Re: [OSL | CCIE_Security] CANNOT Ping BGP Network (But can SEE ROUTES on R2 and R1 respectively )

Wed, 29 Dec 2010 09:53:53 -0800 

I will show you all routes :

ASA output :
=============


C    1.1.1.0 255.255.255.0 is directly connected, outside
C    2.2.2.0 255.255.255.0 is directly connected, inside
O IA 20.20.20.20 255.255.255.255 [110/11] via 1.1.1.1, 0:00:01, outside
R    11.11.11.11 255.255.255.255 [120/1] via 2.2.2.1, 0:00:13, inside
BOX/sec#


R1 Output :
===========

R1#sh ip ro
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static
route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

B    200.200.200.0/24 [20/0] via 20.20.20.20, 00:00:29
     1.0.0.0/24 is subnetted, 1 subnets
R       1.1.1.0 [120/1] via 2.2.2.2, 00:00:23, FastEthernet0/1
     2.0.0.0/24 is subnetted, 1 subnets
C       2.2.2.0 is directly connected, FastEthernet0/1
     100.0.0.0/24 is subnetted, 1 subnets
C       100.100.100.0 is directly connected, Loopback100
     20.0.0.0/32 is subnetted, 1 subnets
R       20.20.20.20 [120/1] via 2.2.2.2, 00:00:23, FastEthernet0/1
     11.0.0.0/32 is subnetted, 1 subnets
C       11.11.11.11 is directly connected, Loopback1
R1#

R1#sh ip bgp
BGP table version is 3, local router ID is 100.100.100.100
Status codes: s suppressed, d damped, h history, * valid, > best, i -
internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 100.100.100.0/24 0.0.0.0                  0         32768 i
*> 200.200.200.0    20.20.20.20              0             0 1 i
R1#



R2 Output :
============

R2#sh ip ro
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static
route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

C    200.200.200.0/24 is directly connected, Loopback200
     1.0.0.0/24 is subnetted, 1 subnets
C       1.1.1.0 is directly connected, FastEthernet0/0
     2.0.0.0/24 is subnetted, 1 subnets
O E2    2.2.2.0 [110/1] via 1.1.1.2, 00:02:08, FastEthernet0/0
     100.0.0.0/24 is subnetted, 1 subnets
B       100.100.100.0 [20/0] via 11.11.11.11, 00:01:25
     20.0.0.0/32 is subnetted, 1 subnets
C       20.20.20.20 is directly connected, Loopback2
     11.0.0.0/32 is subnetted, 1 subnets
O E2    11.11.11.11 [110/1] via 1.1.1.2, 00:02:08, FastEthernet0/0
R2#


R2#sh ip bgp
BGP table version is 3, local router ID is 200.200.200.200
Status codes: s suppressed, d damped, h history, * valid, > best, i -
internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 100.100.100.0/24 11.11.11.11              0             0 2 i
*> 200.200.200.0    0.0.0.0                  0         32768 i
R2#





On Wed, Dec 29, 2010 at 7:09 PM, Piotr Matusiak <[email protected]> wrote:

