You absolutely need that route statement in the Mexican router. What I was suggesting is that you remove that ip address from the FastEthernet 0/1 interface of the Mexico router. It is no longer used in that router and might cause confusion. Most likely your local workstation is on the 192.168.100.0 subnet in SC-SAN. Now that Mexico doesn't have a route back to you - you are disconnected. Can you move to a workstation in the 172.29.10.0 subnet? Telnet to the Mexico router should work from there.
I may have time to look at the configs of your other routers this weekend. > -----Original Message----- > From: CTM CTM [mailto:[EMAIL PROTECTED]] > Sent: Thursday, September 19, 2002 10:17 AM > To: [EMAIL PROTECTED] > Subject: RE: Two Interfaces = Extremely Slow Ping [7:53266] > > > Hi, > > I removed the "ip http server" from all routers. > I also removed the "ip nat inside" from the first Mexico router. > So far so good. > But when I did a "no ip route 192.168.100.0 255.255.255.0 > Serial0/0:0.300" I > immediatly lost connection to the router and am now trying to > reach someone > down there to reboot it > not good, as it should have been issued for 192.168.100.20 > > So still working on clean up for that box. > > In Amsterdam: > I could really, really use a VPN connection between 172.29.30.0 and > 172.29.10.0 subnets so will look at that while I wait for the > Mexico router > to be rebooted. > > (yes, somewhat over my head here, but shall persevere) > > > Daniel Cotts wrote: > > > > You have a static NAT translation for 192.168.100.20 on both > > routers. I'd > > suggest removing it from the Mexican router. > > > > You haven't said whether or not you are doing standard or > > extended pings. > > Whether you are pinging from a host or the routers. > > Do a traceroute when the pings are fast and when they are slow. > > See where > > the packets are going. You might want to do a "sh ip route" in > > each > > condition. > > Some small housekeeping: > > Mexican router: > > I see no need for the "ip nat inside" on the Serial0/0:0.300 > > subinterface. > > Nothing from that interface meets the conditions of access-list > > 101. > > You can remove the "ip policy route-map nonat from > > subinterfaces 0/0:0.300 > > and 0/0:0.301 . There is no route-map in the config. > > You have 192.168.100.0 on F0/1 (shutdown) in Mexico. You have > > 192.168.100.0 > > on F0/1 in SC-SAN. You still have a NAT static in Mexico for the > > 192.168.100.20 host. Might be good to remove that static > > mapping and remove > > the unused address completely from the interface to avoid > > confusion. > > "ip http server" can be a security hole. > > > > SC-SAN router: > > VPN connection to 172.29.30.0 uses access list 100 to define > > allowed > > traffic. I don't understand the first line of that list. Does > > it refer to > > the NAT pool of addresses? If so, how do they work inside? If > > not, who are > > they? Who is really allowed access to 172.29.30.0? > > Again the ip policy and route-map statements aren't doing > > anything. There is > > an issue that could use a route-map. The users in 172.29.30.0 > > can't reach > > the statically NATed servers 192.168.100.20 & 135 over the VPN. > > There is a > > way to solve that problem (if it is a problem.) > > Keep us posted on your progress. I would like to know the > > solution. > > > > > -----Original Message----- > > > From: Sammi Dog [mailto:[EMAIL PROTECTED]] > > > Sent: Friday, September 13, 2002 5:23 PM > > > To: [EMAIL PROTECTED] > > > Subject: Re: Two Interfaces = Extremely Slow Ping [7:53266] > > > > > > > > > I would appreciate any and all comments. > > > > > > >From: "Chris McNally" > >Hi all, > >We have one router in > > > the U.S. and > > > > one in Mexico. They are connected to each >other via frame > > > relay and they > > > > each have their own internet portal. >When the Mexico > > router is > > > > disconnected from its internet interface the ping >returns > > > between U.S. > > > > are averaging 70ms but when they plug in their internet > > > >side the ping > > > > returns shoot above 500ms and often hit 800. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53637&t=53266 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
