ASA has no idea how to route packets destined to 100.100.100.0 and 200.200.200.0 networks.
2010/12/29 kamran shakil <[email protected]> > I will show you all routes : > > ASA output : > ============= > > > C 1.1.1.0 255.255.255.0 is directly connected, outside > C 2.2.2.0 255.255.255.0 is directly connected, inside > O IA 20.20.20.20 255.255.255.255 [110/11] via 1.1.1.1, 0:00:01, outside > R 11.11.11.11 255.255.255.255 [120/1] via 2.2.2.1, 0:00:13, inside > BOX/sec# > > > R1 Output : > =========== > > R1#sh ip ro > Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP > D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area > N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 > E1 - OSPF external type 1, E2 - OSPF external type 2 > i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS > level-2 > ia - IS-IS inter area, * - candidate default, U - per-user static > route > o - ODR, P - periodic downloaded static route > > Gateway of last resort is not set > > B 200.200.200.0/24 [20/0] via 20.20.20.20, 00:00:29 > 1.0.0.0/24 is subnetted, 1 subnets > R 1.1.1.0 [120/1] via 2.2.2.2, 00:00:23, FastEthernet0/1 > 2.0.0.0/24 is subnetted, 1 subnets > C 2.2.2.0 is directly connected, FastEthernet0/1 > 100.0.0.0/24 is subnetted, 1 subnets > C 100.100.100.0 is directly connected, Loopback100 > 20.0.0.0/32 is subnetted, 1 subnets > R 20.20.20.20 [120/1] via 2.2.2.2, 00:00:23, FastEthernet0/1 > 11.0.0.0/32 is subnetted, 1 subnets > C 11.11.11.11 is directly connected, Loopback1 > R1# > > R1#sh ip bgp > BGP table version is 3, local router ID is 100.100.100.100 > Status codes: s suppressed, d damped, h history, * valid, > best, i - > internal, > r RIB-failure, S Stale > Origin codes: i - IGP, e - EGP, ? - incomplete > > Network Next Hop Metric LocPrf Weight Path > *> 100.100.100.0/24 0.0.0.0 0 32768 i > *> 200.200.200.0 20.20.20.20 0 0 1 i > R1# > > > > R2 Output : > ============ > > R2#sh ip ro > Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP > D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area > N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 > E1 - OSPF external type 1, E2 - OSPF external type 2 > i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS > level-2 > ia - IS-IS inter area, * - candidate default, U - per-user static > route > o - ODR, P - periodic downloaded static route > > Gateway of last resort is not set > > C 200.200.200.0/24 is directly connected, Loopback200 > 1.0.0.0/24 is subnetted, 1 subnets > C 1.1.1.0 is directly connected, FastEthernet0/0 > 2.0.0.0/24 is subnetted, 1 subnets > O E2 2.2.2.0 [110/1] via 1.1.1.2, 00:02:08, FastEthernet0/0 > 100.0.0.0/24 is subnetted, 1 subnets > B 100.100.100.0 [20/0] via 11.11.11.11, 00:01:25 > 20.0.0.0/32 is subnetted, 1 subnets > C 20.20.20.20 is directly connected, Loopback2 > 11.0.0.0/32 is subnetted, 1 subnets > O E2 11.11.11.11 [110/1] via 1.1.1.2, 00:02:08, FastEthernet0/0 > R2# > > > R2#sh ip bgp > BGP table version is 3, local router ID is 200.200.200.200 > Status codes: s suppressed, d damped, h history, * valid, > best, i - > internal, > r RIB-failure, S Stale > Origin codes: i - IGP, e - EGP, ? - incomplete > > Network Next Hop Metric LocPrf Weight Path > *> 100.100.100.0/24 11.11.11.11 0 0 2 i > *> 200.200.200.0 0.0.0.0 0 32768 i > R2# > > > > > > > On Wed, Dec 29, 2010 at 7:09 PM, Piotr Matusiak <[email protected]> wrote: > >> Do you see BGP routes in RIB? Can you send >> sho ip bgp >> sho ip route >> >> 2010/12/29 kamran shakil <[email protected]> >> >>> Dears, >>> I am seriously confused here .... i made a very simple setup to test BGP >>> between 2 routers , putting 1 ASA in the middle and was doing the lab, that >>> finally i noticed something strang ??? my ROUTES are all OK , i can learn >>> routes on the remote routers thru ASA, and i did the TCP-OPTIONS and also >>> RANDOM SEQ. disable, and since nat-control was enabled, I also did the >>> static IDENTITY NAT .... but PING is not working............................ >>> !!! I am pasting the configs.. >>> >>> " EXPERTS....guide me ..plz " >>> >>> >>> * R1 -- > ASA ---- R2 >>> * >>> >>> >>> R1 : >>> === >>> interface Loopback1 >>> ip address 11.11.11.11 255.255.255.255 >>> ! >>> interface Loopback100 >>> ip address 100.100.100.100 255.255.255.0 >>> ! >>> interface FastEthernet0/1 >>> ip address 2.2.2.1 255.255.255.0 >>> duplex auto >>> speed auto >>> ! >>> router rip >>> version 2 >>> network 2.0.0.0 >>> network 11.0.0.0 >>> no auto-summary >>> ! >>> router bgp 2 >>> no synchronization >>> bgp log-neighbor-changes >>> network 100.100.100.0 mask 255.255.255.0 >>> neighbor 20.20.20.20 remote-as 1 >>> neighbor 20.20.20.20 password x >>> neighbor 20.20.20.20 ebgp-multihop 10 >>> neighbor 20.20.20.20 update-source Loopback1 >>> no auto-summary >>> >>> >>> ASA : >>> ====== >>> interface Ethernet0/0 >>> description Connected to R2 >>> nameif outside >>> security-level 0 >>> ip address 1.1.1.2 255.255.255.0 >>> ! >>> interface Ethernet0/1 >>> description Connected to R1 >>> nameif inside >>> security-level 100 >>> ip address 2.2.2.2 255.255.255.0 >>> >>> >>> access-list outside-in extended permit icmp any any >>> access-list outside-in extended permit tcp any any eq bgp >>> ! >>> tcp-map OPTION19 >>> tcp-options range 19 19 allow >>> >>> pager lines 24 >>> logging console debugging >>> logging buffered debugging >>> mtu outside 1500 >>> mtu inside 1500 >>> no failover >>> icmp unreachable rate-limit 1 burst-size 1 >>> icmp permit any outside >>> icmp permit any inside >>> no asdm history enable >>> arp timeout 14400 >>> nat-control >>> global (outside) 1 interface >>> nat (inside) 1 0.0.0.0 0.0.0.0 >>> static (inside,outside) 11.11.11.11 11.11.11.11 netmask 255.255.255.255 >>> access-group outside-in in interface outside >>> ! >>> router ospf 1 >>> network 1.1.1.0 255.255.255.0 area 0 >>> log-adj-changes >>> redistribute rip metric 1 subnets >>> ! >>> router rip >>> network 2.0.0.0 >>> redistribute ospf 1 metric 1 >>> version 2 >>> no auto-summary >>> ! >>> class-map BGP_CMAP >>> match port tcp eq bgp >>> class-map inspection_default >>> match default-inspection-traffic >>> ! >>> ! >>> policy-map global_policy >>> class BGP_CMAP >>> set connection random-sequence-number disable >>> set connection advanced-options OPTION19 >>> class inspection_default >>> ! >>> service-policy global_policy global >>> prompt hostname priority context >>> Cryptochecksum:65755c185976d9164a0b06eee25f2f42 >>> >>> >>> R2 : >>> ====== >>> >>> interface Loopback2 >>> ip address 20.20.20.20 255.255.255.255 >>> ! >>> interface Loopback200 >>> ip address 200.200.200.200 255.255.255.0 >>> ! >>> interface FastEthernet0/0 >>> ip address 1.1.1.1 255.255.255.0 >>> duplex auto >>> speed auto >>> ! >>> router ospf 1 >>> log-adjacency-changes >>> network 1.1.1.0 0.0.0.255 area 0 >>> network 20.20.20.20 0.0.0.0 area 1 >>> ! >>> router bgp 1 >>> no synchronization >>> bgp log-neighbor-changes >>> network 200.200.200.0 >>> neighbor 11.11.11.11 remote-as 2 >>> neighbor 11.11.11.11 password x >>> neighbor 11.11.11.11 ebgp-multihop 10 >>> neighbor 11.11.11.11 update-source Loopback2 >>> no auto-summary >>> >>> >>> --------------------------------------------------------------------------------------------------------------------------------------- >>> Guide me to understand this PING issue for BGP network !!!! >>> >>> >>> >>> >>> >>> _______________________________________________ >>> For more information regarding industry leading CCIE Lab training, please >>> visit www.ipexpert.com >>> >>> >> >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
