dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
11
share rss forum feed

doulos2k

join:2012-11-20
Austin, TX
reply to aryoba

Re: Cisco routing problem between two routers

aryoba - great appreciate the reply and you're right, I could certainly have elaborated the initial problem.

There is a system within the client network that we have been given access to and we need to be able to direct connect to that machine. They've opened up the IPs to ensure we can ping from our network to theirs, but I'm unable to access that machine. They don't see attempts on their side, so I've come to the conclusion that there must be something preventing it on my side.

Perhaps I'm making an erroneous assumption, but what baffles me is why I can ping from one router going through a router when the router it's going through can't do the same thing even though it's IP is clearly in the trace.


aryoba
Premium,MVM
join:2002-08-22
kudos:4

One common way to troubleshoot is to do packet capture, either using something like tcpdump, Wireshark, or at the very least create an ACL on your customer-facing equipment and monitor the counter. If you are able to see the packet from your terminal leaving your network towards the customer's network, then you know at least nothing blocks the packet within your network.


aryoba
Premium,MVM
join:2002-08-22
kudos:4
reply to doulos2k

said by doulos2k:

There is a system within the client network that we have been given access to and we need to be able to direct connect to that machine. They've opened up the IPs to ensure we can ping from our network to theirs, but I'm unable to access that machine. They don't see attempts on their side, so I've come to the conclusion that there must be something preventing it on my side.

I recalled when I was in your position managing a cloud network for customers, we had similar situation. It turned out that the customer had some NAT device that hid the customer's actual IP address. When that is your case, then the customer needs to create either some static NAT to an IP address accessible to your network, or disable NAT at least for such machine.

aryoba
Premium,MVM
join:2002-08-22
kudos:4
reply to doulos2k

said by doulos2k:

Perhaps I'm making an erroneous assumption, but what baffles me is why I can ping from one router going through a router when the router it's going through can't do the same thing even though it's IP is clearly in the trace.

said by aryoba:

When you are able to ping from one source but are unable to from different source, best bet is that ping source is locked down to only certain IP addresses so that ping ability is restricted to only "trusted" or known device as security consideration.

I think that answers the question. Now let's fire up that Wireshark

doulos2k

join:2012-11-20
Austin, TX

Yep - working that angle now. Thanks! I'll let you know how it goes.