A one ping success with future failures can be caused by the router doing fast switching rather than process switching. That first packet gets process switched then the route is put in the cache for fast switching. Then for whatever reason fast switching fails. Once the cache entry is flushed due to aging a single packet will again get through. The one case where I have experience was caused by a bug in the IOS. It was an early version of 12.0 and it was a 2600. > -----Original Message----- > From: John Hardman [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, June 07, 2000 12:13 AM > To: [EMAIL PROTECTED] > Subject: OT: Strange connectivity problem with NAT > > > Hi All... > > Well I'm at a frustrating point in troubleshooting this one, > any help would > be nice! I gernally would not post a problem here, but since > it does involve > NAT maybe we all can learn from this one. > > I am not going to try ASCII art to do a diagram, but here is > the layout. > > any host on private LAN --> Cat 2924 with two VLANs private > host on VLAN > 1 --> 2611 e0/0 (NAT inside on VLAN 1) --> e0/1 (NAT outside > overloaded on > VLAN 2) --> 4500 e1 --> 4500 e0 (DMZ) (e0 is in the same 2924 > on VLAN 2) --> > Solaris 2.6 server or NT 4 server (either one, they are both > there on VLAN > 2). > > Here is the problem, if I ping either the Sun or the NT > server I get one > reply and then nothing but timeouts. Wait a minute or less > and ping again, > one reply then timeouts. This is typical for all > connectivity, WWW, telnet, > SSH, etc. Now here's the kicker, if I ping any other host on > the DMZ subnet > no problems at all. If I ping from the routers no problems, > if I ping from > any of the other hosts in the DMZ or from the Internet, again > no problems. > There only two differences between the Sun and NT server and > the rest of the > hosts on the DMZ, they are in a different room. > > Some of the things I have tried: > > 1) Remove all ACLs, no change > 2) Re-run the drops, change all cables, no change > 3) change ports on the switch, no change > 4) Reload the switch, and routers, reboot the servers, no change > > Some things I have thought it might be: > > 1) known issue with Sun 2.6, but the problem is also on the > NT server... > 2) bug in the NAT on the 2611 > 3) I am blessed with the strangest problems! > > TIA > > Here are the config's sorry for the length... > > 2924:-------------------------- > Current configuration: > ! > version 12.0 > no service pad > service timestamps debug uptime > service timestamps log uptime > service password-encryption > ! > hostname c2924 > ! > enable secret xxx > ! > username xxx privilege 15 password xxxx > username xxx privilege 15 password xxxx > ! > ip subnet-zero > ip host tftp 192.168.0.4 > ! > interface FastEthernet0/1 > spanning-tree portfast > ! > interface FastEthernet0/2 > spanning-tree portfast > ! > interface FastEthernet0/3 > spanning-tree portfast > ! > interface FastEthernet0/4 > spanning-tree portfast > ! > interface FastEthernet0/5 > spanning-tree portfast > ! > interface FastEthernet0/6 > spanning-tree portfast > ! > interface FastEthernet0/7 > spanning-tree portfast > ! > interface FastEthernet0/8 > spanning-tree portfast > ! > interface FastEthernet0/9 > spanning-tree portfast > ! > interface FastEthernet0/10 > spanning-tree portfast > ! > interface FastEthernet0/11 > spanning-tree portfast > ! > interface FastEthernet0/12 > spanning-tree portfast > ! > interface FastEthernet0/13 > spanning-tree portfast > ! > interface FastEthernet0/14 > ! > interface FastEthernet0/15 > switchport access vlan 2 > spanning-tree portfast > ! > interface FastEthernet0/16 > switchport access vlan 2 > ! > interface FastEthernet0/17 > switchport access vlan 2 > spanning-tree portfast > ! > interface FastEthernet0/18 > switchport access vlan 2 > ! > interface FastEthernet0/19 > switchport access vlan 2 > ! > interface FastEthernet0/20 > switchport access vlan 2 > ! > interface FastEthernet0/21 > switchport access vlan 2 > ! > interface FastEthernet0/22 > switchport access vlan 2 > ! > interface FastEthernet0/23 > switchport access vlan 2 > ! > interface FastEthernet0/24 > switchport access vlan 2 > ! > interface VLAN1 > ip address 192.168.0.47 255.255.255.0 > no ip directed-broadcast > no ip route-cache > ! > interface