-02-03
64
697 Views
Last Modified: 2013-02-07
I need help with vlan routing and obviously I am not a networking expert.  I set up this configuration(see attachment) on a Cisco 2620XM router and I also setup the VLANS on my HP 2510 switches and tagged the ports but I cannot ping  172.20.20.10 network or 192.168.10.10 addresses.

Also, when I setup a device on the 172.20.20x network, the subnet mask is 255.255.0.0 - is this correct?

Any help is greatly appreciated.

Thanks.

Dan M.
my-router.txt
0
Comment
Question by:danmoro
  • 34
  • 25
  • 5
64 Comments
 
LVL 57

Expert Comment

by:giltjr
ID: 38849392
--> Also, when I setup a device on the 172.20.20x network, the subnet mask is 255.255.0.0 - is this correct?

Assuming you really meant 172.20.20.x the subnet mask I would expect to see is 255.255.255.0.   However you you mean 172.20.x.x, then 255.255.0.0 would be correct.

A mask of 255.255.255.0 gives you about 253 possible hosts on the same network.  A mask of 255.255.0.0 gives you 65K.  How many hosts do you want?

What device do you want to do the routing for the 172.20.20.x?  The 2620 does not seem to have an IP address on that subnet.
0
 

Author Comment

by:danmoro
ID: 38849424
I wouldnt need more than 253 so 172.20.20.x is fine.  I will use subnet mask of 255.255.255.0.

Also, just realized on the router I have 172.10.20.1, I will fix that and see if that does it.

Is this what the route should look like:

ip route 192.168.0.0 255.255.255.0 172.20.20.0

or this:

ip route 192.168.0.0 255.255.255.0 172.20.0.0

Thanks,
0
 

Author Comment

by:danmoro
ID: 38849462
When I setup a machine on the 172 network, would this be the correct settings:

IP: 172.20.20.5
SN: 255.255.255.0
GW: 172.20.20.1

?
0
 
LVL 57

Expert Comment

by:giltjr
ID: 38849520
What device has the IP address of 172.20.20.1?

The route statement should be:

ip route 192.168.0.0 255.255.255.0 172.20.20.1

This says if you want to talk to any host on 192.168.0.0/24 you need to go through 172.20.20.1.
0
 

Author Comment

by:danmoro
ID: 38849529
Most of my network is on the 192.168.0.X subnet.  

192.168.0.1 is my Cisco router IP
172.20.20.1 is the sub-interface IP I setup (VLAN 100)

I have some devices that are 172.20.20.x and I want the 192.168.0.x subnet to be able to access them.

What would the ip routing be for that?

Thanks.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 38849644
Well, that could be part of your problem.  You have VLAN 100 on the 2620 configured wrong:

interface FastEthernet0/0.100
 encapsulation dot1Q 100
 ip address 172.10.20.1 255.255.0.0
 no ip route-cache

Notice you have ten as the second octet intead of 20 and you need to change the subnet mask to 255.255.255.0.  It should look like:

interface FastEthernet0/0.100
 encapsulation dot1Q 100
 ip address 172.20.20.1 255.255.255.0
 no ip route-cache
0
 

Author Comment

by:danmoro
ID: 38849758
Yes I noticed that and fixed it.  Is my routing correct though?

ip route 192.168.0.0 255.255.255.0 172.20.0.0
0
 
LVL 57

Expert Comment

by:giltjr
ID: 38849775
No,  it needs to be :

ip route 192.168.0.0 255.255.255.0 172.20.20.1
0
 
LVL 18

Expert Comment

by:Akinsd
ID: 38849798
ip route 192.168.0.0 255.255.255.0 172.20.20.1

The network you are routing from with it's subnet address and the interface it is going out from.

The interface would usually be the gateway address (but not necessarily).
That's what giltjr is trying to tell you the two times he repeated it.

