Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Setting up a router with 29 Global IPs, BUT can't ping router internal interface from server or server interface from router

Reply
Thread Tools

Setting up a router with 29 Global IPs, BUT can't ping router internal interface from server or server interface from router

 
 
war_wheelan@yahoo.com
Guest
Posts: n/a
 
      12-11-2005
I just ordered FIOS from Verizon and received 29 distinct IP addresses.
I have a Cisco 2600 with 4 interfaces (FE 0/0, FE 0/1, Eth 1/0 and
Serial 1/0., but only the FastEthernet interfaces are configured. I
configured interface FE 0/0 with the global IP address 71.B.C.66 /24
and interface FE 0/1 with the reserved IP address of 172.18.8.66/16.

The router is connected to a Cisco 3500 switch as are the servers. The
routers default gateway is 71.B.C.6 and I can ping out to the Internet.
The switch has three VLANs defined, but all of the ports are part of
VLAN 1. The switche's default gateway is the same as the server(s)
192.168.2.1.

When connected to the router's console port, I can ping the Internet
but I can't ping the internal network. The oppsite is true for the
switch the switch can ping the internal network, but not the internal
interface of the router. The switches and servers arp tables don't
reference the routers internal network. Also the router acknowledges
that it is directly connected to the internal subnet 172.18..0.0/16.

I have attached the following files for reference - router's 'show
config', 'show ip route' and 'show arp, switches 'show config' and
'show arp' and the server's 'config /all' and 'netstat -r'.

Lastly, I can ping the router's external interface from the server(s).
Yet if I tracert to it the trace goes out the 192.168.2.1 server
default gateway and out over the Internel even though I have a
persistent route pointing to the 172.18.0.0 network on the server(s)

Router, Switch and Server Configuration Files

================================================== =========
CT_Router1#s config

version 12.0

hostname CT_Router1

clock timezone EDT -5
clock summer-time EDT recurring
ip subnet-zero
no ip source-route
no ip finger
no ip domain-lookup
ip domain-name fake.net
ip name-server 151.202.0.84
ip name-server 151.198.0.38
!

interface FastEthernet0/0
description INTERNET FACING INTERFACE
ip address 71.B.C .66 255.255.255.0
ip access-group 151 in
no ip directed-broadcast
full-duplex
no cdp enable
!
interface FastEthernet0/1
description INTERNAL INTERFACE VLAN 10
ip address 172.18.8.66 255.255.0.0
ip access-group 111 in
no ip redirects
no ip directed-broadcast
no cdp enable
!
interface Ethernet1/0 NOT Connected
!
ip classless
ip route 0.0.0.0 0.0.0.0 71.125.24.6
ip route 192.168.2.0 255.255.255.0 172.18.8.200 * This is the server's
address
!
access-list 111 remark *** INDSIDE INTERFACE (FA 0/1 172.18.8.66/16)
***
access-list 111 remark * ALLOW SPECIFIC TRAFFIC TO ROUTERS
access-list 111 permit icmp 172.18.0.0 0.0.255.255 host 71.124.25.66
access-list 111 permit icmp 172.18.0.0 0.0.255.255 host 172.18.8.66
access-list 111 permit udp host 172.18.8.200 host 71.125.24.66 eq tftp
access-list 111 permit udp host 172.18.8.200 host 172.18.8.66 eq tftp
access-list 111 permit udp host 192.168.2.200 host 71.125.24.66 eq tftp
access-list 111 permit udp host 192.168.2.200 host 172.18.8.66 eq tftp
access-list 111 permit tcp host 172.18.8.200 host 71.125.24.66 range 22
telnet
access-list 111 permit tcp host 192.168.2.200 host 172.18.8.66 range 22
telnet
access-list 111 permit icmp 192.168.2.0 0.0.0.255 host 172.18.8.66
access-list 111 remark * DENY OTHER TRAFFIC TO ROUTERS
access-list 111 deny ip any host 63.251.25.66 log-input
access-list 111 deny ip any host 63.251.25.67 log-input
access-list 111 deny ip any host 63.251.25.65 log-input
access-list 111 deny ip any host 172.18.8.2 log-input
access-list 111 deny ip any host 172.18.8.3 log-input
access-list 111 remark * ALLOW ALL OTHER TRAFFIC
access-list 111 permit ip any any
access-list 131 permit ip any any
access-list 131 remark * ICMP rules
access-list 131 permit icmp any 0.0.0.66 255.255.255.0 echo
access-list 131 permit icmp any 0.0.0.66 255.255.255.0 echo-reply
access-list 131 permit icmp any 0.0.0.66 255.255.255.0
administratively-prohibited
access-list 131 permit icmp any 0.0.0.66 255.255.255.0 packet-too-big
access-list 131 permit icmp any 63.251.25.64 0.0.0.31 traceroute
access-list 131 permit icmp any 0.0.0.66 255.255.255.0 unreachable
access-list 131 permit icmp any 0.0.0.66 255.255.255.0 time-exceeded
access-list 131 deny ip any any log-input
access-list 151 remark * Peter Home
access-list 151 permit ip host 66.B.C.62 any
access-list 151 remark * GLOBAL INBOUND RULES
access-list 151 remark * ANTI-SPOOFING RULES
access-list 151 deny ip host 0.0.0.0 any log-input
access-list 151 deny ip 10.0.0.0 0.255.255.255 any log-input
access-list 151 deny ip 172.16.0.0 0.15.255.255 any log-input
access-list 151 deny ip 192.168.0.0 0.0.255.255 any log-input
access-list 151 deny ip host 255.255.255.255 any log-input
access-list 151 deny ip 0.0.0.66 255.255.255.0 any log-input
access-list 151 remark * ICMP rules
access-list 151 permit icmp any 0.0.0.66 255.255.255.0 echo
access-list 151 permit icmp any 0.0.0.66 255.255.255.0 echo-reply
access-list 151 permit icmp any 0.0.0.66 255.255.255.0
administratively-prohibited
access-list 151 permit icmp any 0.0.0.66 255.255.255.0 packet-too-big
access-list 151 permit icmp any 63.251.25.64 0.0.0.31 traceroute
access-list 151 permit icmp any 0.0.0.66 255.255.255.0 unreachable
access-list 151 permit icmp any 0.0.0.66 255.255.255.0 time-exceeded
access-list 151 deny ip any any log-input
no cdp run
================================================== =========
CT_Router1#s arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 71.125.24.1 0 0090.1a41.03ea ARPA
FastEthernet0/0
Internet 71.125.24.6 239 0090.1a41.03ea ARPA
FastEthernet0/0
Internet 71.125.24.66 - 0030.94d3.a280 ARPA
FastEthernet0/0
Internet 192.168.30.1 - 0030.94d3.a288 ARPA
Ethernet1/0
Internet 172.18.8.66 - 0030.94d3.a281 ARPA
FastEthernet0/1
================================================== =========
CT_Router1#s route

