Trace route problem
abc>traceroute 10.46.5.12
Type escape sequence to abort.
Tracing the route to 10.46.5.12
1 10.46.0.34 0 msec 12 msec 0 msec
2 10.46.0.5 4 msec 0 msec 0 msec
3 10.46.0.5 !H !H *
Does anyone know what is the meaning of !H !H * ?
It indicates 10.46.0.5 doesn't not have a route to the host, 10.46.5.12.
Check out the link below for traceroute error messages.
http://www.cisco.com/en/US/products/hw/switches/ps708/products_command_reference_chapter09186a0080568c3b.html#wp1038728
HTH
Sundar
Similar Messages
-
Mysterious routing problem / interface determination
Hi,
I have a very very strange routing problem with XI.
A message is sent from R/3 to XI and then send via adapter to an external party. The routing is configured well. But sometimes I have the following problem:
A message is received by XI (from R/3). The receiver is determinated. Although an interface determination and receiver agreement is configured, the trace shows "no interface determination fpr party xyz and service abc found". The very strange thing is that finally the receiver interface DELINS.DELFOR01 with namespace urn:sap-com:document:sap:idoc:messages is set!!
Finally, the error message is "no receiver agreement found for "... DELINS.DELFOR01, urn:sap-com:document:sap:idoc:messages", which is reasonable because this receiver interface has never ever been configured!
Any idea why the interface determination cannot be found and nevertheless a completely wrong receiver interface is set?
This error occurs just sometimes for certain partners, but not always with all messages for these partners!
Help appreciated!
ChristopherHi,
all routing objects are 100% correct. Particularly the receiver service has definitely no DELINS.DELFOR01 interface, but nevertheless the Integration Runtime tries to send the message to this interface. Another strange thing is that in the trace there is the warning "no interface determination for party xxx and service xxx found".
By the way: The Receiver Determination was configured to terminate message processing when no receiver can be found.
CHRIS -
TV Guide fails - router problem?
When the guide failed on our main TV is the family room, I tried trouble-shooting it -- no luck. Then I "chatted" online with Verizon's "Raul" for two hours, trying everything he asked, including swapping the box with the one in the bedroom -- Raul thought it was the biox and gave me an 800 number to call to get a swap in boxes. However, before the weekend is over, all but one TV has the same problem. Right now, we get the guide on one TV and no guide on four TVs.
I've worked on this all day so far today. Verizon's In-Home Agent reports that none of the TVs have connectivity with the router. So I've concentrated on that, I've unplugged the router and the boxes, reset the router, accessed the router's control panel to see it seems to be working well. The only thing I can see wrong is this: The router's "WAN Ethernet" light stays dark, though its "WAN Coax" light stays lit. I wonder if this could be the problem; and, if so, how could I fix that?
One thing worries me about a router problem, though: Why would I still have the guide on one of the six TVs?
Anyone have a clue if I'm on the right track?
Thanks,
GeorgeYes, sounds like a router problem.
The STB has to download the program guide via the router. Each box should download 10 days worth of programing. So when the router goes out it could take as much as 10 days before the guide disappears. So the one box that still has the guide, was the last one to update and had more guide data stored than the others. It will go as well just given time.
If you have rebooted and reset the router, then the problem is either you have a bad router or possibly a bad splitter. Either way, you need to call tech support so they can get a tech out.
====================================================================================
Error exists between keyboard and chair. -
Router problems how can I connect direct
I am continually having router problems from my service provider. How can i connect my printer directly to my computer? Thanks
Hi,
You need a printer which supports this first and then use the following instructions:
http://www8.hp.com/au/en/campaigns/wireless-printing-center/wireless-direct.html
Regards.
BH
**Click the KUDOS thumb up on the left to say 'Thanks'**
Make it easier for other people to find solutions by marking a Reply 'Accept as Solution' if it solves your problem. -
I got an Apple TV which works great with my wireless Airport WDS, but then I was looking into any problems people could be having with it and ran into this:
http://discussions.apple.com/thread.jspa?threadID=901401&tstart=0
Check the third party router problems where Airports worked great.
Networking is ...networking, but you also get what you pay for.Hi mgrant,
The information at the bottem of the article in in Keith_Beddoe's personal website may help. Link: Using your own router for Infinity
The MTU Size needs to be set as 1492
Cheers
jac_95 | BT.com Help Site | BT Service Status
Someone Solved Your Question?
Please let other members know by clicking on ’Mark as Accepted Solution’
Try a Search
See if someone in the community had the same problem and how they got it resolved. -
ASA 5525 firewall Trace Route.
Hi,
We are Having ASA 5525 firewall and Whenever I am performing traceroute passing through the firewall and i am not getting any hop count after firewall( Firewall IP is also not shwoing in Trace Route.
