Setting up a router with 29 Global IPs, BUT can't ping router internal interface from server or serv

Discussion in 'Cisco' started by war_wheelan@yahoo.com, Dec 11, 2005.

  1. Guest

    I just ordered FIOS from Verizon and received 29 distinct IP addresses.
    I have a Cisco 2600 with 4 interfaces (FE 0/0, FE 0/1, Eth 1/0 and
    Serial 1/0., but only the FastEthernet interfaces are configured. I
    configured interface FE 0/0 with the global IP address 71.B.C.66 /24
    and interface FE 0/1 with the reserved IP address of 172.18.8.66/16.

    The router is connected to a Cisco 3500 switch as are the servers. The
    routers default gateway is 71.B.C.6 and I can ping out to the Internet.
    The switch has three VLANs defined, but all of the ports are part of
    VLAN 1. The switche's default gateway is the same as the server(s)
    192.168.2.1.

    When connected to the router's console port, I can ping the Internet
    but I can't ping the internal network. The oppsite is true for the
    switch the switch can ping the internal network, but not the internal
    interface of the router. The switches and servers arp tables don't
    reference the routers internal network. Also the router acknowledges
    that it is directly connected to the internal subnet 172.18..0.0/16.

    I have attached the following files for reference - router's 'show
    config', 'show ip route' and 'show arp, switches 'show config' and
    'show arp' and the server's 'config /all' and 'netstat -r'.

    Lastly, I can ping the router's external interface from the server(s).
    Yet if I tracert to it the trace goes out the 192.168.2.1 server
    default gateway and out over the Internel even though I have a
    persistent route pointing to the 172.18.0.0 network on the server(s)

    Router, Switch and Server Configuration Files

    ===========================================================
    CT_Router1#s config

    version 12.0

    hostname CT_Router1

    clock timezone EDT -5
    clock summer-time EDT recurring
    ip subnet-zero
    no ip source-route
    no ip finger
    no ip domain-lookup
    ip domain-name fake.net
    ip name-server 151.202.0.84
    ip name-server 151.198.0.38
    !