You would still have to create another static route from the 172.20.20.x network back to 192.168.0.0 /24 network to complete the cycle.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 38849800
Just noticed that you have 3 routes that are going to cause you problems:

ip route 192.168.0.0 255.255.255.0 172.20.0.0
ip route 192.168.0.0 255.255.255.0 10.0.0.0
ip route 192.168.0.0 255.255.255.0 192.168.10.0

A route statement says "If you want to get to A you need to through B".  The problem is you have 3 statements that have the same A (192.168.0.0/24), but 3 different B's (172.20.20.1, 10.0.0.0, 192.168.10.0).  The last 2 are invalid by the way.  The "through B' part must point to a valid IP address, not a whole network.

Also, what router are you doing eigrp with?
0
 
LVL 57

Expert Comment

by:giltjr
ID: 38849805
Look at the original config you should not need those 3 route statements.  The route statements where you have them tell this router (the 2620) where to route packets to those subnets.  The 2620 is in all 3 of those network and thus already knows how to get to those networks because it is connected to them.
0
 
LVL 18

Expert Comment

by:Akinsd
ID: 38849814
Is there any reason you are running eigrp andrip together?
This will cause unnecessary processor cycle on your router and bug it down.

Questions
How many routers are you using?

Is the 192....network and the 172.... on the same router?

If yes, then you don't need any static routes, since you have eigrp running.
Just create advertisements on the eigrp route

network 192.168.10.0 0.0.0.255
network 172.20.20.0 0.0.0.255
remove any static routes you created.


The router will converge all routes between the 2 interfaces

Can you post the result of "show ip int br"
0
 

Author Comment

by:danmoro
ID: 38849893
OK, yeah those are 3 routes that I added myself because I thought that would allow my 192.168.0.x network to talk to the other networks.  

This is all on one router.  I apologize for my inexperience and asking the same questions, i just wanted to be sure that I was explaining my issues correctly.

My entire network is on 192.168.0.x and has no problems communication with each other and our other location in Ohio which is 192.168.1.x.

I just added these VLANS/subnets for VMware and was hoping the router changes would be easy enough to do myself, instead of waiting for a network consultant to do them for me.

I will remove the static routes and edit the eigrp as you mentioned and let you know the results.

Thank you!
0
 

Author Comment

by:danmoro
ID: 38849951
OK, so I made changes, does this look correct?

Also, when I setup IP address on server in 172 network, should the gateway be 172.20.20.1?

Thanks again for the help.  I appreciate you taking the time to help.
my-router.txt
0
 
LVL 57

Expert Comment

by:giltjr
ID: 38850848
You have eigrp setup on the 2620.  This is a "routing" protocol which is only needed when there is two or more routers that need to exchange IP routing table information dynamically.

So either you have a second router in the picture or you have eigrp setup for no reason at all.

There are at least two other routers:

200.1.2.200
192.168.1.1

Because you have routes setup pointing to them. Are you doing eigrp with one or both of them?

I am also a bit confused with the dialer list stuff:

access-list 100 deny   eigrp any any
access-list 100 permit ip any any
dialer-list 1 protocol ip list 100

The syntax is correct, but unless I am really missing something I don't see where you have any dial-up lines.  They all seem to be either Ethernet or a leased T1.
0
 

Author Comment

by:danmoro
ID: 38851133
You are correct 192.168.1.1 is a router at a remote site - connected through a private t1 link.  And now I am looking at the config on that and the eigrp 100 is setup.

200.1.2.200 is our internal Cisco firewall IP.  (that IP was setup years ago before I came along).  I thought about changing to 192.168.0.x but not knowing enough about networking, routers, firewalls - I thought safer to leave alone since it is working.

The dialer list stuff is from a backup ISDN we had to cover connection to remote site.  And we also had a modem hooked up to router for remote support.  I left that off the config I sent because I didn't think it was necessary.

