i have a nec ipk2 networked to another ipk2 via point to point t1's. with a 3rd t1 to go to a remote site for an ip phone.
it goes something like this:
Code
internet
|
t1
|
cisco router of some sort provided by AT&T
|
netopia router
|
switch
|
adtran netvanta 3200 main
| |
t1 t1
to to
site site
a b
| |
t1 t1
| |
adtran3200 adtran3200
| |
switch switch
| |
ipk2 & pc's ip phone & computer
the main site is all ok. can ping everything on site a & b.
sites a & b are the issue. they both can ping everything on everywhere BUT they cannot get on the internet. they CAN ping the netopia router but not beyond it. i feel that it is a routing issue in the adtran's somewhere. the people i have been working with seem to want to try to fix it but it may be beyond them (i know it is beyond me).
i can provide configs for the adtran units as well as the static routes in the netopia.
i was told that the router going to the internet (in this case the netopia) may not be "smart enough" to route the packets the way it needs. could this be the case? and if so would they need some sort of cisco to do this?
(my ascii drawing didn't turn out quite right so if you have questions pm or email me)
Visit Atcom to get started with your new business VoIP phone system ASAP
Turn up is quick, painless, and can often be done same day.
Let us show you how to do VoIP right, resulting in crystal clear call quality and easy-to-use features that make everyone happy!
Proudly serving Canada from coast to coast.
main site with dual t1 card: ! ! ! ADTRAN, Inc. OS version 15.08.00 ! Boot ROM version 12.02.00 ! Platform: NetVanta 3200, part number 1202860L1 ! Serial number LBADTN0713AA816 ! ! hostname "Marshall" no enable password ! clock timezone -6-Central-Time ! ip subnet-zero ip classless ip domain-proxy ip name-server 10.1.1.2 ip routing ! auto-config ! event-history on no logging forwarding no logging email logging email priority-level info ! no service password-encryption ! username "xxxxx" password "xxxxxxxx" ! ! no ip firewall alg msn no ip firewall alg h323 ! ! ! ! ! ! ! ! ! ! ! interface eth 0/1 description to isp ip address 10.1.1.245 255.255.255.0 no shutdown ! ! ! ! interface t1 1/1 description Jefferson clock source internal tdm-group 1 timeslots 1-24 speed 64 no shutdown ! interface t1 1/2 description house clock source internal tdm-group 1 timeslots 1-24 speed 64 no shutdown ! interface ppp 1 description to jefferson ip address 10.1.2.1 255.255.255.252 no shutdown cross-connect 1 t1 1/1 1 ppp 1 ! interface ppp 2 description to house ip address 10.1.3.1 255.255.255.252 no shutdown cross-connect 2 t1 1/2 1 ppp 2 ! ! ! router rip redistribute ospf redistribute static redistribute connected ! ! ! ! ! ! ip route 0.0.0.0 0.0.0.0 ppp 1 ip route 10.1.4.0 255.255.255.0 ppp 1 ip route 10.1.5.0 255.255.255.0 ppp 2 ! no ip tftp server no ip tftp server overwrite ip http server ip http session-timeout 86400 no ip http secure-server no ip snmp agent no ip ftp server no ip scp server no ip sntp server ! ! ! ! ! ! ! line con 0 no login ! line telnet 0 4 login no shutdown line ssh 0 4 login local-userlist no shutdown ! ! end
[Edit - xxxx'd the username and password, just in case]
site a with ipk2 & data: ! ! ! ADTRAN, Inc. OS version 15.08.00 ! Boot ROM version 06.01.00 ! Platform: NetVanta 3200, part number 1202860L1 ! Serial number LBADTN0437AA475 ! ! hostname "jefferson" no enable password ! clock timezone -6-Central-Time ! ip subnet-zero ip classless ip name-server 10.1.1.2 ip routing ! auto-config ! event-history on no logging forwarding no logging email logging email priority-level info ! no service password-encryption ! username "xxxxx" password "xxxxxxxx" ! ! no ip firewall alg msn no ip firewall alg h323 ! ! ! ! ! ! ! ! ! ip dhcp-server pool "local" network 10.1.4.0 255.255.255.0 netbios-node-type h-node default-router 10.1.4.1 ! ! ! interface eth 0/1 description to marshall ip address 10.1.4.1 255.255.255.0 no shutdown ! ! ! ! interface t1 1/1 description to marshall tdm-group 1 timeslots 1-24 speed 64 no shutdown ! interface ppp 1 description to marshall ip address 10.1.2.2 255.255.255.252 no shutdown cross-connect 1 t1 1/1 1 ppp 1 ! ! ! router rip redistribute ospf redistribute static redistribute connected ! ! ! ! ! ! ip route 0.0.0.0 0.0.0.0 ppp 1 ip route 10.1.1.0 255.255.255.0 ppp 1 ip route 10.1.3.0 255.255.255.252 ppp 1 ! no ip tftp server no ip tftp server overwrite ip http server no ip http secure-server no ip snmp agent no ip ftp server no ip scp server ip sntp server ! ! ! ! ! ! ! line con 0 login local-userlist ! line telnet 0 4 login local-userlist no shutdown line ssh 0 4 login local-userlist no shutdown ! sntp server ntppub.tamu.edu ! end
[Edit - xxx'd out the username and password just in case]
Destination LAN IP Subnet Mask Gateway Interface 0.0.0.0 0.0.0.0 12.68.210.145 WAN (Internet) 10.1.1.0 255.255.255.0 10.1.1.2 LAN & Wireless 10.1.4.0 255.255.255.0 10.1.1.245 LAN & Wireless 10.1.5.0 255.255.255.0 10.1.1.245 LAN & Wireless 12.68.210.144 255.255.255.248 12.68.210.146 WAN (Internet)
Can you show the routing tables from the main site and site A routers? I've never worked with Adtran routers, but it looks like you're missing a network statement, in which case the router won't be advertising the route it has on it's ethernet interface. Also, these two lines look redundant to me:
ip route 10.1.1.0 255.255.255.0 ppp 1 ip route 10.1.3.0 255.255.255.252 ppp 1
The Netopia router doesn't seem to know how to get to the 10.1.2.x and 10.1.3.x networks either.
I'd say that if you can receive ping responses back from the Netopia from either site, routing is working to that point.
Do you know what that Cisco device is at the network edge in your diagram. I'm guessing maybe a firewall. Whatever it is, that must be the device that's doing your network address translation as I don't see any NAT statements on the Netopia.
This line on the Netopia indicates that the connection to the internet are running through the Cisco device. Try to ping 10.1.1.245 as that must be the address of that device.
interface eth 0/1 description to isp ip address 10.1.1.245 255.255.255.0 no shutdown
My guess is there's a problem on the Cisco side, like it doesn't know what to do with traffic going to your remote subnets.
Also, you should erase any of the password info you posted on your configurations. Not good to have that on a public access web site.
Sometimes you carpe diem, sometimes your diem gets carped.
Typically when a Cisco router is at the end of a T1, provided and managed by the ISP, it is not configured for any firewall effects. It is simply a T1-Ethernet translator and management point for the ISP.
I would concur, that the Netopia is not configured right... not sure how, but that's my feeling.
Haven't dealt with ISP managed CPE here Rob, though I've often thought that would take some finger-pointing out of the equasion when a T1 goes down. Perhaps that's just a Cisco CSU/DSU then? I haven't seen one separate from the router in some time as ours are all WICs.
Clinton's correct, that configuration is for the NetVanta, not the Netopia. This now makes much more sense to me.
Perhaps a tracert from one of the hosts will tell you where the problem lies. I still can't see how there's a routing problem on the Netopia with respect to routing packets back to sites a & b. I would expect the echo-replies wouldn't know how to get back to the remote PCs if that were the case.
I would do either a tracert or pathping to some known Internet IP address and see what you get.
