Hi All...
Well I'm at a frustrating point in troubleshooting this one, any help would
be nice! I gernally would not post a problem here, but since it does involve
NAT maybe we all can learn from this one.
I am not going to try ASCII art to do a diagram, but here is the layout.
any host on private LAN --> Cat 2924 with two VLANs private host on VLAN
1 --> 2611 e0/0 (NAT inside on VLAN 1) --> e0/1 (NAT outside overloaded on
VLAN 2) --> 4500 e1 --> 4500 e0 (DMZ) (e0 is in the same 2924 on VLAN 2) -->
Solaris 2.6 server or NT 4 server (either one, they are both there on VLAN
2).
Here is the problem, if I ping either the Sun or the NT server I get one
reply and then nothing but timeouts. Wait a minute or less and ping again,
one reply then timeouts. This is typical for all connectivity, WWW, telnet,
SSH, etc. Now here's the kicker, if I ping any other host on the DMZ subnet
no problems at all. If I ping from the routers no problems, if I ping from
any of the other hosts in the DMZ or from the Internet, again no problems.
There only two differences between the Sun and NT server and the rest of the
hosts on the DMZ, they are in a different room.
Some of the things I have tried:
1) Remove all ACLs, no change
2) Re-run the drops, change all cables, no change
3) change ports on the switch, no change
4) Reload the switch, and routers, reboot the servers, no change
Some things I have thought it might be:
1) known issue with Sun 2.6, but the problem is also on the NT server...
2) bug in the NAT on the 2611
3) I am blessed with the strangest problems!
TIA
Here are the config's sorry for the length...
2924:--------------------------
Current configuration:
!
version 12.0
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname c2924
!
enable secret xxx
!
username xxx privilege 15 password xxxx
username xxx privilege 15 password xxxx
!
ip subnet-zero
ip host tftp 192.168.0.4
!
interface FastEthernet0/1
spanning-tree portfast
!
interface FastEthernet0/2
spanning-tree portfast
!
interface FastEthernet0/3
spanning-tree portfast
!
interface FastEthernet0/4
spanning-tree portfast
!
interface FastEthernet0/5
spanning-tree portfast
!
interface FastEthernet0/6
spanning-tree portfast
!
interface FastEthernet0/7
spanning-tree portfast
!
interface FastEthernet0/8
spanning-tree portfast
!
interface FastEthernet0/9
spanning-tree portfast
!
interface FastEthernet0/10
spanning-tree portfast
!
interface FastEthernet0/11
spanning-tree portfast
!
interface FastEthernet0/12
spanning-tree portfast
!
interface FastEthernet0/13
spanning-tree portfast
!
interface FastEthernet0/14
!
interface FastEthernet0/15
switchport access vlan 2
spanning-tree portfast
!
interface FastEthernet0/16
switchport access vlan 2
!
interface FastEthernet0/17
switchport access vlan 2
spanning-tree portfast
!
interface FastEthernet0/18
switchport access vlan 2
!
interface FastEthernet0/19
switchport access vlan 2
!
interface FastEthernet0/20
switchport access vlan 2
!
interface FastEthernet0/21
switchport access vlan 2
!
interface FastEthernet0/22
switchport access vlan 2
!
interface FastEthernet0/23
switchport access vlan 2
!
interface FastEthernet0/24
switchport access vlan 2
!
interface VLAN1
ip address 192.168.0.47 255.255.255.0
no ip directed-broadcast
no ip route-cache
!
interface VLAN2
ip address x.x.x.x 255.255.255.0
no ip directed-broadcast
no ip route-cache
!
ip default-gateway 192.168.0.1
logging 192.168.0.4
snmp-server engineID local 0000000902000001424B7980
snmp-server community xxx RO
snmp-server chassis-id 0x0E
!
line con 0
login local
transport input none
stopbits 1
line vty 0 4
exec-timeout 0 0
login local
line vty 5 9
exec-timeout 0 0
login local
!
ntp clock-period 22518021
ntp server x.x.x.x
end
END 2924----------------------
Begin 2611----------------------
Current configuration:
!
version 12.1
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname office-gw
!
boot system flash c2600-io3-mz.121-2.bin
enable secret 5 xxx
!
username xxx privilege 15 password xxx
username xxx privilege 15 password xxx
!
ip subnet-zero
no ip domain-lookup
ip host tftp 192.168.0.4
!
ip audit notify log
ip audit po max-events 100
!
interface Ethernet0/0
ip address 192.168.0.1 255.255.255.0
ip nat inside
!
interface Serial0/0
no ip address
service-module t1 clock source internal
shutdown
!
interface Ethernet0/1
ip address a.a.a.a 255.255.255.248
ip nat outside
!
interface Serial0/1
no ip address
shutdown
!
ip nat inside source list 78 interface Ethernet0/1 overload
ip nat inside source static tcp 192.168.0.x 110 interface Ethernet0/1 110
ip nat inside source static tcp 192.168.0.x 25 interface Ethernet0/1 25
ip nat inside source static tcp 192.168.0.x 143 interface Ethernet0/1 143
ip classless
ip route 0.0.0.0 0.0.0.0 Ethernet0/1
no ip http server
!
access-list 78 permit 192.168.0.0 0.0.0.255
snmp-server engineID local 00000009020000B0647DB6E0
snmp-server community xxx RW
snmp-server packetsize 2048
!
line con 0
exec-timeout 0 0
login local
transport input none
line aux 0
line vty 0 4
exec-timeout 0 0
login local
!
no scheduler allocate
end
END 2611--------------------
Begin 4500-------------------
version 12.0
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname xxx
!
boot system flash c4500-is-mz.120-8.bin
enable secret 5 xxx
!
username xxx privilege 15 password xxx
username xxx privilege 15 password xxx
ip subnet-zero
no ip domain-lookup
!
interface Ethernet0
description DMZ
ip address b.b.b.b 255.255.255.0
no ip directed-broadcast
media-type 10BaseT
!
interface Ethernet1
description Arristech LAN
ip address a.a.a.a 255.255.255.248
no ip directed-broadcast
media-type 10BaseT
!
interface Serial0
no ip address
no ip directed-broadcast
shutdown
no fair-queue
!
interface Serial1
no ip address
no ip directed-broadcast
encapsulation frame-relay
no fair-queue
!
interface Serial1.16 point-to-point
ip address c.c.c.c 255.255.255.252
no ip directed-broadcast
frame-relay interface-dlci 16
!
interface Serial2
no ip address
no ip directed-broadcast
encapsulation frame-relay
!
interface Serial2.16 point-to-point
ip address x.x.x.x 255.255.255.252
no ip directed-broadcast
frame-relay interface-dlci 16
!
interface Serial2.17 point-to-point
no ip directed-broadcast
frame-relay interface-dlci 17
!
interface Serial2.18 point-to-point
no ip directed-broadcast
frame-relay interface-dlci 18
!
interface Serial3
ip address x.x.x.x 255.255.255.252
no ip directed-broadcast
encapsulation ppp
no fair-queue
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial1.16
ip route x.x.x.x 255.255.255.248 x.x.x.x
ip route x.x.x.x 255.255.255.248 x.x.x.x
ip route x.x.x.x 255.255.255.224 x.x.x.x
!
snmp-server community xxx RO
!
line con 0
exec-timeout 0 0
password xxx
login local
transport input none
line aux 0
line vty 0 4
exec-timeout 0 0
password xxx
login local
!
end
END 4500----------------
--
John Hardman, MCSE+I, CCNA
ArrisTech/CCS-IS SysAdmin
___________________________________
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