We do not have any problems connecting with remote site or any hosts on the 192.168.0.x subnet.  Only having problems pinging devices on 172.20.20.x network.

Is there anything else I need to add/edit on router config to allow connection to 172.20.20.x subnet?

Thanks.
0
 
LVL 18

Expert Comment

by:Akinsd
ID: 38851317
You can help us help you quicker if you post the results of
"show ip int br) on both of your routers.

You are just making us guess.

I think the 200.1.2.200 is a loopback interface.

Please make a network diagram.
Network issues are resolved faster when you know what is connected and how they are connected. A good network diagram and show commands will facilitate this
0
 
LVL 57

Expert Comment

by:giltjr
ID: 38851647
Yes a diagram may help.

I just noticed that you don't have an interface that is on the same subnet as 200.1.2.200.

Which means you are either getting routes from eirgp or rip or you can't reach 200.1.2.200.

If you are getting route updates from eirgp/rip, then you don't need to code the routes where you need to go through 200.1.2.200.

You are also redistributing the network 200.1.2.0, which I don't think you should be.

Can you also post the output from:

 show ip eigrp interfaces
show ip eigrp topology
0
 

Author Comment

by:danmoro
ID: 38851797
200.1.2.200 is the inside interface of our firewall.  That I am sure of.  I will draw a diagram and run commands and post results shortly.
0
 

Author Comment

by:danmoro
ID: 38852561
Well here goes.  My network diagram skills are lacking a little bit but I hope this gives you a good idea.  I want my 192.168.x hosts to be able to reach my 172.20.20.x devices.

I've attached the diagram, full configuration and the "show eigrp" commands you asked for.

Thanks for your help.
my-router.txt
network-130204153155-0001.pdf
show-eigrp-output.txt
0
 
LVL 57

Expert Comment

by:giltjr
ID: 38852617
I look at these later tonight.  

Can you also post the output from show ip route?  Thanks a lot.

Are the HP switches L3 enabled?  Are they doing any routing?

Is the last router config the from the same router you have been posting the config from?  it has quite a few differences, such as all of a sudden Fa0/0 has a secondary IP address that was not there before.  There is also what appears to be an ISDN connection that was not there before.
0
 

Author Comment

by:danmoro
ID: 38852939
Yes that is same router.  Initially I only sent what i thought was necessary to resolve problem.  My bad.

ISDN used to serve as backup connection between sites.  We no longer we have that.  We now use site to site VPN connection as backup between NJ-OHIO.

First switch after router is HP 1910 which is capable of L3 routing but there is none setup on it.  Other HP switches are ProCurve 2510G-24 (L2), no routing on them.

Only thing I did on switches is setup VLANS and tag ports that are passing traffic for those networks.

When I setup a device on 172
show-ip-route.txt
0
 

Author Comment

by:danmoro
ID: 38852943
When I setup a host on 172 network, should the gateway be the 172.20.20.1 address?  Or something else?

Thanks.
0
 
LVL 18

Expert Comment

by:Akinsd
ID: 38853122
The gateway for any hons on Vlan 100 is 172.20.20.1

interface FastEthernet0/0.100
 encapsulation dot1Q 100
 ip address 172.20.20.1 255.255.255.0
 no ip route-cache
!
0
 
LVL 57

Expert Comment

by:giltjr
ID: 38853497
Any host on VLAN 100 (172.20.20.1) should point to 172.20.20.1 as its default route/gateway.

You should be able to get by with the following eigrp configuration:

router eigrp 100
 redistribute connected
 no auto-summary
 no eigrp log-neighbor-changes

Since you have redistribute connected all subnets that this 2620 is directly connected to will be automatically redistributed.  If you look at the output from "show ip route" lines that start with "C" will be redistributed to the remote 2620.