ICMP I had allowed and also configure ICMP in the Policy_Map global Policy.
PLease help me to resolve this issue.
Regards,
DheerajHi Dheeraj,
firewall blocks Traceroute as doesnt decrements the TTL value by default. You would need the following to enable the same:
Make the Firewall Show Up in a Traceroute in ASA/PIX
ciscoasa(config)#class-map class-default
ciscoasa(config)#match any
!--- This class-map exists by default.
ciscoasa(config)#policy-map global_policy
!--- This Policy-map exists by default.
ciscoasa(config-pmap)#class class-default
!--- Add another class-map to this policy.
ciscoasa(config-pmap-c)#set connection decrement-ttl
!--- Decrement the IP TTL field for packets traversing the firewall.
!--- By default, the TTL is not decrement hiding (somewhat) the firewall.
ciscoasa(config-pmap-c)#exit
ciscoasa(config-pmap)#exit
ciscoasa(config)#service-policy global_policy global
!--- This service-policy exists by default.
WARNING: Policy map global_policy is already configured as a service policy
ciscoasa(config)#icmp unreachable rate-limit 10 burst-size 5
!--- Adjust ICMP unreachable replies:
!--- The default is rate-limit 1 burst-size 1.
!--- The default will result in timeouts for the ASA hop:
Cheers,
Naveen -
How to hide trace route layer 3 hop?
My set up is MPLS router--- Internet edge-------ISP
I am advertising public ip prefix from MPLS to internet edge and then to ISP
when i trace route from internet to the public prefix i advertised, i am seeing the MPLS private IP which is expected.
Basically i wanted to hide this from the trace route results i.e, when the user tries to trace route to the public ip from the internet he should NOT see the private ip at all. "no icmp unreahcable" might give a * result in the trace route last hop but i wanted hide it .. is it possible?Hi,
Traceroutes takes into account the TTL value, be it MPLS packet or IP packet.
on the edge of the IP & MPLS network , TTL field get copied from one to another & the traceroute works properly. But "no mpls ip propagate-ttl" can diable this automatic copying the TTL value field. Hence, your traceroute will drop on edge/boundary, this generally done by ISP to hide their ip address from the traceroute path.
mpls ip propagate-ttl
To control the generation of the time-to-live (TTL) field in the Multiprotocol Label Switching (MPLS) header when labels are first added to an IP packet, use the mpls ip propagate-ttl command in global configuration mode. To use a fixed TTL value (255) for the first label of the IP packet, use the no form of this command.
mpls ip propagate-ttl
no mpls ip propagate-ttl [forwarded | local]
The Traceroute Command in MPLS
http://www.cisco.com/c/en/us/support/docs/multiprotocol-label-switching-mpls/mpls/26585-mpls-traceroute.html
- Ashok
Please rate the post or mark as correct answer as it will help others looking for similar information -
Trace Route Doesn't Return DNS Name
I changed from a Linksys E4200 to a 5505 and when I use trace route, it doesn't return a DNS name for each hop. I can see the hops shown as asterisks. Do I have to add something to inspect for this to work?
Hi,
You could try the following. (Depending if your "policy-map" configuration is as its default settings)
policy-map global_policy
class inspection_default
inspect icmp error
inspect icmp
Then you could add the following to your ACL attached to your "outside" interface or configure a new ACL to your "outside" interface if it doesnt yet exist
access-list OUTSIDE-IN remark Allow ICMP return messages
access-list OUTSIDE-IN permit icmp any any unreachable
access-list OUTSIDE-IN permit icmp any any time-exceeded
access-list OUTSIDE-IN permit icmp any any echo-reply
access-group OUTSIDE-IN in interface outside
You will naturally use the existing ACL if you have one. If no ACL exists you can use the above configuration as it is.
Hope this helps
Please remember to mark the reply as the correct answer if it answered your question.
Ask more if needed
- Jouni -
E2000 + WAG160N routing problem?
Hi all,
I have a new E2000 router with address 192.168.0.1 connected to a WAG160N Modem router with address 192.168.1.1
and several computers at each router. All have DHCP activated and wifi active and working.
The cascading connection between both devices seems working well only in one direction.
All seems ok as I can access to internet from any computer. Also, computers connected to E2000 have accces
to computers on WAG160N modem BUT computers connected at modem do NOT have access to computer at router.
In fact from a computer connected to the E2000 I can configure the web interface of the E2000 and also the WAG160N
but from a computers connected at WAG160N I have access only to this interface but not to the E2000 interface.
I don't know if could be a routing problem. Any help will be appreciated.
Thanks in advance,
MartiThe E2000 is configured to do NAT and thus protects the LAN from the internet side. If it was easily accessible your WAG LAN would be easily accessible from the internet.
