Question cannot ping connected LANs

Jul 22, 2019
3
0
10
Hello

For some reason, I am not able to ping PCs in either side of LANs. I am able to ping routers and PCs from router, but not from PC to PC. My network is very simple with two sites in different cities, connected with L3 MPLS. The Routers are Cisco 2911

Site A: 172.17.1.0/24 (Router IP = 172.17.1.1)
Site B: 172.17.2.0/24 (Router IP = 172.17.2.1)
Ping from Router (172.17.2.1) to 172.17.1.51 is fine
Ping from Router 172.17.1.1 to 172.17.2.5 is fine


But when I ping from 172.17.2.5 (PC in Site B) to 172.17.1.51 (PC in Site A), it does not work. One more thing that I have noticed that even I am able to ping PCs from router but cannot ping router from PCs. For example I can ping 172.17.1.229 from 172.17.2.1 (Router of Site B) but I cannot do the reverse.
Router A configuration is

!
version 15.7
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
no service dhcp
!
hostname HAC-HO-EDGE-001
!
boot-start-marker
boot system flash0:c2900-universalk9-mz.SPA.157-3.M3.bin
boot-end-marker
!
!
no logging console
enable secret 5 $1$NHHS$goVblBuuV9P.fJsxV8x2J.
enable password 7
!
aaa new-model
!
!
!
!
!
!
!
!
aaa session-id common
clock timezone UTC 5 0
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!


!
!
!
!
ip domain name HACAGRI.LOCAL
ip name-server 210.2.181.7
ip name-server 210.2.177.6
ip cef
no ipv6 cef
multilink bundle-name authenticated
!
!
domain HACAGRI.LOCAL
!
cts logging verbose
!
!
license udi pid CISCO2911/K9 sn FCZ191361SF
!
!
vtp mode client
vtp version 2
username shaaz privilege 15 password 7
!
redundancy
!
!
!
!
!
!
interface Loopback0
ip address 203.223.169.162 255.255.255.248
ip nat outside
ip virtual-reassembly in
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
ip address 172.17.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/0.1025
encapsulation dot1Q 1025
!
interface GigabitEthernet0/1
no ip address
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1.1014
description Jazz-Backup-Data Link
encapsulation dot1Q 1014
ip address 10.5.206.148 255.255.255.248
ip virtual-reassembly in
!
interface GigabitEthernet0/1.1018
encapsulation dot1Q 1018
ip address 10.5.206.156 255.255.255.248
!
interface GigabitEthernet0/2
no ip address
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/2.1024
description Jazz-Primary-Data Link
encapsulation dot1Q 1024
ip address 10.5.205.234 255.255.255.248
ip nat outside
ip virtual-reassembly in
!
interface GigabitEthernet0/2.1025
description Jazz-Primary-Internet Link
encapsulation dot1Q 1025
ip address 10.5.205.242 255.255.255.248
ip nat outside
ip virtual-reassembly in
!
!
router bgp 64933
bgp log-neighbor-changes
neighbor 10.5.205.233 remote-as 23966
neighbor 10.5.205.233 password
neighbor 10.5.205.241 remote-as 23966
neighbor 10.5.205.241 description "Jazz-eBGP-Primary"
neighbor 10.5.205.241 password
neighbor 10.5.205.241 version 4
neighbor 10.5.205.241 timers 10 30
neighbor 10.5.206.145 remote-as 23966
neighbor 10.5.206.145 description "Jazz-eBGP-Backup"
neighbor 10.5.206.145 password
neighbor 10.5.206.145 version 4
!
address-family ipv4
network 172.17.1.0 mask 255.255.255.0
network 203.223.169.160 mask 255.255.255.248
neighbor 10.5.205.233 activate
neighbor 10.5.205.233 soft-reconfiguration inbound
neighbor 10.5.205.233 route-map VPN-in-peer-Jazz in
neighbor 10.5.205.233 route-map out-VPN-peer-Jazz out
neighbor 10.5.205.241 activate
neighbor 10.5.205.241 soft-reconfiguration inbound
neighbor 10.5.205.241 route-map in-peer-Jazz in
neighbor 10.5.205.241 route-map out-peer-Jazz out
neighbor 10.5.206.145 activate
neighbor 10.5.206.145 soft-reconfiguration inbound
neighbor 10.5.206.145 route-map in-peer-Jazz-bkup in
neighbor 10.5.206.145 route-map out-peer-Jazz-bkup out
exit-address-family
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source list 1 interface Loopback0 overload
ip nat inside source static tcp 172.17.1.53 25 203.223.169.162 25 extendable
ip nat inside source static tcp 172.17.1.55 47 203.223.169.162 47 extendable
ip nat inside source static tcp 172.17.1.53 53 203.223.169.162 53 extendable
ip nat inside source static udp 172.17.1.53 53 203.223.169.162 53 extendable
ip nat inside source static tcp 172.17.1.53 80 203.223.169.162 80 extendable
ip nat inside source static tcp 172.17.1.53 110 203.223.169.162 110 extendable
ip nat inside source static udp 172.17.1.53 110 203.223.169.162 110 extendable
ip nat inside source static tcp 172.17.1.53 135 203.223.169.162 135 extendable
ip nat inside source static tcp 172.17.1.53 443 203.223.169.162 443 extendable
ip nat inside source static tcp 172.17.1.53 465 203.223.169.162 465 extendable
ip nat inside source static udp 172.17.1.55 500 203.223.169.162 500 extendable
ip nat inside source static tcp 172.17.1.53 522 203.223.169.162 522 extendable
ip nat inside source static tcp 172.17.1.53 691 203.223.169.162 691 extendable
ip nat inside source static tcp 172.17.1.55 1701 203.223.169.162 1701 extendable
ip nat inside source static tcp 172.17.1.55 1723 203.223.169.162 1723 extendable
ip nat inside source static tcp 172.17.1.51 3389 203.223.169.162 3389 extendable
ip nat inside source static tcp 172.17.1.56 9575 203.223.169.162 9575 extendable
ip ssh time-out 60
ip ssh version 2
!
!
ip prefix-list in-peer-Jazz seq 10 permit 0.0.0.0/0
!
ip prefix-list out-peer-Jazz seq 10 permit 203.223.169.160/29
!
ip prefix-list out-peer-VPN-Jazz seq 10 permit 172.17.1.0/24
ipv6 ioam timestamp
!
route-map out-VPN-peer-Jazz-bkup permit 10
match ip address prefix-list out-peer-VPN-Jazz
set metric 100
!
route-map in-peer-Jazz-bkup permit 10
match ip address prefix-list in-peer-Jazz
set local-preference 120
!
route-map out-VPN-peer-Jazz permit 10
match ip address prefix-list out-peer-VPN-Jazz
set metric 10
!
route-map in-peer-Jazz permit 10
match ip address prefix-list in-peer-Jazz
set local-preference 150
!
route-map out-peer-Jazz permit 10
match ip address prefix-list out-peer-Jazz
!
route-map VPN-in-peer-Jazz permit 10
set local-preference 150
!
route-map out-peer-Jazz-bkup permit 10
match ip address prefix-list out-peer-Jazz
set metric 100
!
!
access-list 1 permit 172.17.1.0 0.0.0.255
!
!
!
control-plane
!
!
vstack
!
line con 0
exec-timeout 20 0
password 7
logging synchronous
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
exec-timeout 20 0
password 7
transport input telnet ssh
transport output telnet
line vty 5 15
exec-timeout 20 0
password 7
transport input ssh
transport output telnet
!
scheduler allocate 20000 1000
ntp update-calendar
ntp server hk.pool.ntp.org
ntp server pk.pool.ntp.org prefer
!
end
===================================
Router B