You also have the following static routes defined:

ip route 0.0.0.0 0.0.0.0 200.1.2.200
ip route 192.168.1.0 255.255.255.0 200.1.2.200 200
ip route 192.168.99.0 255.255.255.0 192.168.1.1
ip route 200.1.1.0 255.255.255.0 192.168.1.1 200

You have no IP address on the 192.168.1.1/24 subnet.  So statement #3 and 4 are useless.

The defualt route is fine.

The route to 192.168.1.0 confused me a first, but then I noticed in your diagram you have a VPN tunnle between the two sites firewalls, so this route will be used as a backup if the T1 goes down.


All hosts on the following subnets should be able to talk to 172.20.20.0/24:

192.168.4.0/24
192.168.5.2/24
192.168.10.1/24
192.168.0.1/24

Do you have access to the remote 2620?  If so you need to do:

show ip eigrp interfaces
show ip eigrp topology
show ip route

I still have to think about this, but this should simplify your config.  Hopefully you have a test window where you can make the changes and verify they work.  Of course you need to save off the current configuration, save the new configuration externally before you do a write mem.  I would let the new config run for a week or so before you do a write mem.  That way if something really bad happens, you just reload the old config and go back to the current config.
0
 

Author Comment

by:danmoro
ID: 38853564
Thanks again for taking time to write this up.

Ok will make those changes and test tomorrow. I am not at site now and don't want to take any chances.

On the switches, am I correct in all that I should have to do is add the VLANs and tag the ports involved?

I will let you know results from remote router as well.
0
 

Author Comment

by:danmoro
ID: 38853591
Here are the commands from ohio router and also config from that router, which is a Cisco 2620 as well.

Like I mentioned earlier, the 192.168.5.x addresses were used as backup ISDN connection between sites but that has been replaced by site-site VPN connection over internet.
ohio-router-config.txt
ohio-router-commands.txt
0
 

Author Comment

by:danmoro
ID: 38857057
Changed router config(eigrp) to below:

router eigrp 100
redistribute connected
no auto-summary
no eigrp log-neighbor-changes


Can ping 172.20.20.1 from my 192.168.0.x hosts
but cannot ping any 172.20.20.x hosts from the 192.168.0.x machines..

Do I need to add a route?
my-router.txt
0
 
LVL 57

Expert Comment

by:giltjr
ID: 38857519
You should not need to because 192.168.0.0/24 and 172.20.20.0/24 are on the same router.  Of course I am assuming that the PC in the 192.168.0.0/24 are pointing to 192.168.0.1 as their default router/gateway.

What IP address does the hosts in the 192.168.0.0/24 point to has their default gateway/router?

Can you show the output on the 2620 from the command:

show ip route

and the output from one of the PC in the 192.168.0.0/24 subnet using the command:

route print
0
 

Author Comment

by:danmoro
ID: 38857611
Yes all 192 hosts use 192.168.0.1 as the gateway.

Just to be clear with VLANS, on the switches, I have tagged all the ports that will pass any traffic  for the 172.20.200/24 network with VLAN 100, including the ports connected to router and port links to other switches.  Is that correct?

I've attached the commands you asked for.

Thanks again,
commands.txt
0
 

Author Comment

by:danmoro
ID: 38857621
I meant 172.20.20.0/24 network
0
 
LVL 57

Expert Comment

by:giltjr
ID: 38857697
Opps, you need to make sure all the hosts in the 172.20.20.0/24 subnet point to 172.20.20.1 as their default route.

From a host on the 192.168.0.0/24 subnet can you do a tracert to a host on the 172.20.20.0/24 subnet.

The routing tables look fine as far as 172.20.20.0/24 and 192.168.0.0/24.  I do see that some of the routes that were distributed via eirgp from the "remote 2620" are not there, but we can deal with that after we get the ping fixed for the other two subnets.
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:danmoro
ID: 38857786
Just getting timeouts when I do a tracert..

Yes my host does have 172.20.20.1 as gateway.  Right now I only have one VM host setup with 172.20.20.5 address.

