[c-nsp] Problem w/ Async Dial-Backup
Garry
gkg at gmx.de
Tue Mar 13 09:55:00 EST 2007
Gert Doering wrote:
> Sounds like the *other* devices on the "first side" have no route back
> towards the remote subnet.
>
> Check traceroutes...
>
Traceroutes end up at the local routers on either side, also, normally
there is a VPN-Tunnel between the two routers via local DSL uplinks, so
the base config of the PCs/Servers should be completely in order.
Routes on the router should also be fine:
192.168.1.254:
ip route 192.168.4.0 255.255.255.0 Dialer103 200
192.168.4.254:
ip route 192.168.1.0 255.255.255.0 Dialer103 200
NAT is excluded for anything that is destined to the other side's IPs,
crypto map isn't used for async/dialer interface, access lists aren't
bound to the dialer ... I'm slightly out of ideas ...
Could the "inspect" function be messing with anything?
These inspect-options are configured, with the LAN ethernet having
inspection enabled ... (so it works via DSL/VPN)
ip inspect name LAN ftp
ip inspect name LAN h323
ip inspect name LAN http
ip inspect name LAN netshow
ip inspect name LAN rcmd
ip inspect name LAN realaudio
ip inspect name LAN rtsp
ip inspect name LAN sip
ip inspect name LAN skinny
ip inspect name LAN sqlnet
ip inspect name LAN streamworks
ip inspect name LAN tcp
ip inspect name LAN tftp
ip inspect name LAN vdolive
ip inspect name LAN udp
ip audit po max-events 100
> If you can ping router<->router and even routerA<->remote_boxes_B, the
> IP connectivity / interface setup should be fine.
>
Yup, "should" being the keyword ;)
tnx, -gg
More information about the cisco-nsp
mailing list