- Posts: 2
- Thank you received: 0
connecting routers
20 years 9 months ago #2845
by darrens
connecting routers was created by darrens
can someone help me? having trouble connecting to another router. other end is sending and receiving while we can only send. They can see us through show cdp neighbour, but we cannot see them. Cannot ping either way. any advice will be appreciated.
Going through ATM which appears to be configered correctly (ATM has encode and decode going through but decoding at about 3 times the rate)
:
(sorry, thought this would be better under this topic, and when I went to delete the old message i found out you cant)
Going through ATM which appears to be configered correctly (ATM has encode and decode going through but decoding at about 3 times the rate)
:
(sorry, thought this would be better under this topic, and when I went to delete the old message i found out you cant)
20 years 9 months ago #2848
by Chris
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
Replied by Chris on topic Re: connecting routers
Darrens,
Firstly, let us welcome you aboard as you seem to be a new member!
In your problem, you mention that one router is able to send and receive data to the remote router it connects to, but the same does not apply to the remote router, which leaves me thinking if there are any access lists applied on either ends which might be the reason for this "one way" communication.
The easiest and fastest way to resolve your problem would be to submit your configuration here so we might examine it and guide you in fixing your problem.
If posting the configuration is a problem, you can safely replace all phone numbers and IP addresses configured on the interfaces, but do not change any possible static routes or ip access lists!
We will be waiting to hear from you!
Cheers,
Firstly, let us welcome you aboard as you seem to be a new member!
In your problem, you mention that one router is able to send and receive data to the remote router it connects to, but the same does not apply to the remote router, which leaves me thinking if there are any access lists applied on either ends which might be the reason for this "one way" communication.
The easiest and fastest way to resolve your problem would be to submit your configuration here so we might examine it and guide you in fixing your problem.
If posting the configuration is a problem, you can safely replace all phone numbers and IP addresses configured on the interfaces, but do not change any possible static routes or ip access lists!
We will be waiting to hear from you!
Cheers,
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
20 years 9 months ago #2885
by UHSsncmrm
A scapegoat is often as welcome as a solution...never memorize what you can look up.
Replied by UHSsncmrm on topic Re: connecting routers
Chris is right, upload or paste output of the sh run command on both ends of link as well as any "core routers" also if you are pinging from a device, paste the ipconfig of the devices...or at least include the IPs of the souce and destination.
Without this there are way too many suggestions he could provide!
Make sure your "non-connected" network's core or default "knows" its edge's serial interface IP, not just the next hop ethernet intfc's IP. This is often overlooked by even engineers, especially under stress of a down condition!
If this checks out you can write a small "permit IP" host ACL including source to dest on one line and reverse it on another and debug the ACL and log it. Ping and make sure in both direcions that you log two-way transitive packets. If not, focus on that end's core and its default routes ensuring that the edge "knows and mimics" them. Meaning that the core's default also knows the edge's E and S intfc's IPs.
*****Debugging and ACLs can be tricky, BE CAREFUL on a LIVE network.
Further clarification can be obtained from Cisco.com! (Hey, can I get money for advertisment? Ha!)
(legal disclaimer) <<mumbling>> The opinions expessed here are not necessarily the opinion of forum moderators or Cisco Systems, blah, blah, blah! accept no liability... blah, blah, blah...legal implications and so on.
Without this there are way too many suggestions he could provide!
Make sure your "non-connected" network's core or default "knows" its edge's serial interface IP, not just the next hop ethernet intfc's IP. This is often overlooked by even engineers, especially under stress of a down condition!
If this checks out you can write a small "permit IP" host ACL including source to dest on one line and reverse it on another and debug the ACL and log it. Ping and make sure in both direcions that you log two-way transitive packets. If not, focus on that end's core and its default routes ensuring that the edge "knows and mimics" them. Meaning that the core's default also knows the edge's E and S intfc's IPs.
*****Debugging and ACLs can be tricky, BE CAREFUL on a LIVE network.
Further clarification can be obtained from Cisco.com! (Hey, can I get money for advertisment? Ha!)
(legal disclaimer) <<mumbling>> The opinions expessed here are not necessarily the opinion of forum moderators or Cisco Systems, blah, blah, blah! accept no liability... blah, blah, blah...legal implications and so on.
A scapegoat is often as welcome as a solution...never memorize what you can look up.
20 years 9 months ago #2896
by sahirh
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
Replied by sahirh on topic Re: connecting routers
In addition to filtering out telephone numbers and changing IP addresses (make sure you change them to reflect the config, no point telling us that x.x.x.x with subnet mask y.y.y.y is not talking to z.z.z.z)
Please don't forget to filter out password information, especially those damn type 7 passwords .. yknow the ones that look like
ppp pap sent-username johnny password 7 2101200512155A5F567E
Go ahead, paste your config.
Please don't forget to filter out password information, especially those damn type 7 passwords .. yknow the ones that look like
ppp pap sent-username johnny password 7 2101200512155A5F567E
Go ahead, paste your config.
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
Time to create page: 0.122 seconds