I am not in office now but when I was earlier I hooked my laptop up to switch and gave it a 172 address and I could not ping it either.

Wonder if its something on switches?  I tagged all ports with VLAN 100.
Capture.PNG
0
 
LVL 57

Expert Comment

by:giltjr
ID: 38857812
Can 172.20.20.5 ping 172.20.20.1?  If not then the tagging VLAN 100 is not working correctly.

What type of switch are you using?
0
 

Author Comment

by:danmoro
ID: 38857824
No it can not ping 172.20.20.1.  I will have to double-check switches again.

I am using HP 2510G-24.  Should I just tag all ports or does that defeat the purpose?
0
 
LVL 57

Accepted Solution

by:
giltjr earned 500 total points
ID: 38857834
You only need to tag the ports that you will have hosts on the 172.20.20.0/24 subnet.

You also need to make sure that the port the 2620 is connected to is setup to tag vlan 100.

Are you still doing this from a virtual machine?  If so, how is the networking setup?
0
 

Author Comment

by:danmoro
ID: 38857845
I set the management IP on one of the ESX hosts with 172.20.20.5 and I cannot ping it or see it from Virtual Center.  I did tag the ports with VLAN 100 and also the connection port to router.  

Seems like the router is setup correctly now so I will have to play around with switches and a few more test machines on 172 network tomorrow.

I will let you know how it goes.  Thanks for all of your help.

Dan M
0
 
LVL 57

Expert Comment

by:giltjr
ID: 38857887
Don't know much about how to setup ESX.  That is another group in our company.
0
 

Author Comment

by:danmoro
ID: 38857915
Pretty sure it is setup right because when I set them on 192 subnet, they work fine.  Must be a switch/vlan issue.  Thanks for the help with the router.
0
 

Author Closing Comment

by:danmoro
ID: 38857917
Thanks again for all the help with router!
0
 
LVL 57

Expert Comment

by:giltjr
ID: 38858082
Thanks for the points.

I am assuming that when you flip them from one VLAN to the other you are changing the VLAN tag on the port the ESX server is on or adding VLAN 100 as a tagged VLAN on that port.

If you have multiple VLAN's going into the ESX server, did you setup the VSWITCH to tag VLAN 100?

There is one difference when you put the 192.168.0.0/24 on the ESX server.  That subnet is untagged so the switch does not need to tag anything on that VLAN.
0
 

Author Comment

by:danmoro
ID: 38859844
Yes, I tagged the port group on the vSwitch with VLAN 100 so I dont think that is my issue.  I just plugged my laptop into a port that was tagged with VLAN 100 and I gave it a 172 address and I cannot ping the 172.20.20.1 gateway.

I need to look a little deeper into switch configs although it seemed pretty straightforward.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 38860572
Can you get two physical computers, configure them with IP addresses in 172.20.20.0/24 subnet, connect them to the HP switch and configure their ports with VLAN 100 untagged and try and ping between them?

Now, as I was typing the above something hit me.  When you setup the ports on the switch you put them on VLAN 100, however is VLAN 100 defined as tagged or untagged?

If you defined it as tagged, then the computers must be setup to support VLAN tagging.

I guess some of this was me.  If you only have one VLAN on a port it does not need to be defined as tagged, but the port needs to know about it.  I believe in the HP world you would get into configuration and issue the command:

vlan 100 untagged #

Where # is the switch port you want VLAN 100 on, but untagged.
0
 

Author Comment

by:danmoro
ID: 38861272
Problem solved.  It was a tagging issue.  The ports connecting switches to each other and the router were 'untagged' with the VLANS.  Realizing that switches/routers are VLAN aware (dumb on my part not to think of that earlier), they had to be 'tagged' ports.  

All is well and good now.  Thanks again :)
0
 
LVL 57

Expert Comment

by:giltjr
ID: 38861418
Great.  Yes anytime you want more than one VLAN to go across a port you need to tag.  The exception is you can leave one VLAN untagged.  In the Cisco world this is called the native VLAN and the native VLAN is used to exchange "special" switch to switch type communications.  Even in the Cisco world they are now recommending that you tag the native VLAN.

