Cisco config issue

moose517

Gawd
Joined
Feb 28, 2009
Messages
640
I've got a problem and it has me stumped. I tore apart my home network today to create more VLAN's for better segregation, however i'm having a very basic routing issue and its got me puzzled. I've included the config file as well as show ip int brief and show ip route.

Code:
Current configuration : 7691 bytes
!
! Last configuration change at 21:55:54 UTC Thu Oct 13 2011 by chris
! NVRAM config last updated at 21:49:31 UTC Thu Oct 13 2011 by chris
! NVRAM config last updated at 21:49:31 UTC Thu Oct 13 2011 by chris
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2821
!
boot-start-marker
boot system flash:c2800nm-adventerprisek9-mz.151-4.M.bin
boot-end-marker
!
!
enable secret 5 $1$G7F6$bwBoS1D7GiLhC3tLMVB061
!
no aaa new-model
!
!
dot11 syslog
no ip source-route
!
!
ip cef
!
!
!
ip domain name ad.moosemanstudios.com
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
voice service voip
!
!
!
!
!
voice-card 0
!
crypto pki token default removal timeout 0
!
!
!
!
license udi pid CISCO2821 sn FTX0924A611
username chris privilege 15 secret 5 XXXXXXXXXXXXXXXXXXXXXXXX
!
redundancy
!
!
ip ssh version 2
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0
 description 2821-ASA5505(INTERNET)
 ip address 10.19.5.2 255.255.255.0
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 no ip address
 duplex auto
 speed auto
!
interface GigabitEthernet0/1.135
 description voice vlan interface
 encapsulation dot1Q 135
 ip address 10.19.135.151 255.255.255.0
!
interface GigabitEthernet0/1.136
 description data vlan interface
 encapsulation dot1Q 136 native
 ip address 10.19.136.151 255.255.255.0
!
interface GigabitEthernet0/1.137
 description guest vlan interface
 encapsulation dot1Q 137
 ip address 10.19.137.151 255.255.255.0
!
interface GigabitEthernet0/1.138
 description management vlan interface
 encapsulation dot1Q 138
 ip address 10.19.138.151 255.255.255.0
!
interface GigabitEthernet0/1.139
 description storage vlan interface
 encapsulation dot1Q 139
 ip address 10.19.139.151 255.255.255.0
!
!
router eigrp 19
 network 10.19.0.0 0.0.255.255
!
ip default-gateway 10.19.5.1
no ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip route 0.0.0.0 0.0.0.0 10.19.5.1
!
logging esm config
logging trap debugging
logging 10.19.136.104
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 logging synchronous
 login local
line aux 0
 login local
line vty 0 4
 exec-timeout 0 0
 logging synchronous
 login local
 transport input ssh
!
scheduler allocate 20000 1000
ntp source GigabitEthernet0/0
ntp master
ntp server 129.6.15.28 prefer
ntp server 129.6.15.29
end

Code:
R2821#show ip int brief
Interface                  IP-Address      OK? Method Status                Protocol
GigabitEthernet0/0         10.19.5.2       YES NVRAM  up                    up  
GigabitEthernet0/1         unassigned      YES NVRAM  up                    up  
GigabitEthernet0/1.135     10.19.135.151   YES NVRAM  up                    up  
GigabitEthernet0/1.136     10.19.136.151   YES NVRAM  up                    up  
GigabitEthernet0/1.137     10.19.137.151   YES NVRAM  up                    up  
GigabitEthernet0/1.138     10.19.138.151   YES NVRAM  up                    up  
GigabitEthernet0/1.139     10.19.139.151   YES NVRAM  up                    up

Code:
R2821#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is 10.19.5.1 to network 0.0.0.0

S*    0.0.0.0/0 [1/0] via 10.19.5.1
      10.0.0.0/8 is variably subnetted, 12 subnets, 2 masks
C        10.19.5.0/24 is directly connected, GigabitEthernet0/0
L        10.19.5.2/32 is directly connected, GigabitEthernet0/0
C        10.19.135.0/24 is directly connected, GigabitEthernet0/1.135
L        10.19.135.151/32 is directly connected, GigabitEthernet0/1.135
C        10.19.136.0/24 is directly connected, GigabitEthernet0/1.136
L        10.19.136.151/32 is directly connected, GigabitEthernet0/1.136
C        10.19.137.0/24 is directly connected, GigabitEthernet0/1.137
L        10.19.137.151/32 is directly connected, GigabitEthernet0/1.137
C        10.19.138.0/24 is directly connected, GigabitEthernet0/1.138
L        10.19.138.151/32 is directly connected, GigabitEthernet0/1.138
C        10.19.139.0/24 is directly connected, GigabitEthernet0/1.139
L        10.19.139.151/32 is directly connected, GigabitEthernet0/1.139

Everything looks normal to me, thats why i don't get it. Anyways, my ESXi server's management is on vlan 138, it can't ping to my storage server on vlan 136 and vice versa. However if i ping them from the router itself of course it passes. Any ideas?
 