You want to set up the E2000 as simple access point:
Unplug the E2000 from the WAG160N and open the web interface of the E2000 from a computer wired to the E2000.
On the main setup page
1. change the internet connection type to Automatic/DHCP (in case you have changed it).
2. change the LAN IP address from 192.168.0.1 to 192.168.1.2.
3. Disable the DHCP server.
4. Save settings.
Unplug the computer.
Now wire one of the numbered LAN ports of the E2000 to the WAG160N. Don't use the internet port on the E2000.
That's the best setup you can do with your two routers... The E2000 is only used as simple access point and ethernet switch. -
Hi all, I am new to this forum and also new to Archlinux. I have been using SuSE for 4 years and learned how to use that gui. I never learned the grassroot of linux though. I completed the install on my TPad 600e without any problem at all. I am using a old orinoco gold that has been my standby forever. I have googled and searched this forum for several hours and tried all the suggestions I came across. My problem seems to be the same as many others have had. I had originally thought it was a route problem, but the output or netstat -nr is exactly the same as the output on my SuSE computer. I am not good with words, but let me try a description.
I cannot connect to my home lan at all. I have assigned a static ip and the output of iwconfig verifies that it is correct as I have assigned. When I try to ping my router the system returns the famous "Destination Host Unreachable" As mentioned I have tried to setup my default gateway and it is identical to the the output from my SuSE computer. When I try a dhcp setup and do a network restart the restart always fails. I have gone over and over my conf files looking for a fatfinger mistake but all looks exactly the way the examples I have searched up and I cannot see any typos. I would like to get this figured out for myself but I am out of clues on where to look and would appreciate new ideas.
It is as if there is a firewall in place, but this is a straight from the CD basic install to which I have installe the network section.
I really need to be pointed in a new direction.
Davidralvez wrote:Here ... my IP is 192.168.1.21 try to reach me
Gotcha!
PING 192.168.1.21 (192.168.1.21) 56(84) bytes of data.
64 bytes from 192.168.1.21: icmp_seq=1 ttl=64 time=5.21 ms
64 bytes from 192.168.1.21: icmp_seq=2 ttl=64 time=3.62 ms
64 bytes from 192.168.1.21: icmp_seq=3 ttl=64 time=7.20 ms
64 bytes from 192.168.1.21: icmp_seq=4 ttl=64 time=4.03 ms
64 bytes from 192.168.1.21: icmp_seq=5 ttl=64 time=5.38 ms
64 bytes from 192.168.1.21: icmp_seq=6 ttl=64 time=5.31 ms
64 bytes from 192.168.1.21: icmp_seq=7 ttl=64 time=5.33 ms
64 bytes from 192.168.1.21: icmp_seq=8 ttl=64 time=5.31 ms
64 bytes from 192.168.1.21: icmp_seq=9 ttl=64 time=4.83 ms
64 bytes from 192.168.1.21: icmp_seq=10 ttl=64 time=4.84 ms
64 bytes from 192.168.1.21: icmp_seq=11 ttl=64 time=4.12 ms
64 bytes from 192.168.1.21: icmp_seq=12 ttl=64 time=8.28 ms
64 bytes from 192.168.1.21: icmp_seq=13 ttl=64 time=5.25 ms
64 bytes from 192.168.1.21: icmp_seq=14 ttl=64 time=5.24 ms
64 bytes from 192.168.1.21: icmp_seq=15 ttl=64 time=4.21 ms
64 bytes from 192.168.1.21: icmp_seq=16 ttl=64 time=5.20 ms
64 bytes from 192.168.1.21: icmp_seq=17 ttl=64 time=4.19 ms
64 bytes from 192.168.1.21: icmp_seq=18 ttl=64 time=6.17 ms
--- 192.168.1.21 ping statistics ---
18 packets transmitted, 18 received, 0% packet loss, time 17096ms
rtt min/avg/max/mdev = 3.624/5.212/8.288/1.101 ms
OK - fun's over. Spotslayer, can you post the output of ifconfig and iwconfig? (and don't mind ralvez - hide anything you want ) -
I just replaced a FreeBSD box with Solaris 10 x86 U5.
I want my Windows boxes to reach internet thru Solaris. At the moment windows clients are able to ping both NICs on the Solaris. However, they can not ping default gateway of Solaris box. There is no problem on Solaris. I can reach internet without any problem.
Before posting, I used routeadm and (1) I enabled only ipv4-forwarding (did not work), (2) I enabled only ipv4-routing (did not work), (3) I enabled both ipv4-forwarding & ipv4-routing (did not help)
I also read about 5 pages of similar routing problems in forums. No clear solution is provided in any of them. I am posting this with the hope to find a solution.