    interface FastEthernet0/0
    description INTERNET FACING INTERFACE
    ip address 71.B.C .66 255.255.255.0
    ip access-group 151 in
    no ip directed-broadcast
    full-duplex
    no cdp enable
    !
    interface FastEthernet0/1
    description INTERNAL INTERFACE VLAN 10
    ip address 172.18.8.66 255.255.0.0
    ip access-group 111 in
    no ip redirects
    no ip directed-broadcast
    no cdp enable
    !
    interface Ethernet1/0 NOT Connected
    !
    ip classless
    ip route 0.0.0.0 0.0.0.0 71.125.24.6
    ip route 192.168.2.0 255.255.255.0 172.18.8.200 * This is the server's
    address
    !
    access-list 111 remark *** INDSIDE INTERFACE (FA 0/1 172.18.8.66/16)
    ***
    access-list 111 remark * ALLOW SPECIFIC TRAFFIC TO ROUTERS
    access-list 111 permit icmp 172.18.0.0 0.0.255.255 host 71.124.25.66
    access-list 111 permit icmp 172.18.0.0 0.0.255.255 host 172.18.8.66
    access-list 111 permit udp host 172.18.8.200 host 71.125.24.66 eq tftp
    access-list 111 permit udp host 172.18.8.200 host 172.18.8.66 eq tftp
    access-list 111 permit udp host 192.168.2.200 host 71.125.24.66 eq tftp
    access-list 111 permit udp host 192.168.2.200 host 172.18.8.66 eq tftp
    access-list 111 permit tcp host 172.18.8.200 host 71.125.24.66 range 22
    telnet
    access-list 111 permit tcp host 192.168.2.200 host 172.18.8.66 range 22
    telnet
    access-list 111 permit icmp 192.168.2.0 0.0.0.255 host 172.18.8.66
    access-list 111 remark * DENY OTHER TRAFFIC TO ROUTERS
    access-list 111 deny ip any host 63.251.25.66 log-input
    access-list 111 deny ip any host 63.251.25.67 log-input
    access-list 111 deny ip any host 63.251.25.65 log-input
    access-list 111 deny ip any host 172.18.8.2 log-input
    access-list 111 deny ip any host 172.18.8.3 log-input
    access-list 111 remark * ALLOW ALL OTHER TRAFFIC
    access-list 111 permit ip any any
    access-list 131 permit ip any any
    access-list 131 remark * ICMP rules
    access-list 131 permit icmp any 0.0.0.66 255.255.255.0 echo
    access-list 131 permit icmp any 0.0.0.66 255.255.255.0 echo-reply
    access-list 131 permit icmp any 0.0.0.66 255.255.255.0
    administratively-prohibited
    access-list 131 permit icmp any 0.0.0.66 255.255.255.0 packet-too-big
    access-list 131 permit icmp any 63.251.25.64 0.0.0.31 traceroute
    access-list 131 permit icmp any 0.0.0.66 255.255.255.0 unreachable
    access-list 131 permit icmp any 0.0.0.66 255.255.255.0 time-exceeded
    access-list 131 deny ip any any log-input
    access-list 151 remark * Peter Home
    access-list 151 permit ip host 66.B.C.62 any
    access-list 151 remark * GLOBAL INBOUND RULES
    access-list 151 remark * ANTI-SPOOFING RULES
    access-list 151 deny ip host 0.0.0.0 any log-input
    access-list 151 deny ip 10.0.0.0 0.255.255.255 any log-input
    access-list 151 deny ip 172.16.0.0 0.15.255.255 any log-input
    access-list 151 deny ip 192.168.0.0 0.0.255.255 any log-input
    access-list 151 deny ip host 255.255.255.255 any log-input
    access-list 151 deny ip 0.0.0.66 255.255.255.0 any log-input
    access-list 151 remark * ICMP rules
    access-list 151 permit icmp any 0.0.0.66 255.255.255.0 echo
    access-list 151 permit icmp any 0.0.0.66 255.255.255.0 echo-reply
    access-list 151 permit icmp any 0.0.0.66 255.255.255.0
    administratively-prohibited
    access-list 151 permit icmp any 0.0.0.66 255.255.255.0 packet-too-big
    access-list 151 permit icmp any 63.251.25.64 0.0.0.31 traceroute
    access-list 151 permit icmp any 0.0.0.66 255.255.255.0 unreachable
    access-list 151 permit icmp any 0.0.0.66 255.255.255.0 time-exceeded
    access-list 151 deny ip any any log-input
    no cdp run
    ===========================================================
    CT_Router1#s arp
    Protocol Address Age (min) Hardware Addr Type Interface
    Internet 71.125.24.1 0 0090.1a41.03ea ARPA
    FastEthernet0/0
    Internet 71.125.24.6 239 0090.1a41.03ea ARPA
    FastEthernet0/0
    Internet 71.125.24.66 - 0030.94d3.a280 ARPA
    FastEthernet0/0
    Internet 192.168.30.1 - 0030.94d3.a288 ARPA
    Ethernet1/0
    Internet 172.18.8.66 - 0030.94d3.a281 ARPA
    FastEthernet0/1
    ===========================================================
    CT_Router1#s route

    CT_Router1#s ip route
    Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B -
    BGP
    D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
    N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
    E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
    i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate
    default
    U - per-user static route, o - ODR, P - periodic downloaded
    static route
    T - traffic engineered route

    Gateway of last resort is 71.125.24.6 to network 0.0.0.0

    71.0.0.0/24 is subnetted, 1 subnets
    C 71.125.24.0 is directly connected, FastEthernet0/0
    C 192.168.40.0/24 is directly connected, Loopback0
    C 172.18.0.0/16 is directly connected, FastEthernet0/1
    S 192.168.2.0/24 [1/0] via 172.18.8.200
    S* 0.0.0.0/0 [1/0] via 71.125.24.6
    ===========================================================
    CT_Switch1#s config