!
! No configuration change since last restart
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname HAC-PLT-EDGE-001
!
boot-start-marker
boot-end-marker
!
!
no logging console
enable secret 5 $1$rnZh$YR3JTIhbwShzMx092D.MX.
enable password 7
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
!
!
!
!
aaa session-id common
clock timezone GMT 5 0
!
no ipv6 cef
no ip source-route
ip cef
!
!
!
ip dhcp excluded-address 172.17.2.1 172.17.2.100
!
ip dhcp pool HAC-Plant
network 172.17.2.0 255.255.255.0
default-router 172.17.2.1
dns-server 172.17.2.1
domain-name HACAGRI.LOCAL
!
!
ip domain name HACAGRI.LOCAL
ip name-server 210.2.181.7
ip name-server 210.2.177.6
multilink bundle-name authenticated
!
!
crypto pki token default removal timeout 0
!
!
license udi pid CISCO2911/K9 sn FGL15421096
!
!
username shaaz privilege 15 password 7
!
!
ip ssh time-out 60
!
!
!
!
interface Loopback0
ip address 210.2.157.169 255.255.255.248
ip nat outside
ip virtual-reassembly in
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
ip address 172.17.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
no ip address
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1.1018
encapsulation dot1Q 1018
ip address 10.5.206.156 255.255.255.248
!
interface GigabitEthernet0/1.1956
description Jazz Primary Internet
encapsulation dot1Q 1956
ip address 10.5.205.194 255.255.255.248
ip nat outside
ip virtual-reassembly in
!
interface GigabitEthernet0/1.1957
description Jazz Primary Data Link
encapsulation dot1Q 1957
ip address 10.5.205.186 255.255.255.248
ip nat outside
ip virtual-reassembly in
!
interface GigabitEthernet0/2
no ip address
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/2.3045
description Jazz Backup Internet Link
encapsulation dot1Q 3045
ip address 10.5.206.162 255.255.255.248
ip nat outside
ip virtual-reassembly in
!
interface GigabitEthernet0/2.3046
description Jazz Data Backup Link
encapsulation dot1Q 3046
ip address 10.5.206.178 255.255.255.248
ip nat outside
ip virtual-reassembly in
!
router bgp 64933
bgp log-neighbor-changes
neighbor 10.5.205.185 remote-as 23966
neighbor 10.5.205.185 description "Jazz-eBGP-Primary"
neighbor 10.5.205.185 password 7
neighbor 10.5.205.185 version 4
neighbor 10.5.205.185 timers 10 30
neighbor 10.5.205.193 remote-as 23966
neighbor 10.5.205.193 description "Jazz-eBGP-Primary"
neighbor 10.5.205.193 password 7 12150119325D585D7978
neighbor 10.5.205.193 version 4
neighbor 10.5.205.193 timers 10 30
neighbor 10.5.206.161 remote-as 23966
neighbor 10.5.206.161 description "Jazz-eBGP-Primary"
neighbor 10.5.206.161 password 7
neighbor 10.5.206.161 version 4
neighbor 10.5.206.161 timers 10 30
neighbor 10.5.206.177 remote-as 23966
neighbor 10.5.206.177 description "Jazz-eBGP-Backup"
neighbor 10.5.206.177 password 7
neighbor 10.5.206.177 version 4
neighbor 10.5.206.177 timers 10 30
!
address-family ipv4
network 172.17.2.0 mask 255.255.255.0
network 210.2.157.168 mask 255.255.255.248
neighbor 10.5.205.185 activate
neighbor 10.5.205.185 soft-reconfiguration inbound
neighbor 10.5.205.185 route-map out-VPN-peer-Jazz out
neighbor 10.5.205.193 activate
neighbor 10.5.205.193 soft-reconfiguration inbound
neighbor 10.5.205.193 route-map in-peer-Jazz in
neighbor 10.5.205.193 route-map out-peer-Jazz out
neighbor 10.5.206.161 activate
neighbor 10.5.206.161 soft-reconfiguration inbound
neighbor 10.5.206.161 route-map in-peer-Jazz-bkup in
neighbor 10.5.206.161 route-map out-peer-Jazz-bkup out
neighbor 10.5.206.177 activate
neighbor 10.5.206.177 soft-reconfiguration inbound
neighbor 10.5.206.177 route-map out-VPN-peer-Jazz-bkup out
exit-address-family
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip dns server
ip nat inside source list 1 interface Loopback0 overload
!
!
ip prefix-list in-peer-Jazz seq 10 permit 0.0.0.0/0
!
ip prefix-list out-peer-Jazz seq 10 permit 210.2.157.168/29
!
ip prefix-list out-peer-VPN-Jazz seq 10 permit 172.17.2.0/24
access-list 1 permit 172.17.2.0 0.0.0.255
!
route-map out-VPN-peer-Jazz-bkup permit 10
match ip address prefix-list out-peer-VPN-Jazz
set metric 100
!
route-map in-peer-Jazz-bkup permit 10
match ip address prefix-list in-peer-Jazz
set local-preference 120
!
route-map out-VPN-peer-Jazz permit 10
match ip address prefix-list out-peer-VPN-Jazz
!
route-map in-peer-Jazz permit 10
match ip address prefix-list in-peer-Jazz
set local-preference 150
!
route-map out-peer-Jazz permit 10
match ip address prefix-list out-peer-Jazz
!
route-map out-peer-Jazz-bkup permit 10
match ip address prefix-list out-peer-Jazz
set metric 100
!
!
!
!
!
control-plane
!
!
!
line con 0
exec-timeout 20 0
password 7
logging synchronous
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
session-timeout 20
exec-timeout 20 0
password 7
transport input ssh
transport output telnet
line vty 5 15
exec-timeout 20 0
password 7
transport input ssh
transport output telnet
!
scheduler allocate 20000 1000
end
=====================================
Thank you very much for your help
 