Vito_Corleone

[H]ard|Gawd
Joined
Dec 17, 2006
Messages
1,730
What if you source the ping from the other interface? Can you ping then? Can the devices ping any VLANs?
 

moose517

Gawd
Joined
Feb 28, 2009
Messages
640
if i source from one of the other VLAN interfaces on the router it also fails. what i'm finding really weird is from my desktop i am connected via SSH to my router and switch through vlan 138 and my PC is on 136.
 

moose517

Gawd
Joined
Feb 28, 2009
Messages
640
LMAO thats what it was, i forgot to change the default gateway on my storage server.
 

moose517

Gawd
Joined
Feb 28, 2009
Messages
640
anybody happen to be on an IRC channel somewhere that can help me. i was messing with my ASA and now i can't get port forwarding working at all :( My usual go to person is no longer on speaking terms with me so when i'm stumped i have no one to turn to now :(.
 

Langly

Supreme [H]ardness
Joined
Dec 23, 2002
Messages
4,406
anybody happen to be on an IRC channel somewhere that can help me. i was messing with my ASA and now i can't get port forwarding working at all :( My usual go to person is no longer on speaking terms with me so when i'm stumped i have no one to turn to now :(.

Depending on what you are doing port forwarding-wise with the asa, shoot me a PM and I can see if I can help you out.
 

moose517

Gawd
Joined
Feb 28, 2009
Messages
640
well i figure i might as well post up on here anyways, maybe someone can spot something i'm not. I'm using ASDM to configure it, and i'm like 99% sure i have it the same was as it was before i erased all my NAT rules. If i can get the 25565 minecraft port open i'm sure i can fix the rest, its the easiest to test.

here is the NAT rules tab
ASA.PNG


and here is the packet trace i ran from ASDM with where it hangs up shown
packet_tracer.PNG


EDIT: and yes there is an access rule for it, and its enabled, its evne showing 10 hits so i know its working, its all failing at the NAT for some reason.
 

Vito_Corleone

[H]ard|Gawd
Joined
Dec 17, 2006
Messages
1,730
Ugh, post your conifg. It's much easier to decipher than ASDM. Post

sh run access-group
sh run access-list
sh run object
sh run nat
 

moose517

Gawd
Joined
Feb 28, 2009
Messages
640
so uh, apparently it was working all along, and packet tracer was confused by the IP i put in LOL. However while i have everybody LOL. one of the purposes of redoing my network was to change my AD domain name, as i mad the noob mistake of naming i the same as my actual domain. I switched that over to ad.moosemanstudios.com while my actual domain is moosemanstudios.com. However i still can't type in my URL or anything and access the site. and if i try a command line ping it resolves just fine. that a firewall issue or something else i need to do to my LAN to fix it?
 

moose517

Gawd
Joined
Feb 28, 2009
Messages
640
my AD server is also my DNS server. I don't think its configured right TBH. all i did was setup my NIC with the DNS servers i use on the internet, then DCpromo'd the server and left it alone.
 

Jay_2

2[H]4U
Joined
Mar 20, 2006
Messages
3,583
his en MD5 is on show

$1$G7F6$bwBoS1D7GiLhC3tLMVB061

John will crack that.
 

moose517

Gawd
Joined
Feb 28, 2009
Messages
640
crap!, i didn't realize that i had that one XD. although not really sure what good that would do anybody. however i guess i'll get to changing it all XD

EDIT: this brings me to another point, i would love to setup RADIUS so that all my passwords are stored in one location. Anyone got a link somehwere on setting up RADIUS for cisco on server 2k8 R2 that actually works? buddy linked me to one that didn't work. Would greatly save me time as its gonna take a while to update the passwords on all my devices LOL
 

Vito_Corleone

[H]ard|Gawd
Joined
Dec 17, 2006
Messages
1,730
crap!, i didn't realize that i had that one XD. although not really sure what good that would do anybody. however i guess i'll get to changing it all XD

EDIT: this brings me to another point, i would love to setup RADIUS so that all my passwords are stored in one location. Anyone got a link somehwere on setting up RADIUS for cisco on server 2k8 R2 that actually works? buddy linked me to one that didn't work. Would greatly save me time as its gonna take a while to update the passwords on all my devices LOL

Install ACS.
 

moose517

Gawd
Joined
Feb 28, 2009
Messages
640
you sure about that, i've been trying to find it and its locked on cisco. need service contract to download.
 

moose517

Gawd
Joined
Feb 28, 2009
Messages
640
LOL back to my question though before i wnet on a tanget about the passwords, what do i need to do to my DNS then to get my domain to resolve in my LAN
 
Top