ASA can ping R1 and R2 those loopbacks which are coming thru IGP , and ASA cannot ping those loopbacks which are only advertised in BGP ???? How to resolve this ? can this be possible in CCIE SEC. Exam ????
On Wed, Dec 29, 2010 at 9:31 PM, kamran shakil <[email protected]>wrote: > ASA can ping R1 and R2 those loopbacks which are coming thru IGP , and ASA > cannot ping those loopbacks which are only advertised in BGP ???? How to > resolve this ? can this be possible in CCIE SEC. Exam ???? > > On Wed, Dec 29, 2010 at 9:22 PM, kamran shakil > <[email protected]>wrote: > >> so where exactly is the mistrake or any suggestion you can make or give me >> ???? >> >> i sent the configs before as well ! Plz note that there is no error coming >> of authenticatino or tcp packet random seq ..... >> >> >> On Wed, Dec 29, 2010 at 9:19 PM, Piotr Matusiak <[email protected]> wrote: >> >>> ASA has no idea how to route packets destined to 100.100.100.0 and >>> 200.200.200.0 networks. >>> >>> >>> >>> 2010/12/29 kamran shakil <[email protected]> >>> >>>> I will show you all routes : >>>> >>>> ASA output : >>>> ============= >>>> >>>> >>>> C 1.1.1.0 255.255.255.0 is directly connected, outside >>>> C 2.2.2.0 255.255.255.0 is directly connected, inside >>>> O IA 20.20.20.20 255.255.255.255 [110/11] via 1.1.1.1, 0:00:01, outside >>>> R 11.11.11.11 255.255.255.255 [120/1] via 2.2.2.1, 0:00:13, inside >>>> BOX/sec# >>>> >>>> >>>> R1 Output : >>>> =========== >>>> >>>> R1#sh ip ro >>>> Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP >>>> D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area >>>> N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 >>>> E1 - OSPF external type 1, E2 - OSPF external type 2 >>>> i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS >>>> level-2 >>>> ia - IS-IS inter area, * - candidate default, U - per-user static >>>> route >>>> o - ODR, P - periodic downloaded static route >>>> >>>> Gateway of last resort is not set >>>> >>>> B 200.200.200.0/24 [20/0] via 20.20.20.20, 00:00:29 >>>> 1.0.0.0/24 is subnetted, 1 subnets >>>> R 1.1.1.0 [120/1] via 2.2.2.2, 00:00:23, FastEthernet0/1 >>>> 2.0.0.0/24 is subnetted, 1 subnets >>>> C 2.2.2.0 is directly connected, FastEthernet0/1 >>>> 100.0.0.0/24 is subnetted, 1 subnets >>>> C 100.100.100.0 is directly connected, Loopback100 >>>> 20.0.0.0/32 is subnetted, 1 subnets >>>> R 20.20.20.20 [120/1] via 2.2.2.2, 00:00:23, FastEthernet0/1 >>>> 11.0.0.0/32 is subnetted, 1 subnets >>>> C 11.11.11.11 is directly connected, Loopback1 >>>> R1# >>>> >>>> R1#sh ip bgp >>>> BGP table version is 3, local router ID is 100.100.100.100 >>>> Status codes: s suppressed, d damped, h history, * valid, > best, i - >>>> internal, >>>> r RIB-failure, S Stale >>>> Origin codes: i - IGP, e - EGP, ? - incomplete >>>> >>>> Network Next Hop Metric LocPrf Weight Path >>>> *> 100.100.100.0/24 0.0.0.0 0 32768 i >>>> *> 200.200.200.0 20.20.20.20 0 0 1 i >>>> R1# >>>> >>>> >>>> >>>> R2 Output : >>>> ============ >>>> >>>> R2#sh ip ro >>>> Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP >>>> D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area >>>> N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 >>>> E1 - OSPF external type 1, E2 - OSPF external type 2 >>>> i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS >>>> level-2 >>>> ia - IS-IS inter area, * - candidate default, U - per-user static >>>> route >>>> o - ODR, P - periodic downloaded static route >>>> >>>> Gateway of last resort is not set >>>> >>>> C 200.200.200.0/24 is directly connected, Loopback200 >>>> 1.0.0.0/24 is subnetted, 1 subnets >>>> C 1.1.1.0 is directly connected, FastEthernet0/0 >>>> 2.0.0.0/24 is subnetted, 1 subnets >>>> O E2 2.2.2.0 [110/1] via 1.1.1.2, 00:02:08, FastEthernet0/0 >>>> 100.0.0.0/24 is subnetted, 1 subnets >>>> B 100.100.100.0 [20/0] via 11.11.11.11, 00:01:25 >>>> 20.0.0.0/32 is subnetted, 1 subnets >>>> C 20.20.20.20 is directly connected, Loopback2 >>>> 11.0.0.0/32 is subnetted, 1 subnets >>>> O E2 11.11.11.11 [110/1] via 1.1.1.2, 00:02:08, FastEthernet0/0 >>>> R2# >>>> >>>> >>>> R2#sh ip bgp >>>> BGP table version is 3, local router ID is 200.200.200.200 >>>> Status codes: s suppressed, d damped, h history, * valid, > best, i - >>>> internal, >>>> r RIB-failure, S Stale >>>> Origin codes: i - IGP, e - EGP, ? - incomplete >>>> >>>> Network Next Hop Metric LocPrf Weight Path >>>> *> 100.100.100.0/24 11.11.11.11 0 0 2 i >>>> *> 200.200.200.0 0.0.0.0 0 32768 i >>>> R2# >>>> >>>> >>>> >>>> >>>> >>>> >>>> On Wed, Dec 29, 2010 at 7:09 PM, Piotr Matusiak <[email protected]> wrote: >>>> >>>>> Do you see BGP routes in RIB? Can you send >>>>> sho ip bgp >>>>> sho ip route >>>>> >>>>> 2010/12/29 kamran shakil <[email protected]> >>>>> >>>>>> Dears, >>>>>> I am seriously confused here .... i made a very simple setup to test >>>>>> BGP between 2 routers , putting 1 ASA in the middle and was doing the >>>>>> lab, >>>>>> that finally i noticed something strang ??? my ROUTES are all OK , i can >>>>>> learn routes on the remote routers thru ASA, and i did the TCP-OPTIONS >>>>>> and >>>>>> also RANDOM SEQ. disable, and since nat-control was enabled, I also did >>>>>> the >>>>>> static IDENTITY NAT .... but PING is not >>>>>> working............................ >>>>>> !!! I am pasting the configs.. >>>>>> >>>>>> " EXPERTS....guide me ..plz " >>>>>> >>>>>> >>>>>> * R1 -- > ASA ---- R2 >>>>>> * >>>>>> >>>>>> >>>>>> R1 : >>>>>> === >>>>>> interface Loopback1 >>>>>> ip address 11.11.11.11 255.255.255.255 >>>>>> ! >>>>>> interface Loopback100 >>>>>> ip address 100.100.100.100 255.255.255.0 >>>>>> ! >>>>>> interface FastEthernet0/1 >>>>>> ip address 2.2.2.1 255.255.255.0 >>>>>> duplex auto >>>>>> speed auto >>>>>> ! >>>>>> router rip >>>>>> version 2 >>>>>> network 2.0.0.0 >>>>>> network 11.0.0.0 >>>>>> no auto-summary >>>>>> ! >>>>>> router bgp 2 >>>>>> no synchronization >>>>>> bgp log-neighbor-changes >>>>>> network 100.100.100.0 mask 255.255.255.0 >>>>>> neighbor 20.20.20.20 remote-as 1 >>>>>> neighbor 20.20.20.20 password x >>>>>> neighbor 20.20.20.20 ebgp-multihop 10 >>>>>> neighbor 20.20.20.20 update-source Loopback1 >>>>>> no auto-summary >>>>>> >>>>>> >>>>>> ASA : >>>>>> ====== >>>>>> interface Ethernet0/0 >>>>>> description Connected to R2 >>>>>> nameif outside >>>>>> security-level 0 >>>>>> ip address 1.1.1.2 255.255.255.0 >>>>>> ! >>>>>> interface Ethernet0/1 >>>>>> description Connected to R1 >>>>>> nameif inside >>>>>> security-level 100 >>>>>> ip address 2.2.2.2 255.255.255.0 >>>>>> >>>>>> >>>>>> access-list outside-in extended permit icmp any any >>>>>> access-list outside-in extended permit tcp any any eq bgp >>>>>> ! >>>>>> tcp-map OPTION19 >>>>>> tcp-options range 19 19 allow >>>>>> >>>>>> pager lines 24 >>>>>> logging console debugging >>>>>> logging buffered debugging >>>>>> mtu outside 1500 >>>>>> mtu inside 1500 >>>>>> no failover >>>>>> icmp unreachable rate-limit 1 burst-size 1 >>>>>> icmp permit any outside >>>>>> icmp permit any inside >>>>>> no asdm history enable >>>>>> arp timeout 14400 >>>>>> nat-control >>>>>> global (outside) 1 interface >>>>>> nat (inside) 1 0.0.0.0 0.0.0.0 >>>>>> static (inside,outside) 11.11.11.11 11.11.11.11 netmask >>>>>> 255.255.255.255 >>>>>> access-group outside-in in interface outside >>>>>> ! >>>>>> router ospf 1 >>>>>> network 1.1.1.0 255.255.255.0 area 0 >>>>>> log-adj-changes >>>>>> redistribute rip metric 1 subnets >>>>>> ! >>>>>> router rip >>>>>> network 2.0.0.0 >>>>>> redistribute ospf 1 metric 1 >>>>>> version 2 >>>>>> no auto-summary >>>>>> ! >>>>>> class-map BGP_CMAP >>>>>> match port tcp eq bgp >>>>>> class-map inspection_default >>>>>> match default-inspection-traffic >>>>>> ! >>>>>> ! >>>>>> policy-map global_policy >>>>>> class BGP_CMAP >>>>>> set connection random-sequence-number disable >>>>>> set connection advanced-options OPTION19 >>>>>> class inspection_default >>>>>> ! >>>>>> service-policy global_policy global >>>>>> prompt hostname priority context >>>>>> Cryptochecksum:65755c185976d9164a0b06eee25f2f42 >>>>>> >>>>>> >>>>>> R2 : >>>>>> ====== >>>>>> >>>>>> interface Loopback2 >>>>>> ip address 20.20.20.20 255.255.255.255 >>>>>> ! >>>>>> interface Loopback200 >>>>>> ip address 200.200.200.200 255.255.255.0 >>>>>> ! >>>>>> interface FastEthernet0/0 >>>>>> ip address 1.1.1.1 255.255.255.0 >>>>>> duplex auto >>>>>> speed auto >>>>>> ! >>>>>> router ospf 1 >>>>>> log-adjacency-changes >>>>>> network 1.1.1.0 0.0.0.255 area 0 >>>>>> network 20.20.20.20 0.0.0.0 area 1 >>>>>> ! >>>>>> router bgp 1 >>>>>> no synchronization >>>>>> bgp log-neighbor-changes >>>>>> network 200.200.200.0 >>>>>> neighbor 11.11.11.11 remote-as 2 >>>>>> neighbor 11.11.11.11 password x >>>>>> neighbor 11.11.11.11 ebgp-multihop 10 >>>>>> neighbor 11.11.11.11 update-source Loopback2 >>>>>> no auto-summary >>>>>> >>>>>> >>>>>> --------------------------------------------------------------------------------------------------------------------------------------- >>>>>> Guide me to understand this PING issue for BGP network !!!! >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> For more information regarding industry leading CCIE Lab training, >>>>>> please visit www.ipexpert.com >>>>>> >>>>>> >>>>> >>>> >>> >> >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
