Re: Routing Problem

Here is the current cunning config:

Current configuration : 1399 bytes
!
version 12.1
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname atlvpn
!
no logging rate-limit
enable secret 5 xxxxxxxxxxxxx
!
ip subnet-zero
!
!
no ip finger
no ip domain-lookup
!
ip audit notify log
ip audit po max-events 1
ip cef
no ip dhcp-client network-discovery
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key xxxxx address xx.xx.xx.x
crypto isakmp keepalive 60
!
!
crypto ipsec transform-set CMAP esp-3des esp-md5-hmac
mode transport
!
!
!
interface Tunnel1
ip address 172.17.3.5 255.255.255.252
ip mtu 1440
load-interval 30
tunnel source xxx.xx.x.x
tunnel destination xxx.x.xx.xxx
!
interface Ethernet0
ip address xxx.xx.x.xxx 255.255.255.248
ip route-cache flow
half-duplex
no cdp enable
!
interface FastEthernet0
description connected to EthernetLAN
ip address 192.168.1.3 255.255.255.0
speed auto
full-duplex
!
interface Serial0
description connected to Internet
ip address xx.x.x.xxx 255.255.255.252
service-module t1 timeslots 1-24
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0
ip route 192.168.8.0 255.255.255.0 Tunnel1
no ip http server
!
!
!
!
line con 0
exec-timeout 0 0
password 7 xxxxxxxxxxxxxxxxxxx
login
transport input none
line aux 0
line vty 0 4
password 7 xxxxxxxxxxxxxxxxxxxxxxx
login
!
end


I do not have NAT turned on.


Adam


Charlie Root wrote:
<amalseed@xxxxxxxxx> wrote in message
news:1143150334.528328.201200@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
#ping www.yahoo.com
Translating "www.yahoo.com"...domain server (192.168.1.254) [OK]

[...]
But when I do the extended ping and specify the source address it
works...


When you do standard ping the router will use IP of the interface closest to
the destination as source address. Your DNS is on private IP, so looks like
you do have private network and NAT somewhere. If route to 66.94.230.35
(www.yahoo.com) points over an interface with private address, which is not
NAT'ed that's the reason of having no replies. Without seeing your routing
table (at least 'sh ip route 0.0.0.0.0') it's rather hard to guess what
causes connectivity problem exactly. Configuration of the interface over
which this route points will also help (strip IP address, but state whether
it's public or private).

Kind regards,
iLya

.

Relevant Pages

  • RE: Running public IPs inside an RFC 1597 network
    ... > I'm running a typical Class C RFC 1597 network in my lab. ... know or care if we humans designate a subnet as public or private. ... is the absolute most general route there is for a machine. ... In a correctly configured system when you define an interface, ...
    (freebsd-questions)
  • RE: persistent routes
    ... > the route on eth0 which I can then add but I can't figure out ... configuration. ... You would generaly configure an interface like that to ... sniff on your network. ...
    (Fedora)
  • Re: Routing Problem
    ... When you do standard ping the router will use IP of the interface closest to ... Your DNS is on private IP, ... you do have private network and NAT somewhere. ... If route to 66.94.230.35 ...
    (comp.dcom.sys.cisco)
  • Re: routing and multiple NICs
    ... which means that only one default route will be active. ... Each of them has its own gateway configured. ... > This gives two routes for address 0.0.0.0, one for each interface. ... > from outside (which is the point for this configuration). ...
    (microsoft.public.win2000.ras_routing)
  • Re: Cant set default route to outside interface
    ... inside interface plugged in to do the configuration but it turns out ... that the interface has to be up in order for the cisco the even think ... it to replace our old pix and 2621 but I can't set the default route ... to an "outside" interface (FastEthernet0/1), I can set it to an inside ...
    (comp.dcom.sys.cisco)