It might depend on the address of the device in Amsterdam that you are using to ping. If the router, then do an extended ping and use the 172.29.30.1 as the source address. Ping to 192.168.100.15. It should work. If you are pinging from a workstation or the router using a valid 172.29.30.x address but are pinging to the servers that have static NAT translations in you California router then it will not succeed as configured.
> -----Original Message----- > From: CTM CTM [mailto:[EMAIL PROTECTED]] > Sent: Monday, September 30, 2002 4:55 PM > To: [EMAIL PROTECTED] > Subject: How are they talking? [7:54577] > > > I think if the following situation is explained, it would go > a long way to > my sorting out other issues. > Given the config files pasted at the bottom of this message: > > NetworkA = 172.29.10.0 > NetworkB = 192.168.100.0 > NetworkC = 172.29.30.0 > > RouterA hosts 172.29.10.0 and 192.168.100.0 > RouterB hosts 172.29.30.0 > > 192.168.100.0 can ping 172.29.30.0 > 172.29.10.0 cannot ping 172.29.30.0 > 172.29.30.0 cannot ping NetworkA or NetworkB > > What configuration is allowing NetworkB to ping NetworkC? And why no > communication back? > > > NetworkA: > > sh config > Using 3589 out of 29688 bytes > ! > version 12.1 > no parser cache > no service single-slot-reload-enable > no service pad > service timestamps debug uptime > service timestamps log uptime > service password-encryption > ! > hostname SC-SAN-RTR-01 > ! > logging buffered 4096 informational > logging rate-limit console 10 except errors > enable password xxxx > ! > ip subnet-zero > ! > ! > no ip finger > no ip domain-lookup > ip name-server 207.67.236.5 > ip name-server 207.67.247.4 > --More-- ! > no ip bootp server > ip audit notify log > ip audit po max-events 100 > ! > ! > crypto isakmp policy 1 > hash md5 > authentication pre-share > crypto isakmp key xxxx address xxxxxxxxxxxxxxx > ! > ! > crypto ipsec transform-set cm-transformset-1 esp-des esp-md5-hmac > ! > crypto map cm-cryptomap local-address Serial0/0.1 > crypto map cm-cryptomap 1 ipsec-isakmp > set peer xxxxxxxxxxx > set transform-set cm-transformset-1 > match address 100 > ! > call rsvp-sync > ! > ! > --More-- ! > ! > ! > ! > ! > ! > interface FastEthernet0/0 > description connected to San Diego Outside > ip address 172.29.10.1 255.255.255.0 > no ip redirects > no ip unreachables > ip nat inside > ip policy route-map nonat > duplex auto > speed auto > ! > interface Serial0/0 > no ip address > no ip redirects > no ip unreachables > encapsulation frame-relay > no ip route-cache > no ip mroute-cache > --More-- service-module t1 > remote-alarm-enable > frame-relay lmi-type ansi > ! > interface Serial0/0.1 point-to-point > description connected to Internet > ip address x.x.x.x 255.255.255.0 > no ip redirects > no ip unreachables > ip nat outside > no ip route-cache > no ip mroute-cache > no arp frame-relay > frame-relay interface-dlci 16 > crypto map cm-cryptomap > ! > interface FastEthernet0/1 > description connected to EthernetLAN_2 > ip address 192.168.100.15 255.255.255.0 > no ip redirects > no ip unreachables > ip nat inside > ip policy route-map nonat > duplex auto > --More-- speed auto > ! > interface Serial0/1 > no ip address > no ip redirects > no ip unreachables > encapsulation frame-relay IETF > no ip route-cache > no ip mroute-cache > no fair-queue > frame-relay traffic-shaping > frame-relay lmi-type ansi > ! > interface Serial0/1.474 point-to-point > description Frame-Relay Connection to II-NAU-RTR-01 DLC 474 > ip unnumbered FastEthernet0/1 > no ip redirects > no ip unreachables > no ip route-cache > no ip mroute-cache > no arp frame-relay > frame-relay interface-dlci 474 > ! > --More-- ip nat pool SCISANRTR001-natpool-1 > xxxxxxxxxxxxxxxxxx netmask 255.255.255.224 > ip nat inside source list 101 pool SCISANRTR001-natpool-1 overload > ip