    version 12.0

    hostname CT_Switch1
    !
    ip subnet-zero
    !
    interface FastEthernet0/1 * ALL INTERFACES ARE CONFIGURED THE SAME
    !
    interface VLAN1
    ip address 192.168.2.230 255.255.255.0
    !
    interface VLAN10
    description INSIDE Interface 192.168.10.0
    shutdown
    !
    interface VLAN20
    description OUTSIDE Interface to Test NLB 192.168.20.0
    shutdown
    !
    ip default-gateway 192.168.2.1
    ===========================================================
    CT_Switch1#s arp
    Protocol Address Age (min) Hardware Addr Type Interface
    Internet 192.168.2.1 115 0030.bd9d.1b10 ARPA VLAN1
    Internet 192.168.2.230 - 0006.287f.e040 ARPA VLAN1
    Internet 192.168.2.203 1 0007.e911.4c7a ARPA VLAN1
    Internet 192.168.2.200 30 0009.6bf1.d4a9 ARPA VLAN1
    ===========================================================
    SERVER(S) CONFIG
    Microsoft Windows [Version 5.2.3790]
    (C) Copyright 1985-2003 Microsoft Corp.

    C:\Documents and Settings\war>cd \

    C:\>ipconfig /all

    Windows IP Configuration

    Host Name . . . . . . . . . . . . : INCTWPD02
    Primary Dns Suffix . . . . . . . :
    Node Type . . . . . . . . . . . . : Unknown
    IP Routing Enabled. . . . . . . . : Yes
    WINS Proxy Enabled. . . . . . . . : No

    Ethernet adapter Intel-Upper (192.168.2.203) Server Adapter #2:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Dual Port
    Server Adapter #2
    Physical Address. . . . . . . . . : 00-07-E9-11-4C-7A
    DHCP Enabled. . . . . . . . . . . : No
    IP Address. . . . . . . . . . . . : 192.168.2.203
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . : 192.168.2.1
    DNS Servers . . . . . . . . . . . : 192.168.2.1

    Ethernet adapter Intel-Lower (192.168.2.201) Server Adapter:

    Media State . . . . . . . . . . . : Media disconnected
    Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Dual Port
    Server Adapter
    Physical Address. . . . . . . . . : 00-07-E9-11-4C-7B

    Ethernet adapter IBM-Left (192.168.2.202) Network Adapter:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Dual Port
    Network Connection
    Physical Address. . . . . . . . . : 00-09-6B-F1-D4-A8
    DHCP Enabled. . . . . . . . . . . : No
    IP Address. . . . . . . . . . . . : 192.168.2.202
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . : 192.168.2.1
    DNS Servers . . . . . . . . . . . : 192.168.2.1

    Ethernet adapter IBM-Right (192.168.2.200) Network Adapter #2:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Dual Port
    Network Connection #2
    Physical Address. . . . . . . . . : 00-09-6B-F1-D4-A9
    DHCP Enabled. . . . . . . . . . . : No
    IP Address. . . . . . . . . . . . : 172.18.8.200
    Subnet Mask . . . . . . . . . . . : 255.255.0.0
    IP Address. . . . . . . . . . . . : 192.168.2.200
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . : 192.168.2.1
    DNS Servers . . . . . . . . . . . : 192.168.2.1
    , Dec 11, 2005
    #1
    1. Advertising

  2. Guest

    PLEASE DISREGARD - I FIGURED IT OUT
    , Dec 14, 2005
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Hoffa
    Replies:
    0
    Views:
    673
    Hoffa
    Oct 25, 2006
  2. Hoffa
    Replies:
    1
    Views:
    1,424
    Walter Roberson
    Oct 25, 2006
  3. =?Utf-8?B?U3VibWl0MnM=?=

    Can't print multiple copies in XP but can in 2000 on a client/serv

    =?Utf-8?B?U3VibWl0MnM=?=, Apr 17, 2007, in forum: Windows 64bit
    Replies:
    1
    Views:
    747
  4. Harvey Colwell
    Replies:
    2
    Views:
    6,443
    Giday
    Mar 30, 2008
  5. superkingkong
    Replies:
    2
    Views:
    1,772
    superkingkong
    Apr 17, 2010
Loading...

Share This Page