Thank you, will give a try and see what I find/learn.
""Daniel Cotts"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > It might depend on the address of the device in Amsterdam that you are using > to ping. If the router, then do an extended ping and use the 172.29.30.1 as > the source address. Ping to 192.168.100.15. It should work. > If you are pinging from a workstation or the router using a valid > 172.29.30.x address but are pinging to the servers that have static NAT > translations in you California router then it will not succeed as > configured. > > > -----Original Message----- > > From: CTM CTM [mailto:[EMAIL PROTECTED]] > > Sent: Monday, September 30, 2002 4:55 PM > > To: [EMAIL PROTECTED] > > Subject: How are they talking? [7:54577] > > > > > > I think if the following situation is explained, it would go > > a long way to > > my sorting out other issues. > > Given the config files pasted at the bottom of this message: > > > > NetworkA = 172.29.10.0 > > NetworkB = 192.168.100.0 > > NetworkC = 172.29.30.0 > > > > RouterA hosts 172.29.10.0 and 192.168.100.0 > > RouterB hosts 172.29.30.0 > > > > 192.168.100.0 can ping 172.29.30.0 > > 172.29.10.0 cannot ping 172.29.30.0 > > 172.29.30.0 cannot ping NetworkA or NetworkB > > > > What configuration is allowing NetworkB to ping NetworkC? And why no > > communication back? > > > > > > NetworkA: > > > > sh config > > Using 3589 out of 29688 bytes > > ! > > version 12.1 > > no parser cache > > no service single-slot-reload-enable > > no service pad > > service timestamps debug uptime > > service timestamps log uptime > > service password-encryption > > ! > > hostname SC-SAN-RTR-01 > > ! > > logging buffered 4096 informational > > logging rate-limit console 10 except errors > > enable password xxxx > > ! > > ip subnet-zero > > ! > > ! > > no ip finger > > no ip domain-lookup > > ip name-server 207.67.236.5 > > ip name-server 207.67.247.4 > > --More-- ! > > no ip bootp server > > ip audit notify log > > ip audit po max-events 100 > > ! > > ! > > crypto isakmp policy 1 > > hash md5 > > authentication pre-share > > crypto isakmp key xxxx address xxxxxxxxxxxxxxx > > ! > > ! > > crypto ipsec transform-set cm-transformset-1 esp-des esp-md5-hmac > > ! > > crypto map cm-cryptomap local-address Serial0/0.1 > > crypto map cm-cryptomap 1 ipsec-isakmp > > set peer xxxxxxxxxxx > > set transform-set cm-transformset-1 > > match address 100 > > ! > > call rsvp-sync > > ! > > ! > > --More-- ! > > ! > > ! > > ! > > ! > > ! > > interface FastEthernet0/0 > > description connected to San Diego Outside > > ip address 172.29.10.1 255.255.255.0 > > no ip redirects > > no ip unreachables > > ip nat inside > > ip policy route-map nonat > > duplex auto > > speed auto > > ! > > interface Serial0/0 > > no ip address > > no ip redirects > > no ip unreachables > > encapsulation frame-relay > > no ip route-cache > > no ip mroute-cache > > --More-- service-module t1 > > remote-alarm-enable > > frame-relay lmi-type ansi > > ! > > interface Serial0/0.1 point-to-point > > description connected to Internet > > ip address x.x.x.x 255.255.255.0 > > no ip redirects > > no ip unreachables > > ip nat outside > > no ip route-cache > > no ip mroute-cache > > no arp frame-relay > > frame-relay interface-dlci 16 > > crypto map cm-cryptomap > > ! > > interface FastEthernet0/1 > > description connected to EthernetLAN_2 > > ip address 192.168.100.15 255.255.255.0 > > no ip redirects > > no ip unreachables > > ip nat inside > > ip policy route-map nonat > > duplex auto > > --More-- speed auto > > ! > > interface Serial0/1 > > no ip address > > no ip redirects > > no ip unreachables > > encapsulation frame-relay IETF > > no ip route-cache > > no ip mroute-cache > > no fair-queue > > frame-relay traffic-shaping > > frame-relay lmi-type ansi > > ! > > interface Serial0/1.474 point-to-point > > description Frame-Relay Connection to II-NAU-RTR-01 DLC 474 > > ip unnumbered FastEthernet0/1 > > no ip redirects > > no ip unreachables > > no ip route-cache > > no ip mroute-cache > > no arp frame-relay > > frame-relay interface-dlci 474 > > ! > > --More-- ip nat pool SCISANRTR001-natpool-1 > > xxxxxxxxxxxxxxxxxx netmask 255.255.255.224 > > ip nat