Re: Someone can explain this to me?

In article <437deb1a$1_3@xxxxxxxxxxxxxxxxxxxxx>,
"Tosh" <mbasc@xxxxxxxxxxxxx> wrote:

> Scenario:
> Class B subnet 172.16.0.0/16 with about 500 hosts.
> Cisco3640 core router as dgw of the network, address 172.16.1.116
> Cisco 1712 vpn gateway, address 172.16.1.108
> Cisco Pix506 vpn gateway, address 172.16.1.107
> Other networking gears not related (hope) to this issue
> Eigrp protocol running on all the devices except the pix.
>
> Recently the customer is experiencing problems reaching the subnets at the
> other end of the tunnels terminated by the pix, here are some tests I've
> done and some details I've collected:
>
> If I ping the address of the internal if of the pix (172.16.1.107) from the
> 3640 (remember, this is the dgw of the subnet), all seems ok.
> If I do a trace from 3640 to the same address I surprisingly see the packets
> going to the 1712 (172.16.1.108) and back to the 3640 (due to the eigrp
> table), so forth until the ttl expires.

It sounds like the 1712 is advertising a route to 172.16.1.107 to the
3640 for some reason, and this is overriding the connected route for the
network. But this doesn't explain why the first ping works and the
traceroute fails when they're going to the same address. What does
"show ip route 172.16.1.107" say?

> Routing tables are all ok
> Arp tables are all ok
> No cef or netflow running
> No policy routing
> No proxy arp enabled on any device.
> Cpu usage of all the devices is as usual
> 1712 is injecting routes to the internal lan in a fairly controlled fashion
> due to distribute lists.
> Same devices are running quite from a while, no important changes made to
> the images or configs lately.
>
> Strange enough, if I change the ip of the pix with an address near to the
> old one the problem stands, if I change the address, and only that, with one
> quite far from the old one (now is 172.16.1.5) the problem suddenly
> disappears, however none of these addresses belong to any other host or
> device (tried to ping after the change).
> Anyone has experienced something similar in the past?
> Bye,
> Tosh.

--
Barry Margolin, barmar@xxxxxxxxxxxx
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
.

Relevant Pages

  • Re: Event ID 1000 (Userenv) Error and Event ID 8021 (BROWSER) Error
    ... > destination route entry with the 192.168.0.1 GWY was higher priority, ... > the external network), and from there to the open Internet. ... > An additional item is that it appears that if any of the NICs in the ... > with destination addresses on the 192.168.1 subnet to get to the ...
    (microsoft.public.win2000.dns)
  • Re: Event ID 1000 (Userenv) Error and Event ID 8021 (BROWSER) Error
    ... > destination route entry with the 192.168.0.1 GWY was higher priority, ... > the external network), and from there to the open Internet. ... > An additional item is that it appears that if any of the NICs in the ... > with destination addresses on the 192.168.1 subnet to get to the ...
    (microsoft.public.win2000.networking)
  • Re: please advise - problem with routing
    ... and a network is a very important distinction in IP address configuration. ... you show that the 192.168.1.0/24 subnet has two devices ... ROUTE PRINT on NT4 ... ROUTE PRINT on router ...
    (microsoft.public.windows.server.networking)
  • OT: RRAS doesnt R
    ... A remote user now needs access to our network. ... She needs to connect via VPN ... Our office is only one subnet. ... Here's the routing table from a "route print" done on Dataman, ...
    (microsoft.public.cert.exam.mcse)
  • Re: Linux router w/3 nics - need help with routing
    ... netmask and broadcast, or if one leads only to the default gw, it ... under eth0 with 192.168.0.0/24 network is wrong). ... that one to a more limited subnet of your main subnet. ... > then install the route I want. ...
    (comp.os.linux.networking)