Daniel Cotts wrote: > > You have a static NAT translation for 192.168.100.20 on both > routers. I'd > suggest removing it from the Mexican router. > > You haven't said whether or not you are doing standard or > extended pings. > Whether you are pinging from a host or the routers. > Do a traceroute when the pings are fast and when they are slow. > See where > the packets are going. You might want to do a "sh ip route" in > each > condition. > Some small housekeeping: > Mexican router: > I see no need for the "ip nat inside" on the Serial0/0:0.300 > subinterface. > Nothing from that interface meets the conditions of access-list > 101. > You can remove the "ip policy route-map nonat from > subinterfaces 0/0:0.300 > and 0/0:0.301 . There is no route-map in the config. > You have 192.168.100.0 on F0/1 (shutdown) in Mexico. You have > 192.168.100.0 > on F0/1 in SC-SAN. You still have a NAT static in Mexico for the > 192.168.100.20 host. Might be good to remove that static > mapping and remove > the unused address completely from the interface to avoid > confusion. > "ip http server" can be a security hole. > > SC-SAN router: > VPN connection to 172.29.30.0 uses access list 100 to define > allowed > traffic. I don't understand the first line of that list. Does > it refer to > the NAT pool of addresses? If so, how do they work inside? If > not, who are > they? Who is really allowed access to 172.29.30.0? > Again the ip policy and route-map statements aren't doing > anything. There is > an issue that could use a route-map. The users in 172.29.30.0 > can't reach > the statically NATed servers 192.168.100.20 & 135 over the VPN. > There is a > way to solve that problem (if it is a problem.) > Keep us posted on your progress. I would like to know the > solution. > > > -----Original Message----- > > From: Sammi Dog [mailto:[EMAIL PROTECTED]] > > Sent: Friday, September 13, 2002 5:23 PM > > To: [EMAIL PROTECTED] > > Subject: Re: Two Interfaces = Extremely Slow Ping [7:53266] > > > > > > I would appreciate any and all comments. > > > > >From: "Chris McNally" > >Hi all, > >We have one router in > > the U.S. and > > > one in Mexico. They are connected to each >other via frame > > relay and they > > > each have their own internet portal. >When the Mexico > router is > > > disconnected from its internet interface the ping >returns > > between U.S. > > > are averaging 70ms but when they plug in their internet > > >side the ping > > > returns shoot above 500ms and often hit 800. > >
Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53626&t=53266 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