inside source list 101 pool SCISANRTR001-natpool-1 overload > > ip nat inside source static 172.29.20.20 xxxx > > ip nat inside source static 192.168.100.135 xxxx > > ip nat inside source static 192.168.100.20 xxxx > > ip nat inside source static 172.29.10.20 xxxxx > > ip classless > > ip route 0.0.0.0 0.0.0.0 Serial0/0.1 > > ip route 172.29.20.0 255.255.255.0 Serial0/1.474 > > ip route 172.29.40.0 255.255.255.0 Serial0/1.474 > > no ip http server > > ip http port 7850 > > ! > > logging history size 250 > > logging history errors > > logging facility syslog > > access-list 100 permit ip xxxxx 0.0.0.31 172.29.30.0 0.0.0.255 > > access-list 100 permit ip 192.168.100.0 0.0.0.255 172.29.30.0 > > 0.0.0.255 > > access-list 101 deny ip 192.168.100.0 0.0.0.255 172.29.30.0 > > 0.0.0.255 > > access-list 101 permit ip 192.168.100.0 0.0.0.255 any > > access-list 101 permit ip 172.29.10.0 0.0.0.255 any > > no cdp run > > --More-- route-map nonat permit 10 > > ! > > snmp-server engineID local 00000009020000049AEB2DE0 > > ! > > dial-peer cor custom > > ! > > ! > > ! > > ! > > ! > > line con 0 > > exec-timeout 0 0 > > password xxxxx > > login > > transport input none > > line aux 0 > > line vty 0 4 > > password 7 0100070A0959545A294D400A16061C > > login > > ! > > scheduler allocate 4000 1000 > > end > > > > x > > > sc-ams-rtr-01>enable > > Password: > > sc-ams-rtr-01#sh config > > Using 2357 out of 29688 bytes > > ! > > version 12.1 > > no service single-slot-reload-enable > > service timestamps debug uptime > > service timestamps log datetime localtime > > no service password-encryption > > ! > > hostname sc-ams-rtr-01 > > ! > > no logging buffered > > no logging buffered > > logging rate-limit console 10 except errors > > enable password xxxx > > ! > > memory-size iomem 25 > > clock timezone MET 1 > > clock summer-time METDST recurring last Sun Mar 2:00 last Sun Oct 3:00 > > ip subnet-zero > > no ip finger > > ip name-server x.x.x.x > > ip name-server x.x.x.x > > ! > > --More-- ip audit notify log > > ip audit po max-events 100 > > ! > > ! > > crypto isakmp policy 1 > > hash md5 > > authentication pre-share > > crypto isakmp key xxxxx address x.x.x.x > > ! > > ! > > crypto ipsec transform-set cm-transformset-1 esp-des esp-md5-hmac > > no crypto engine accelerator > > ! > > crypto map cm-cryptomap local-address Ethernet0 > > crypto map cm-cryptomap 1 ipsec-isakmp > > set peer x.x.x.x > > set transform-set cm-transformset-1 > > match address 100 > > ! > > ! > > ! > > ! > > interface Ethernet0 > > --More-- description connected to Internet > > ip address x.x.x.x 255.255.255.248 > > ip nat outside > > no ip route-cache > > no ip mroute-cache > > half-duplex > > crypto map cm-cryptomap > > ! > > interface FastEthernet0 > > description connected to EthernetLAN_1 > > ip address 172.29.30.1 255.255.255.0 > > ip nat inside > > no ip route-cache > > no ip mroute-cache > > speed auto > > ! > > router rip > > version 2 > > passive-interface Ethernet0 > > network 172.29.0.0 > > no auto-summary > > ! > > ip nat inside source list 101 interface Ethernet0 overload > > --More-- ip kerberos source-interface any > > ip classless > > ip route profile > > ip route 0.0.0.0 0.0.0.0 217.117.229.137 > > ip route 172.29.10.0 255.255.255.0 FastEthernet0 > > ip route 172.29.40.0 255.255.255.0 192.168.100.15 > > no ip http server > > ! > > access-list 100 permit ip 172.29.30.0 0.0.0.255 > > 64.172.228.128 0.0.0.31 > > access-list 100 permit ip 172.29.30.0 0.0.0.255 192.168.100.0 > > 0.0.0.255 > > access-list 101 deny ip 172.29.30.0 0.0.0.255 > > 64.172.228.128 0.0.0.31 > > access-list 101 deny ip 172.29.30.0 0.0.0.255 192.168.100.0 > > 0.0.0.255 > > access-list 101 permit ip 172.29.30.0 0.0.0.255 any > > snmp-server community public RO > > snmp-server community xxxxxxxxxxx RW > > snmp-server location xxxxxxxxxxxxxxxxx > > snmp-server contact xxxxxxxxxxxxxxx > > ! > > line con 0 > > exec-timeout 0 0 > > password tea4two > > login > > transport input none > > --More-- line aux 0 > > line vty 0 4 > > password xxxx > > login > > ! > > end > > > > sc-ams-rtr-01#exit Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=54633&t=54577 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
