From: hcb@gettcomm.com
Date: Fri Sep 10 2004 - 10:55:07 GMT-3
Quoting Richard Dumoulin <Richard.Dumoulin@vanco.fr>:
> I have just had a look at the looking glass and since the /19 network is
> there and all the sites are in the same range I really can't think of what
> can be the issue. There are even two remote sites, one working (.17) and the
> other not working (.18) only separated by the ISP POP !
> Also I have noticed that the isakmp packet answers from the main site are
> not reaching my remote.
> Those sites have been working for several months now and I can't really
> think of what could be wrong.
> The ISP on the remote sites side thinks it's an issue with the other end ISP
> but he can't explain why so ...
>
> Something to note is that the traceroute (in the direction Remote --> Hub)
> fails in the router immediately connected to the main hub router,
>
That makes it sound either like an access control list problem (more likely), or
that router can't find a return path to you. If you can ping it but not
traceroute to it, that becomes even more likely.
> -----Message d'origine-----
> De : Howard C. Berkowitz [mailto:hcb@gettcomm.com]
> Envoyi : Friday, September 10, 2004 2:12 AM
> @ : ccielab@groupstudy.com
> Objet : Re: FIB issue ?
>
> At 12:42 AM +0100 9/10/04, Richard Dumoulin wrote:
> >For those who work in an ISP, is it common to have issues with a forwarding
> >table of an Internet router ?
> >I am asking because I am having issues with 7 sites out of 30 that are not
> >properly negociating their IPSec tunnel. All they have in common is the
> >trace route not working in the direction to the Main hub. Trace route works
> >fine for the remaining sites. Ping works for all the working/non-working
> >sites.
> >So I am starting to think that maybe one of the transit Internet router
> >might need a refresh in their cache.
>
> If ping works but traceroute doesn't, I'd suspect an outbound (from
> you) UDP filter, or an ICMP filter somewhere in the reverse path.
> Does traceroute get you partially there? If so, suspect the next hop
> after the last router you can reach.
>
> Since an ISP of any appreciable size using Cisco routers, at least,
> should be using CEF, there's really no concept of a cache miss. The
> main BGP RIB could, for some reason, be missing the route.
>
> Does your service provider have a looking glass, or will their
> support people give you the results of show route for the routes in
> question?
>
>
>
> >I would appreciate any opinion,
> >
> >Thanks
> >
> >--Richard
>
> _______________________________________________________________________
> Please help support GroupStudy by purchasing your study materials from:
> http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
> **********************************************************************
> Any opinions expressed in the email are those of the individual and not
> necessarily the company. This email and any files transmitted with it are
> confidential and solely for the use of the intended recipient. If you are
> not
> the intended recipient or the person responsible for delivering it to the
> intended recipient, be advised that you have received this email in error and
> that any dissemination, distribution, copying or use is strictly prohibited.
>
> If you have received this email in error, or if you are concerned with the
> content of this email please e-mail to: e-security.support@vanco.info
>
> The contents of an attachment to this e-mail may contain software viruses
> which could damage your own computer system. While the sender has taken every
> reasonable precaution to minimise this risk, we cannot accept liability for
> any damage which you sustain as a result of software viruses. You should
> carry
> out your own virus checks before opening any attachments to this e-mail.
> **********************************************************************
>
> _______________________________________________________________________
> Please help support GroupStudy by purchasing your study materials from:
> http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Fri Oct 01 2004 - 15:00:41 GMT-3