VLAN2 > ip address x.x.x.x 255.255.255.0 > no ip directed-broadcast > no ip route-cache > ! > ip default-gateway 192.168.0.1 > logging 192.168.0.4 > snmp-server engineID local 0000000902000001424B7980 > snmp-server community xxx RO > snmp-server chassis-id 0x0E > ! > line con 0 > login local > transport input none > stopbits 1 > line vty 0 4 > exec-timeout 0 0 > login local > line vty 5 9 > exec-timeout 0 0 > login local > ! > ntp clock-period 22518021 > ntp server x.x.x.x > end > END 2924---------------------- > > Begin 2611---------------------- > Current configuration: > ! > version 12.1 > service timestamps debug uptime > service timestamps log uptime > service password-encryption > ! > hostname office-gw > ! > boot system flash c2600-io3-mz.121-2.bin > enable secret 5 xxx > ! > username xxx privilege 15 password xxx > username xxx privilege 15 password xxx > ! > ip subnet-zero > no ip domain-lookup > ip host tftp 192.168.0.4 > ! > ip audit notify log > ip audit po max-events 100 > ! > interface Ethernet0/0 > ip address 192.168.0.1 255.255.255.0 > ip nat inside > ! > interface Serial0/0 > no ip address > service-module t1 clock source internal > shutdown > ! > interface Ethernet0/1 > ip address a.a.a.a 255.255.255.248 > ip nat outside > ! > interface Serial0/1 > no ip address > shutdown > ! > ip nat inside source list 78 interface Ethernet0/1 overload > ip nat inside source static tcp 192.168.0.x 110 interface > Ethernet0/1 110 > ip nat inside source static tcp 192.168.0.x 25 interface > Ethernet0/1 25 > ip nat inside source static tcp 192.168.0.x 143 interface > Ethernet0/1 143 > ip classless > ip route 0.0.0.0 0.0.0.0 Ethernet0/1 > no ip http server > ! > access-list 78 permit 192.168.0.0 0.0.0.255 > snmp-server engineID local 00000009020000B0647DB6E0 > snmp-server community xxx RW > snmp-server packetsize 2048 > ! > line con 0 > exec-timeout 0 0 > login local > transport input none > line aux 0 > line vty 0 4 > exec-timeout 0 0 > login local > ! > no scheduler allocate > end > END 2611-------------------- > > Begin 4500------------------- > version 12.0 > service timestamps debug uptime > service timestamps log uptime > service password-encryption > ! > hostname xxx > ! > boot system flash c4500-is-mz.120-8.bin > enable secret 5 xxx > ! > username xxx privilege 15 password xxx > username xxx privilege 15 password xxx > ip subnet-zero > no ip domain-lookup > ! > interface Ethernet0 > description DMZ > ip address b.b.b.b 255.255.255.0 > no ip directed-broadcast > media-type 10BaseT > ! > interface Ethernet1 > description Arristech LAN > ip address a.a.a.a 255.255.255.248 > no ip directed-broadcast > media-type 10BaseT > ! > interface Serial0 > no ip address > no ip directed-broadcast > shutdown > no fair-queue > ! > interface Serial1 > no ip address > no ip directed-broadcast > encapsulation frame-relay > no fair-queue > ! > interface Serial1.16 point-to-point > ip address c.c.c.c 255.255.255.252 > no ip directed-broadcast > frame-relay interface-dlci 16 > ! > interface Serial2 > no ip address > no ip directed-broadcast > encapsulation frame-relay > ! > interface Serial2.16 point-to-point > ip address x.x.x.x 255.255.255.252 > no ip directed-broadcast > frame-relay interface-dlci 16 > ! > interface Serial2.17 point-to-point > no ip directed-broadcast > frame-relay interface-dlci 17 > ! > interface Serial2.18 point-to-point > no ip directed-broadcast > frame-relay interface-dlci 18 > ! > interface Serial3 > ip address x.x.x.x 255.255.255.252 > no ip directed-broadcast > encapsulation ppp > no fair-queue > ! > ip classless > ip route 0.0.0.0 0.0.0.0 Serial1.16 > ip route x.x.x.x 255.255.255.248 x.x.x.x > ip route x.x.x.x 255.255.255.248 x.x.x.x > ip route x.x.x.x 255.255.255.224 x.x.x.x > ! > snmp-server community xxx RO > ! > line con 0 > exec-timeout 0 0 > password xxx > login local > transport input none > line aux 0 > line vty 0 4 > exec-timeout 0 0 > password xxx > login local > ! > end > END 4500---------------- > -- > John Hardman, MCSE+I, CCNA > ArrisTech/CCS-IS SysAdmin > > > > > ___________________________________ > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: http://www.groupstudy.com > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > ___________________________________ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