Sometimes you carpe diem, sometimes your diem gets carped.
RobCalltrol>>thanks for the edit but none of these are able to be accessed from the net
Steve Brower>>the cisco is a 1280 (i think). some sort of little router with a t1 wic card in it. from what i under stand it is basically a converter from t1 to ethernet and does NOT block anything.
clinton>>actually the netopia is just the interface to the internet with some sort of basic firewall. dhcp is done with a win2000 server.
RobCalltrol>>you are correct about the cisco router. it is done around here alot by AT&T.
Steve Brower>>a tracert from site b to a known static ip address (my office) will bounce back & forth between the adtran's and never get out. i don't have one handy to paste in here but i can get you one.
OK, it appears the Adtran at the main site has a default route pointing to the site A Adtran, which has a default route pointing back again. That would certainly be a problem. I'll say again though, seeing the routing table for each router would make problems like that much more obvious.
The Netopia router is definately doing the NAT in this situation. Private IPs on one interface, public IPs on the other. It may not be the DHCP server, but that's unrelated.
so the destination=0.0.0.0 mask=0.0.0.0 gateway=10.1.1.245 is what it should be instead of destination 0.0.0.0 mask=0.0.0.0 gateway=ppp1 if i am getting this right. which i think is what it used to be until we started playing around with it.
after he changed the 0.0.0.0 0.0.0.0 10.1.1.245 he is now (after telneting into the main adtran with the 2 t1 wic card) able to ping a external ip address. so a little progress.
not sure yet if he can ping an external ip address from site a though. he will get back to me on that.
there is also another issue with dns, which can wait until all of this other stuff is resolved, the people in site a or b are not able to resolve names into ip addresses. where would i put the dns stuff? the netopia (i think it is already in there)? site b's adtran?
from their it guy: just logged out of their system. I am now able to ping an outside IP from both site a and the main site. I changed the DNS to 10.1.1.250 and 12.127.17.71 on the main site router and I can ping a web address.
site a still has problems pinging a domain name though. I've tried several different dns settings without success.
They way we have setup DNS is to forward all DNS requests to our internal DNS server. If the requested site is not in our DNS server's cache, that request is forwarded to our ISP's DNS servers.
Remote site routers are programmed to configure DNS (via DHCP) for any computers there. For example, our main site is 10.1.1.X and DNS server is 10.1.1.21. Any remote site (10.2.1.X, for example) systems are configured to point to 10.1.1.21 for DNS resolution. Of course, it's not a bad idea to have a couple of DNS servers internally as you can replicate the DNS configuration that way.
Sometimes you carpe diem, sometimes your diem gets carped.
Didn't really have a chance until now to fully look at your config.
What I see is Main: Netopia Router 10.1.1.2/24 with the following routes: 0.0.0.0 0.0.0.0 12.68.210.145 WAN (Internet) 10.1.1.0 255.255.255.0 10.1.1.2 LAN & Wireless 10.1.4.0 255.255.255.0 10.1.1.245 LAN & Wireless 10.1.5.0 255.255.255.0 10.1.1.245 LAN & Wireless 12.68.210.144 255.255.255.248 12.68.210.146 WAN (Internet) (looks good) DHCP Server 1p address 10.1.1.250 DNS Server ip address 10.1.1.250?
Main 3200 eth 0/0 ip address 10.1.1.245/24 ppp1 ip address 10.1.2.1/30 ppp2 ip address 10.1.3.1/30
One the remote routers make sure you can ping all IP addresses on the Netopia router. If you can you have static routes in the Netopia. If you can't fix that. Next I am guessing you are NATing on the Netopia, you must either add NAT statement for the LAN sides of the remote sites or NAT on the switch at the headend. The better solution is to add the NAT on the Netopia. You will then be able to ping to the internet ONLY if you source the ping on the LAN interface. Alternatively you could also NAT the P-to-P T1 addresses also and then you could ping directly from the remote routers.