Some information about my network is as follows:
bash-3.00# ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
bge0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 192.168.2.2 netmask ffffff00 broadcast 192.168.2.255
ether 0:1c:c4:31:5:fd
e1000g0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 3
inet 192.168.1.3 netmask ffffff00 broadcast 192.168.1.255
ether 0:1b:21:15:15:29
bash-3.00#
bash-3.00# netstat -rn
Routing Table: IPv4
Destination Gateway Flags Ref Use Interface
default 192.168.2.1 UG 1 15658
192.168.1.0 192.168.1.3 U 1 177 e1000g0
192.168.2.0 192.168.2.2 U 1 8 bge0
127.0.0.1 127.0.0.1 UH 4 58 lo0
bash-3.00#
bash-3.00# routeadm
Configuration Current Current
Option Configuration System State
IPv4 routing disabled disabled
IPv6 routing disabled disabled
IPv4 forwarding disabled disabled
IPv6 forwarding disabled disabled
Routing services "route:default ripng:default"
Routing daemons:
STATE FMRI
disabled svc:/network/routing/legacy-routing:ipv4
disabled svc:/network/routing/legacy-routing:ipv6
disabled svc:/network/routing/ndp:default
disabled svc:/network/routing/zebra:quagga
disabled svc:/network/routing/rip:quagga
disabled svc:/network/routing/ripng:default
disabled svc:/network/routing/ripng:quagga
disabled svc:/network/routing/ospf:quagga
disabled svc:/network/routing/ospf6:quagga
disabled svc:/network/routing/bgp:quagga
disabled svc:/network/routing/rdisc:default
disabled svc:/network/routing/route:default
bash-3.00#
bash-3.00# ndd -get /dev/ip ip_forwarding
0
bash-3.00#kucukoglu wrote:
I just replaced a FreeBSD box with Solaris 10 x86 U5.
I want my Windows boxes to reach internet thru Solaris. At the moment windows clients are able to ping both NICs on the Solaris. However, they can not ping default gateway of Solaris box. There is no problem on Solaris. I can reach internet without any problem.Does the outside world know how to route to the clients behind Solaris? I'll bet they do not.
If that's true, then routing/forwarding isn't useful. You'll have to set up the Solaris box as a NAT gateway instead. Ipfilter can do that. There are several cookbooks for it.
Before posting, I used routeadm and (1) I enabled only ipv4-forwarding (did not work), (2) I enabled only ipv4-routing (did not work), (3) I enabled both ipv4-forwarding & ipv4-routing (did not help)
I also read about 5 pages of similar routing problems in forums. No clear solution is provided in any of them. I am posting this with the hope to find a solution.Your solution is fine for outbound packets (the clients use Solaris as a gateway and then it forwards them on to the internet). But for the return packet, that's not possible. There's no route published.
Darren -
S2S VPN - ASA 5505 to ASA 5540 - Routing Problems
I'm a software developer (no doubt the issue) trying to setup my remote office (5505) to the main office (5540). No problem getting the S2S VPN up, but I definitely have problems with the routing. Using tracert, it shows it going into the remote network for a couple of hops, but then timing out. Packet tracer shows everything is fine. Using my client VPN credentials to the remote network, same on the return path...does a few hops, then gets lost. I've stripped down the config to the basics and ensured it isn't security settings on both ends, but still doesn't work. I've spent A LOT of hours trying to get this to work, so thanks for any assistance!
Current running config:
ASA Version 8.2(5)
hostname asa15
enable password XXXXX encrypted
passwd XXXXX encrypted
names
name 10.0.0.0 remote-network
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 172.16.5.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address dhcp setroute
ftp mode passive
access-list outside_1_cryptomap extended permit ip 172.16.5.0 255.255.255.0 remote-network 255.0.0.0
access-list inside_nat0_outbound extended permit ip 172.16.5.0 255.255.255.0 remote-network 255.0.0.0
access-list inside_access_in extended permit ip 172.16.5.0 255.255.255.0 remote-network 255.0.0.0
access-list inside_nat0_outbound_1 extended permit ip 172.16.5.0 255.255.255.0 remote-network 255.0.0.0
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu inside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm location remote-network 255.0.0.0 inside
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound_1
nat (inside) 1 0.0.0.0 0.0.0.0
access-group inside_access_in in interface inside
route outside 0.0.0.0 0.0.0.0 99.X.X.7 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 172.16.5.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec security-association lifetime seconds 3600
crypto ipsec security-association lifetime kilobytes 4608000
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set peer 99.X.X.7
crypto map outside_map 1 set transform-set ESP-AES-128-SHA
crypto map outside_map 1 set reverse-route
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption aes
hash sha
group 2
lifetime 28800
vpn-addr-assign local reuse-delay 5
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
dhcpd address 172.16.5.100-172.16.5.130 inside
dhcpd auto_config outside interface inside
dhcpd enable inside
threat-detection basic-threat
threat-detection statistics access-list
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
webvpn
tunnel-group 99.X.X.7 type ipsec-l2l
tunnel-group 99.X.X.7 ipsec-attributes
pre-shared-key XXXXX
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
: endjust out of curiosity, why do you have
route outside 0.0.0.0 0.0.0.0 99.X.X.7 1
You already set your default route through DHCP setroute under the interface. this could be the issue.