CT_Router1#s ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B -
BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate
default
U - per-user static route, o - ODR, P - periodic downloaded
static route
T - traffic engineered route

Gateway of last resort is 71.125.24.6 to network 0.0.0.0

71.0.0.0/24 is subnetted, 1 subnets
C 71.125.24.0 is directly connected, FastEthernet0/0
C 192.168.40.0/24 is directly connected, Loopback0
C 172.18.0.0/16 is directly connected, FastEthernet0/1
S 192.168.2.0/24 [1/0] via 172.18.8.200
S* 0.0.0.0/0 [1/0] via 71.125.24.6
================================================== =========
CT_Switch1#s config

version 12.0

hostname CT_Switch1
!
ip subnet-zero
!
interface FastEthernet0/1 * ALL INTERFACES ARE CONFIGURED THE SAME
!
interface VLAN1
ip address 192.168.2.230 255.255.255.0
!
interface VLAN10
description INSIDE Interface 192.168.10.0
shutdown
!
interface VLAN20
description OUTSIDE Interface to Test NLB 192.168.20.0
shutdown
!
ip default-gateway 192.168.2.1
================================================== =========
CT_Switch1#s arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.2.1 115 0030.bd9d.1b10 ARPA VLAN1
Internet 192.168.2.230 - 0006.287f.e040 ARPA VLAN1
Internet 192.168.2.203 1 0007.e911.4c7a ARPA VLAN1
Internet 192.168.2.200 30 0009.6bf1.d4a9 ARPA VLAN1
================================================== =========
SERVER(S) CONFIG
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\war>cd \

C:\>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : INCTWPD02
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Intel-Upper (192.168.2.203) Server Adapter #2:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Dual Port
Server Adapter #2
Physical Address. . . . . . . . . : 00-07-E9-11-4C-7A
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.2.203
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.2.1
DNS Servers . . . . . . . . . . . : 192.168.2.1

Ethernet adapter Intel-Lower (192.168.2.201) Server Adapter:

Media State . . . . . . . . . . . : Media disconnected
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Dual Port
Server Adapter
Physical Address. . . . . . . . . : 00-07-E9-11-4C-7B

Ethernet adapter IBM-Left (192.168.2.202) Network Adapter:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Dual Port
Network Connection
Physical Address. . . . . . . . . : 00-09-6B-F1-D4-A8
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.2.202
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.2.1
DNS Servers . . . . . . . . . . . : 192.168.2.1

Ethernet adapter IBM-Right (192.168.2.200) Network Adapter #2:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Dual Port
Network Connection #2
Physical Address. . . . . . . . . : 00-09-6B-F1-D4-A9
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 172.18.8.200
Subnet Mask . . . . . . . . . . . : 255.255.0.0
IP Address. . . . . . . . . . . . : 192.168.2.200
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.2.1
DNS Servers . . . . . . . . . . . : 192.168.2.1

 
Reply With Quote
 
 
 
 
war_wheelan@yahoo.com
Guest
Posts: n/a
 
      12-14-2005
PLEASE DISREGARD - I FIGURED IT OUT

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Can ping from router but unable to ping from client machines verve13 Software 0 09-06-2012 11:25 PM
I can ping the router but router can't ping me superkingkong Cisco 2 04-17-2010 01:59 PM
FWSM/PIX and Dynamic PAT using global IP range vs. global interface vs. global IP Hoffa Cisco 1 10-25-2006 06:50 PM
FWSM/PIX and Dynamic PAT using global IP range vs. global interface vs. global IP Hoffa Cisco 0 10-25-2006 01:04 PM
Redirect Internal IP to Different Internal IP on Same Subnet & Interface EG Cisco 5 12-30-2004 02:10 AM



Advertisments