If you have not you still need to test ping'ing hosts on subnets on the other 2620.  Like I said, in your last show ip route none of the routes that should be distributed using eigrp did not seem to be there.
0
 

Author Comment

by:danmoro
ID: 38861474
OK I will test that later tonight.  You mean pinging 192.168.1.0/24 hosts from the 172 network right?  The only working subnet right now on the other side (Ohio) is 192.168.1.x.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 38861542
It looks like you have static route to that subnet through the VPN.

If you go back to your post:

http://www.experts-exchange.com/Networking/Misc/Q_28018512.html#a38852939

and look at the output of the show ip route, you will see routes that have a "D" in front of them.  That means they were dynamically learned using eigrp.  In your last show  ip route there were no D lines.  However, if the T1 was down, then you would not have any.
0
 

Author Comment

by:danmoro
ID: 38862324
I have another question.  Lets say I wanted to put a 172.20.20.0/24 hosts in OHIO behind the 192.168.1.1 router?  Would I be able to do that and would they be able to talk with the 172.20.20.0/24 hosts on my end (NJ)?
0
 

Author Comment

by:danmoro
ID: 38862338
Ohio router is setup like this:

!
router eigrp 100
 redistribute connected
 network 192.168.1.0
 network 192.168.4.0
 network 200.1.1.0
 no auto-summary
 no eigrp log-neighbor-changes

Should I remove the network lines like I did on my router?  

Is there anyway to initiate the  dynamically "learned" routes.  Or does that happen automatically?  Excuse my ignorance.  I only learned about this from your post above.
0
 

Author Comment

by:danmoro
ID: 38862340
Should I open up another thread for this?
0
 
LVL 57

Expert Comment

by:giltjr
ID: 38862356
You may want to open another thread.  I'm not that familiar with eigrp.  We use OSPF due to the fact we need to exchange routes with non-Cisco devices.

That being said:

The routes should be exchanged dynamically as long as the partners see each other.

You should not need those lines if that router is directly connected to those networks. The statement:

redistribute connected

says to send let eigrp partners know about any networks that are directly connected to this router.  You may want to issue the commands:

show ip eigrp interfaces
show ip eigrp topology

again to make sure they still see each other.
0
 

Author Comment

by:danmoro
ID: 38862394
This is from Ohio router:

IP-EIGRP interfaces for process 100

                        Xmit Queue   Mean   Pacing Time   Multicast    Pending
Interface        Peers  Un/Reliable  SRTT   Un/Reliable   Flow Timer   Routes
Fa0/0              0        0/0         0       0/10           0           0
Se0/0              0        0/0         0       0/11         175           0


ohio#show ip eigrp topology
IP-EIGRP Topology Table for AS(100)/ID(192.168.5.1)

Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
       r - reply Status, s - sia Status

P 192.168.1.0/24, 1 successors, FD is 28160
        via Connected, FastEthernet0/0
P 192.168.4.0/24, 1 successors, FD is 1761792
        via Connected, Serial0/0
P 192.168.4.1/32, 1 successors, FD is 1761792
        via Rconnected (1761792/0)
P 192.168.5.0/24, 1 successors, FD is 40512000
        via Rconnected (40512000/0)
P 200.1.1.0/24, 1 successors, FD is 28160
        via Connected, FastEthernet0/0
0
 

Author Comment

by:danmoro
ID: 38862403
This is after I removed the networks from eigrp 100 on Ohio router:

ohio#show ip eigrp interfaces
IP-EIGRP interfaces for process 100

                        Xmit Queue   Mean   Pacing Time   Multicast    Pending
Interface        Peers  Un/Reliable  SRTT   Un/Reliable   Flow Timer   Routes
ohio#show ip eigrp topology
IP-EIGRP Topology Table for AS(100)/ID(192.168.5.1)

Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
       r - reply Status, s - sia Status

P 192.168.1.0/24, 1 successors, FD is 28160
        via Rconnected (28160/0)
P 192.168.4.0/24, 1 successors, FD is 1761792
        via Rconnected (1761792/0)
P 192.168.4.1/32, 1 successors, FD is 1761792
        via Rconnected (1761792/0)
P 192.168.5.0/24, 1 successors, FD is 40512000
        via Rconnected (40512000/0)
P 200.1.1.0/24, 1 successors, FD is 28160
        via Rconnected (28160/0)
0
 

Author Comment

by:danmoro
ID: 38862429
If I were to create VLAN 100 on the Ohio router FA0/0.100 with IP of 172.20.20.2, would that then allow hosts on that side to see my 172.20.20.x hosts?
0
 
LVL 57

Expert Comment

by:giltjr
ID: 38862463
You may want to issue the command:

show ip eigrp neighbors

Then try adding a default metric to your eigrp config:

router eigrp 100
default-metric 1540 ## 255 1 1500

Where ## is the latency between the two 2620 in ms multiplied by 10.

So if the latency between the two is 100ms, you would code 10000.  Does not need to be exact, if the latency is 3 ms, you can code 50.

If that does not work, then you should add back the network statements and open another question.  Even if it does work you may want to open a question.  It seems that distributing connected networks is not best practices.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 38862465
In respond to your question about putting VLAN 100 on the Ohio router, DON'T.

That will only confuse the routers and cause problems.
0
 

Author Comment

by:danmoro
ID: 38862530
OK thanks for that advice on VLAN 100.

I will open up another question about the eigrp.

How would I get the latency between the routers?  Just use the ping time?
0
 

Author Comment

by:danmoro
ID: 38862558
One last question, when I connect to my network via VPN, I get a 200.1.4.x address.

When connected via VPN, I cannot reach the 172 subnet.  Is there a quick route I can add to the router to allow this?
0
 
LVL 57

Expert Comment

by:giltjr
ID: 38863743
Ping is correct tool for getting the latency.

You can add a root the the 2620, however, I don't see where there is a 200.1.4.x network in any of your diagrams, so I don't know where to forward it to.  You need to just route traffic to that subnet (200.1.4.x, I am assuming it 200.1.4.0/24) to whatever device is handing out those IP addresses.
0
 

Author Comment

by:danmoro
ID: 38863908
So if the firewall(200.1.2.200) is giving me that address, would the route be:

ip route 172.20.20.0 255.255.255.0 200.1.4.0

???
0
 
LVL 57

Expert Comment

by:giltjr
ID: 38864231
In the 2620 you would need to code:

ip route 200.1.4.0 255.255.255.0 200.1.2.200

This tells the 2620 that if the destination IP address is between 200.1.4.1 - .254 that it needs to send it through 200.1.2.200.
0
 
LVL 18

Expert Comment

by:Akinsd
ID: 38864801
I had a feeling this was going to happen.

"Route Redistribution"
0
 

Author Comment

by:danmoro
ID: 38864835
OK thanks.  That route will allow my 200.1.4.0/24 hosts to see my 172 subnet?

Or should I also add a static route on the firewall (200.1.2.200)?
0
 
LVL 57

Expert Comment

by:giltjr
ID: 38865109
If you don't already have one, you need route on the firewall that says:

"If you want to get to 172.20.20.0/24 you need to talk to 200.1.2.150".

I will have to look, but you should have needed routes similar to this on the firewall to get to the subnets in Ohio and routes like the other on on the router in Ohio to get to the   200.1.4.0/24 subnet.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
not output on the show arp command 5 45
Server Room Hardware 5 50
Sonicwall routing between VPNs 5 28
cisco nexus experiance 2 30
#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now