If your VPN config is ok and you are seeing encaps/decaps, it is likely a routing issue.
Does the remote device have the correct default gateway?
May be a Natting issue if you have a one-way tunnel (usually send but no receive)...
Patrick -
Windows Server 2012 R2 Routing problem
Hello everybody
I have the following problem:
Server with two NICS, one (IP 172.30.8.X) it's configure with a default gateway (172.30.8.1), the other one (IP 172.30.32.X) doesn't have a default gateway and has a static route to reach another network (172.15.28.X)
Everything was worning fine, no reboots, no updates installed; suddenly the specified route for the second NIC is not working. When we try to reach the 172.15.28.X network, it goes thorugh the default gateway. Please your help.
We tried deleting the route and re-add it again, but doesn't work; also verified the TCP/IP configuration on all NICs everything it's ok.
Here's an output of the configured routes on the server:
C:\Windows\system32>route print
===========================================================================
Interface List
12...9c b6 54 88 49 a8 ......HP FlexFabric 10Gb 2-port 534FLB Adapter #54
13...9c b6 54 88 49 ac ......HP FlexFabric 10Gb 2-port 534FLB Adapter #55
15...02 78 b2 0e 8f c0 ......Microsoft Failover Cluster Virtual Adapter
1...........................Software Loopback Interface 1
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 172.30.8.1 172.30.8.107 266
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
169.254.0.0 255.255.0.0 On-link 169.254.4.217 261
169.254.4.217 255.255.255.255 On-link 169.254.4.217 261
169.254.255.255 255.255.255.255 On-link 169.254.4.217 261
172.15.28.0 255.255.254.0 172.30.32.1 172.30.8.107 11
172.30.8.0 255.255.254.0 On-link 172.30.8.107 266
172.30.8.107 255.255.255.255 On-link 172.30.8.107 266
172.30.9.255 255.255.255.255 On-link 172.30.8.107 266
172.30.32.0 255.255.254.0 On-link 172.30.32.20 266
172.30.32.20 255.255.255.255 On-link 172.30.32.20 266
172.30.33.255 255.255.255.255 On-link 172.30.32.20 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 169.254.4.217 261
224.0.0.0 240.0.0.0 On-link 172.30.8.107 266
224.0.0.0 240.0.0.0 On-link 172.30.32.20 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 169.254.4.217 261
255.255.255.255 255.255.255.255 On-link 172.30.8.107 266
255.255.255.255 255.255.255.255 On-link 172.30.32.20 266
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 172.30.8.1 Default
172.15.28.0 255.255.254.0 172.30.32.1 1
===========================================================================
Below is the output of a tracert:
C:\Windows\system32>tracert 172.15.28.20
Tracing route to 172.15.28.20 over a maximum of 30 hops
1 <1 ms <1 ms <1 ms 172.30.8.1
2 <1 ms <1 ms <1 ms 172.16.80.1
3 1 ms 1 ms 1 ms 10.11.17.193
Any idea is welcome, thanks in advance.
Regards. Cristian V.Hello Eve
Sorry for the delay, we opened a PSS case.
So far, the problems seems to be a misconfiguration on one of the devices.
This is the last output, as soon as we identify the issue and the problem, I'll let you know:
On server UIOMATRP-EXMB01 the route was added succesfully:
route add 172.30.32.0 mask 255.255.255.0 172.15.28.1
C:\Windows\system32>route add 172.30.32.0 mask 255.255.255.0 172.15.28.1
OK!
C:\Windows\system32>tracert 172.30.32.21
Tracing route to 172.30.32.21 over a maximum of 30 hops
1 5 ms 2 ms 2 ms 172.15.28.1
2 <1 ms <1 ms <1 ms 10.6.1.3
3 1 ms <1 ms <1 ms 10.5.1.3
4 1 ms 1 ms 1 ms 10.21.17.65
5 3 ms 5 ms 9 ms 10.201.21.22
6 9 ms 9 ms 8 ms 10.201.111.97
7 9 ms 19 ms 8 ms 10.11.17.193
8 8 ms 8 ms 8 ms 172.16.80.3
9 * * * Request timed out.
10 * * * Request timed out.
11 * ^C
C:\Windows\system32>route delete 172.30.32.0
OK!
