OSPF problem -- I think ??????????????????? [7:60045]

Tue, 31 Dec 2002 14:45:35 -0800 

172.2
5.25.0/24
192.168.1.0/24 --2611--                      7120 ---- 3548 ------- PIX ---
192.168.10.0/24
                                        | GRE Tunnel  |
192.168.12.0/24--1710--

Here is a very simplistic diagram of my network.
192.168.1.0 - Corporate Network
192.168.10.0 - Operations Network
192.168.12.0 - Client Network
10.1.1.1 - 2611 GRE Tunnel
10.1.1.2 - 7200 GRE Tunnel (VPN Endpoint)
209.x.x.x - Outside interface of the 7200
172.25.25.2 - inside interface of the 7200
172.25.25.50 - 3548XL Catalyst switch
172.25.25.10 - Outside interface of the PIX
192.168.10.0 - inside interface of the PIX

I was wondering if any of you Cisco professionals can help me with what I
determined  to be on OSPF problem.  I have a GRE tunnel between the 2611
router and the 7120 router and that works fine.  I aslo have a GRE tunnel
between 1710 router and the 7120, which also works fine.  Here's where things
get interesting, I have a static translation on my PIX that translates
172.25.25.30 to 192.168.10.100 (mail server) and I have an access-list
allowing this pop3 traffic origination from the corporate network to
172.25.25.30. I put a packet sniffer on a client on the internal network
(192.168.1.x) and tried to connect to the mail server, it sent out a SYN
which
was received by the mail server, the mail server replies but never gets back
to the client. So, the initial connection is torn down (according to my
syslog
messages).  I confirmed that the traffic gets to my mail server but I can't
figure out why it doesn't get back.  I did a traceroute from the 7120 which
is
the default gateway for the PIX and it gets to the proper location but if I
perform a tracert from my windows mail server the ends up going to the
192.168.12.0. (client network).  We're running OSPF in a single area with
each
client connection through a GRE tunnel.  I was under the impression that OSPF
supports VLSM so
I shouldn't have to worry about my 192.168.X.X  networks.  Another twist to
this problem is, if I use nat 0 or a static translation from 192.168.10.100
to
192.168.10.100 and change the access-list it works fine, but why?????????????
Geeezzzz, I hope that was clear, if more clarification is needed please let
me
know.  I appreciate all your help in advance

Season's Greeting

Richard Mangru




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=60045&t=60045
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Reply via email to