Last edited:
Jul 22, 2019
3
0
10
When i ping from PC, it simply gives "request time out". When i do tracert from my PC, request stops at Router (172.17.1.1)

Tracing route to 172.17.2.1 over a maximum of 30 hops

1 <1 ms <1 ms <1 ms 172.17.1.1
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
5 * * * Request timed out.
6 * * * Request timed out.
7 * * * Request timed out.
8 *
 
Jul 22, 2019
3
0
10
Router A

Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.7(3)M3, RELEASE SOFTWARE (fc2)

It says

MPLS forwarding or IP CEF is not enabled on this router

Router B

Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.1(4)M1, RELEASE SOFTWARE (fc1)

traceroute mpls command is not available
 
This has way to many moving parts for a simple answer,way to complex to just look at a config unless you spend huge amounts of time.

So first steps
Verify that the both prefixes are in the BGP table on both routers. If not one of your route filters is eating it.
Next verify that the prefix is in the actual routing table. When they are in BGP but not in the routing table there is a issue with the next hop in most cases.

Now I would try a extended ping command and source the IP. If you do not actually put the source IP in it will choose the ip of one of the outbound interfaces.

This may actually work because router traffic itself does not pass through the NAT.

My overall guess is there is something wrong with the nat and it is translating these ip when it should not. From what I can tell you are doing nat on a stick which makes it even more complex.