C:\Windows\system32>tracert 172.30.32.21
Tracing route to 172.30.32.21 over a maximum of 30 hops
1 1 ms 1 ms 1 ms 172.15.4.1
2 <1 ms <1 ms <1 ms ^C
route add 172.30.32.0 mask 255.255.255.0 172.15.28.1 -p
OK!
C:\Windows\system32>tracert 172.30.32.21
Tracing route to 172.30.32.21 over a maximum of 30 hops
1 4 ms 2 ms 1 ms 172.15.28.1
2 <1 ms <1 ms <1 ms 10.6.1.3
3 1 ms <1 ms <1 ms 10.5.1.3
4 1 ms 1 ms <1 ms 10.21.17.65
5 5 ms 4 ms 9 ms 10.201.21.22
6 7 ms 7 ms 7 ms 10.116.41.197
7 9 ms 207 ms 9 ms 10.116.41.198
8 9 ms 8 ms 9 ms 10.11.17.194
9 9 ms * 10 ms 172.16.80.3
10 * * * Request timed out.
11 *
===========================================================================
Interface List
17...9c b6 54 93 fd d8 ......HP FlexFabric 10Gb 2-port 534FLB Adapter #76
16...9c b6 54 93 fd dc ......HP FlexFabric 10Gb 2-port 534FLB Adapter #77
15...02 fa 66 6d 81 b1 ......Microsoft Failover Cluster Virtual Adapter
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
14...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 172.15.4.1 172.15.5.38 266
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
169.254.0.0 255.255.0.0 On-link 169.254.1.233 261
169.254.1.233 255.255.255.255 On-link 169.254.1.233 261
169.254.255.255 255.255.255.255 On-link 169.254.1.233 261
172.15.4.0 255.255.254.0 On-link 172.15.5.38 266
172.15.5.38 255.255.255.255 On-link 172.15.5.38 266
172.15.5.255 255.255.255.255 On-link 172.15.5.38 266
172.15.28.0 255.255.254.0 On-link 172.15.28.20 266
172.15.28.20 255.255.255.255 On-link 172.15.28.20 266
172.15.29.255 255.255.255.255 On-link 172.15.28.20 266
172.30.32.0 255.255.255.0 172.15.28.1 172.15.28.20 11
---------------------------à route successfully applied
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 169.254.1.233 261
224.0.0.0 240.0.0.0 On-link 172.15.28.20 266
224.0.0.0 240.0.0.0 On-link 172.15.5.38 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 169.254.1.233 261
255.255.255.255 255.255.255.255 On-link 172.15.28.20 266
255.255.255.255 255.255.255.255 On-link 172.15.5.38 266
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 172.15.4.1 Default
172.30.32.0 255.255.255.0 172.15.28.1 1
===========================================================================
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
14 1010 2002::/16 On-link
14 266 2002:ac0f:526::ac0f:526/128
On-link
14 266 2002:ac0f:1c14::ac0f:1c14/128
On-link
15 261 fe80::/64 On-link
15 261 fe80::7439:c10d:c470:c569/128
On-link
1 306 ff00::/8 On-link
15 261 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
--- ARP
Interface: 169.254.1.233 --- 0xf
Internet Address Physical Address Type
169.254.255.255 ff-ff-ff-ff-ff-ff static
224.0.0.22 01-00-5e-00-00-16 static
224.0.0.252 01-00-5e-00-00-fc static
Interface: 172.15.5.38 --- 0x10
Internet Address Physical Address Type
172.15.4.1 00-08-e3-ff-fd-90 dynamic ---------------à
default gateway
172.15.4.41 00-50-56-88-50-71 dynamic
172.15.4.42 ac-16-2d-78-0c-5c dynamic
172.15.4.52 00-08-02-b0-49-17 dynamic
172.15.4.55 00-50-56-bd-72-f0 dynamic
172.15.4.56 00-50-56-ab-00-16 dynamic
172.15.5.33 00-50-56-88-11-4a dynamic
172.15.5.34 00-50-56-88-6d-14 dynamic
172.15.5.35 fc-15-b4-1c-05-20 dynamic
172.15.5.36 fc-15-b4-1c-34-a4 dynamic
172.15.5.39 f0-92-1c-02-c8-5c dynamic
172.15.5.41 fc-15-b4-1c-69-64 dynamic
172.15.5.255 ff-ff-ff-ff-ff-ff static
224.0.0.22 01-00-5e-00-00-16 static
224.0.0.252 01-00-5e-00-00-fc static
225.0.0.1 01-00-5e-00-00-01 static
Interface: 172.15.28.20 --- 0x11
Internet Address Physical Address Type
172.15.28.1 00-08-e3-ff-fd-90 dynamic
172.15.28.21 f0-92-1c-02-c8-58 dynamic
224.0.0.22 01-00-5e-00-00-16 static
224.0.0.252 01-00-5e-00-00-fc static
225.0.0.1 01-00-5e-00-00-01 static
Before, there was an error on routes applied on server UIOMATRP-EXMB01:
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 172.15.4.1 172.15.5.38 266
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