> Do you see BGP routes in RIB? Can you send
> sho ip bgp
> sho ip route
>
> 2010/12/29 kamran shakil <[email protected]>
>
>> Dears,
>> I am seriously confused here .... i made a very simple setup to test BGP
>> between 2 routers , putting 1 ASA in the middle and was doing the lab, that
>> finally i noticed something strang ???  my ROUTES are all OK , i can learn
>> routes on the remote routers thru ASA, and i did the TCP-OPTIONS and also
>> RANDOM SEQ. disable, and since nat-control was enabled, I also did the
>> static IDENTITY NAT .... but PING is not working............................
>> !!! I am pasting the configs..
>>
>>  " EXPERTS....guide me ..plz "
>>
>>
>> * R1 -- > ASA ---- R2
>> *
>>
>>
>> R1 :
>> ===
>> interface Loopback1
>>  ip address 11.11.11.11 255.255.255.255
>> !
>> interface Loopback100
>>  ip address 100.100.100.100 255.255.255.0
>> !
>> interface FastEthernet0/1
>>  ip address 2.2.2.1 255.255.255.0
>>  duplex auto
>>  speed auto
>> !
>> router rip
>>  version 2
>>  network 2.0.0.0
>>  network 11.0.0.0
>>  no auto-summary
>> !
>> router bgp 2
>>  no synchronization
>>  bgp log-neighbor-changes
>>  network 100.100.100.0 mask 255.255.255.0
>>  neighbor 20.20.20.20 remote-as 1
>>  neighbor 20.20.20.20 password x
>>  neighbor 20.20.20.20 ebgp-multihop 10
>>  neighbor 20.20.20.20 update-source Loopback1
>>  no auto-summary
>>
>>
>> ASA :
>> ======
>> interface Ethernet0/0
>>  description Connected to R2
>>  nameif outside
>>  security-level 0
>>  ip address 1.1.1.2 255.255.255.0
>> !
>> interface Ethernet0/1
>>  description Connected to R1
>>  nameif inside
>>  security-level 100
>>  ip address 2.2.2.2 255.255.255.0
>>
>>
>> access-list outside-in extended permit icmp any any
>> access-list outside-in extended permit tcp any any eq bgp
>> !
>> tcp-map OPTION19
>>   tcp-options range 19 19 allow
>>
>> pager lines 24
>> logging console debugging
>> logging buffered debugging
>> mtu outside 1500
>> mtu inside 1500
>> no failover
>> icmp unreachable rate-limit 1 burst-size 1
>> icmp permit any outside
>> icmp permit any inside
>> no asdm history enable
>> arp timeout 14400
>> nat-control
>> global (outside) 1 interface
>> nat (inside) 1 0.0.0.0 0.0.0.0
>> static (inside,outside) 11.11.11.11 11.11.11.11 netmask 255.255.255.255
>> access-group outside-in in interface outside
>> !
>> router ospf 1
>>  network 1.1.1.0 255.255.255.0 area 0
>>  log-adj-changes
>>  redistribute rip metric 1 subnets
>> !
>> router rip
>>  network 2.0.0.0
>>  redistribute ospf 1 metric 1
>>  version 2
>>  no auto-summary
>> !
>> class-map BGP_CMAP
>>  match port tcp eq bgp
>> class-map inspection_default
>>  match default-inspection-traffic
>> !
>> !
>> policy-map global_policy
>>  class BGP_CMAP
>>   set connection random-sequence-number disable
>>   set connection advanced-options OPTION19
>>  class inspection_default
>> !
>> service-policy global_policy global
>> prompt hostname priority context
>> Cryptochecksum:65755c185976d9164a0b06eee25f2f42
>>
>>
>> R2 :
>> ======
>>
>> interface Loopback2
>>  ip address 20.20.20.20 255.255.255.255
>> !
>> interface Loopback200
>>  ip address 200.200.200.200 255.255.255.0
>> !
>> interface FastEthernet0/0
>>  ip address 1.1.1.1 255.255.255.0
>>  duplex auto
>>  speed auto
>> !
>> router ospf 1
>>  log-adjacency-changes
>>  network 1.1.1.0 0.0.0.255 area 0
>>  network 20.20.20.20 0.0.0.0 area 1
>> !
>> router bgp 1
>>  no synchronization
>>  bgp log-neighbor-changes
>>  network 200.200.200.0
>>  neighbor 11.11.11.11 remote-as 2
>>  neighbor 11.11.11.11 password x
>>  neighbor 11.11.11.11 ebgp-multihop 10
>>  neighbor 11.11.11.11 update-source Loopback2
>>  no auto-summary
>>
>>
>> ---------------------------------------------------------------------------------------------------------------------------------------
>> Guide me to understand this PING issue for BGP network !!!!
>>
>>
>>
>>
>>
>> _______________________________________________
>> For more information regarding industry leading CCIE Lab training, please
>> visit www.ipexpert.com
>>
>>
>

_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Reply via email to