nat inside source static 172.29.20.20 xxxx > ip nat inside source static 192.168.100.135 xxxx > ip nat inside source static 192.168.100.20 xxxx > ip nat inside source static 172.29.10.20 xxxxx > ip classless > ip route 0.0.0.0 0.0.0.0 Serial0/0.1 > ip route 172.29.20.0 255.255.255.0 Serial0/1.474 > ip route 172.29.40.0 255.255.255.0 Serial0/1.474 > no ip http server > ip http port 7850 > ! > logging history size 250 > logging history errors > logging facility syslog > access-list 100 permit ip xxxxx 0.0.0.31 172.29.30.0 0.0.0.255 > access-list 100 permit ip 192.168.100.0 0.0.0.255 172.29.30.0 > 0.0.0.255 > access-list 101 deny ip 192.168.100.0 0.0.0.255 172.29.30.0 > 0.0.0.255 > access-list 101 permit ip 192.168.100.0 0.0.0.255 any > access-list 101 permit ip 172.29.10.0 0.0.0.255 any > no cdp run > --More-- route-map nonat permit 10 > ! > snmp-server engineID local 00000009020000049AEB2DE0 > ! > dial-peer cor custom > ! > ! > ! > ! > ! > line con 0 > exec-timeout 0 0 > password xxxxx > login > transport input none > line aux 0 > line vty 0 4 > password 7 0100070A0959545A294D400A16061C > login > ! > scheduler allocate 4000 1000 > end > > x > sc-ams-rtr-01>enable > Password: > sc-ams-rtr-01#sh config > Using 2357 out of 29688 bytes > ! > version 12.1 > no service single-slot-reload-enable > service timestamps debug uptime > service timestamps log datetime localtime > no service password-encryption > ! > hostname sc-ams-rtr-01 > ! > no logging buffered > no logging buffered > logging rate-limit console 10 except errors > enable password xxxx > ! > memory-size iomem 25 > clock timezone MET 1 > clock summer-time METDST recurring last Sun Mar 2:00 last Sun Oct 3:00 > ip subnet-zero > no ip finger > ip name-server x.x.x.x > ip name-server x.x.x.x > ! > --More-- ip audit notify log > ip audit po max-events 100 > ! > ! > crypto isakmp policy 1 > hash md5 > authentication pre-share > crypto isakmp key xxxxx address x.x.x.x > ! > ! > crypto ipsec transform-set cm-transformset-1 esp-des esp-md5-hmac > no crypto engine accelerator > ! > crypto map cm-cryptomap local-address Ethernet0 > crypto map cm-cryptomap 1 ipsec-isakmp > set peer x.x.x.x > set transform-set cm-transformset-1 > match address 100 > ! > ! > ! > ! > interface Ethernet0 > --More-- description connected to Internet > ip address x.x.x.x 255.255.255.248 > ip nat outside > no ip route-cache > no ip mroute-cache > half-duplex > crypto map cm-cryptomap > ! > interface FastEthernet0 > description connected to EthernetLAN_1 > ip address 172.29.30.1 255.255.255.0 > ip nat inside > no ip route-cache > no ip mroute-cache > speed auto > ! > router rip > version 2 > passive-interface Ethernet0 > network 172.29.0.0 > no auto-summary > ! > ip nat inside source list 101 interface Ethernet0 overload > --More-- ip kerberos source-interface any > ip classless > ip route profile > ip route 0.0.0.0 0.0.0.0 217.117.229.137 > ip route 172.29.10.0 255.255.255.0 FastEthernet0 > ip route 172.29.40.0 255.255.255.0 192.168.100.15 > no ip http server > ! > access-list 100 permit ip 172.29.30.0 0.0.0.255 > 64.172.228.128 0.0.0.31 > access-list 100 permit ip 172.29.30.0 0.0.0.255 192.168.100.0 > 0.0.0.255 > access-list 101 deny ip 172.29.30.0 0.0.0.255 > 64.172.228.128 0.0.0.31 > access-list 101 deny ip 172.29.30.0 0.0.0.255 192.168.100.0 > 0.0.0.255 > access-list 101 permit ip 172.29.30.0 0.0.0.255 any > snmp-server community public RO > snmp-server community xxxxxxxxxxx RW > snmp-server location xxxxxxxxxxxxxxxxx > snmp-server contact xxxxxxxxxxxxxxx > ! > line con 0 > exec-timeout 0 0 > password tea4two > login > transport input none > --More-- line aux 0 > line vty 0 4 > password xxxx > login > ! > end > > sc-ams-rtr-01#exit Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=54585&t=54577 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