169.254.0.0 255.255.0.0 On-link 169.254.1.11 261
169.254.1.11 255.255.255.255 On-link 169.254.1.11 261
169.254.255.255 255.255.255.255 On-link 169.254.1.11 261
172.15.4.0 255.255.254.0 On-link 172.15.5.38 266
172.15.5.38 255.255.255.255 On-link 172.15.5.38 266
172.15.5.255 255.255.255.255 On-link 172.15.5.38 266
172.15.28.0 255.255.254.0 On-link 172.15.28.20 266
172.15.28.20 255.255.255.255 On-link 172.15.28.20 266
172.15.29.255 255.255.255.255 On-link 172.15.28.20 266
172.30.32.0 255.255.254.0 172.15.28.1 172.15.5.38 11 -------------------Error
172.30.32.0 255.255.254.0 172.15.28.1 172.15.28.20 11
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 169.254.1.11 261
224.0.0.0 240.0.0.0 On-link 172.15.28.20 266
224.0.0.0 240.0.0.0 On-link 172.15.5.38 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 169.254.1.11 261
255.255.255.255 255.255.255.255 On-link 172.15.28.20 266
255.255.255.255 255.255.255.255 On-link 172.15.5.38 266
EOOn the second server
GYESITEA-EXMB02, the network is not reachable:
C:\Windows\system32>route add 172.15.28.20 mask 255.255.255.255 172.30.32.1 if 13 -----à the
route was forced with the nic index 13 to the IP address 172.15.28.20
OK!
C:\Windows\system32>route print
===========================================================================
interface List
13...9c b6 54 93 fd 7c ......HP FlexFabric 10Gb 2-port 534FLB Adapter #59
12...9c b6 54 93 fd 78 ......HP FlexFabric 10Gb 2-port 534FLB Adapter #58
16...02 ce fe 26 83 9f ......Microsoft Failover Cluster Virtual Adapter
1...........................Software Loopback Interface 1
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 172.30.8.1 172.30.8.108 266
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
169.254.0.0 255.255.0.0 On-link 169.254.3.180 261
169.254.3.180 255.255.255.255 On-link 169.254.3.180 261
169.254.255.255 255.255.255.255 On-link 169.254.3.180 261
172.15.28.20 255.255.255.255 172.30.32.1 172.30.32.21 11 --------------route forced and applied
172.30.8.0 255.255.254.0 On-link 172.30.8.108 266
172.30.8.108 255.255.255.255 On-link 172.30.8.108 266
172.30.9.255 255.255.255.255 On-link 172.30.8.108 266
172.30.32.0 255.255.254.0 On-link 172.30.32.21 266
172.30.32.21 255.255.255.255 On-link 172.30.32.21 266
172.30.33.255 255.255.255.255 On-link 172.30.32.21 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1
306
224.0.0.0 240.0.0.0 On-link 169.254.3.180 261
224.0.0.0 240.0.0.0 On-link 172.30.8.108 266
224.0.0.0 240.0.0.0 On-link 172.30.32.21 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 169.254.3.180 261
255.255.255.255 255.255.255.255 On-link 172.30.8.108 266
255.255.255.255 255.255.255.255 On-link 172.30.32.21 266
===========================================================================
C:\Windows\system32>tracert 172.15.28.20
Tracing route to 172.15.28.20 over a maximum of 30 hops
1 General failure.
Trace complete.
C:\Windows\system32>tracert 172.15.28.20
Tracing route to 172.15.28.20 over a maximum of 30 hops
1 GYESITEA-EXMB02.xxxxxxxxxx [172.30.32.21] reports: Destination host
unreachable.
Trace complete.
Regards. Cristian V. -
3750 as a router and a switch. sub-optimal routing problem
Objective: To limit the traffic on Vlan8. We are seeing traces from K1 or T1 to 192.168.1.4 like this:
1- 10.10.10.5
2- 10.10.20.1
3- 192.168.1.4
then
1- 10.10.10.4
2- 10.10.30.1
3- 192.168.1.4
or
1- 10.10.10.5
2- 10.10.200.1
3- 192.168.1.4
this causes the packets to travers vlan8 once to get routed by P61B then switched back across to reach the next hop 20.1 or vice versa.
How can we avoid this behavior?
Study the attached drawing carefully. Vlan 8 has 4 routers on it and the 3750s have routes to the 4 networks above them. packets are not routed between the 3750'sHello Todd,
Could set up a debug ip icmp on the router 192.168.1.4 and ping it from both T-1 and K-1, I think this problem would be more clear to everyone.
If not mabybe you could provide the output of "show ip route" on the routes on this issue,at least on the routers/switch 192.168.1.2 , 192.168.1.3 and 10.10.10.4 and 10.10.10.5 and T-1, K-1.
for routes like 192.168.1.4, 10.10.10.2-5 and 20.20.20.2-3
Hope thats not to much info.
Thanks,
Vlad -
Hi there,
i have a problem with Routing on ASA 5505.
Here is a brief explanation of the topology:
DC Upstream IP: 77.246.165.141/30
ASA 5505 Upstream to DC IP: 77.246.165.142/30
Interface outside.
There is a Cisco Switch connected to one of ASA Ethernet ports, forming Public/DMZ VLAN.
ASA 5505 Public VLAN interface ip: 31.24.36.1/26
Cisco 3750 Public VLAN interface ip: 31.24.36.62, default gateway: 31.24.36.1, IP Routing enabled on Switch.
From the Cisco Switch I can access the Internet with source ip: 31.24.36.62.
Now I have asked from DC additional subnet: 31.24.36.192/26 and they have it routed correctly towards the ASA Outside interface ip: 77.246.165.142.
I have created additional Public2 VLAN on the Switch with IP address of: 31.24.36.193/26.
On the ASA 5505 i added the route to this Public2 VLAN:
#route public 31.24.36.192 255.255.255.192 31.24.36.62 1
Now the problem is that from the Switch with Source IP: 31.24.36.193 i can ping ASA 5505 Public VLAN IP: 31.24.36.1 so the routing between subnets 31.24.36.0/26 and 31.24.36.192/26 is working OK on both the ASA 5505 and the Switch.
But I can't access the Internet from the Switch with Source IP: 31.24.36.193.Thanks for the replies.
I am running:
Cisco Adaptive Security Appliance Software Version 8.2(2)
As for NAT configuration, there is NAT configured between the Outside Interface IP and the Internal Subnet:
global (outside) 1 interface
nat (inside) 1 192.168.X.0 255.255.255.0
nat (inside) 1 0.0.0.0 0.0.0.0
also there is NAT exemption configured because of the Site-to-Site IPSec VPN that we have:
nat (inside) 0 access-list inside_nat0_outbound1
access-list inside_nat0_outbound1 extended permit ip any 192.168.X.0 255.255.255.0
access-list inside_nat0_outbound1 extended permit ip 192.168.X.0 255.255.255.0 OtherSiteLAN 255.255.255.0
access-list inside_nat0_outbound1 extended permit ip any 192.168.X.240 255.255.255.248
access-list inside_nat0_outbound1 extended permit ip 192.168.X.0 255.255.255.128 OtherSiteLAN 255.255.255.0
I don't have any ACL configured on the Public interface in any direction.
Here is the configuration on the Switch regarding this scenario:
interface FastEthernet2/0/X
description Access Port for Public Subnet(31.24.32.0/26) to ASA
switchport access vlan 500
switchport mode access
interface Vlan500
description Public VLAN 1
ip address 31.24.36.62 255.255.255.192
interface Vlan510
description Public VLAN 2
ip address 31.24.36.193 255.255.255.192
ip route 0.0.0.0 0.0.0.0 31.24.36.1
Here is the output when pinging the ASA Public Interface IP with source IP address of: 31.24.36.193(VLAN 510)
SWITCH#ping 31.24.36.1 source vlan 510
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 31.24.36.1, timeout is 2 seconds:
Packet sent with a source address of 31.24.36.193
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/4/9 ms
And here is when I try to ping some Internet host:
SWITCH#ping 8.8.8.8 source vlan 510
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
Packet sent with a source address of 31.24.36.193
Success rate is 0 percent (0/5)
Maybe you are looking for
-
I have done all of the above but when I try to update my Apps on my iphone it still says that my ID is not valid for the US store and I must switch to the UK? My settings already say I am with the UK? What do I do?
-
Ho wto view deleted items in a sales order
is there a way to view deleted items in sales order.? is there a change log that we can view? how can we see the change log of any document? thanks s. krishnan
-
How can I add a new certificate to be used with SFTP
Hi, I wanted to know how to add a new certificate (from MS server) so it can be used by sftp. I tried certtool, but got error messages. It's a DSA cert, and I need to secure ftp to this site. Thanks in advance
-
Submit button: no response
After I add my QT file and settings, and choose my destinations, I click Submit and nothing happens. No error, no crash, no compression. It's like it doesn't recognize the button as a trigger to start working. I hesitate to reinstall because I've nev
-
Processing SelectionKeys in nonBlocking Socket Networks
Hello java developers! I am currently developing a nonblocking socket network. Can someone explain how the selectionKeys are generated? For example when the client attempts to write to the server does the (isReadable) SelectionKey selected by the Sel