GroupStudy.com GroupStudy.com - A virtual community of network engineers
Home BookStore StudyNotes Links Archives StudyRooms HelpWanted Discounts Login
Unicast RIP Through PIX [7:91386] posted 08/02/2004
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next] 
Hello Group,

I am trying to exchange routes between RIP Unicast neighbors accross a
PIX...with no success. I specifically want to avoid using GRE for this
solution.
I keep getting..."encapsulation failed" on deb ip packet output.....
Also...on the PIX I see the following:

PIX(config)# sh logg

312001: RIP hdr failed from 131.20.16.5: cmd=1, version=2, domain=0 on
interface outside
312001: RIP hdr failed from 131.20.16.5: cmd=1, version=2, domain=0 on
interface outside
312001: RIP hdr failed from 192.168.1.4: cmd=1, version=2, domain=0 on
interface inside
312001: RIP hdr failed from 192.168.1.4: cmd=1, version=2, domain=0 on
interface inside

Any Ideas?? Please see more info below.

Thanks,

Dain

----------------------------------------------------------------------------
---------
Objective: Define Unicast RIP Neighbors Accross the PIX
----------------------------------------------------------------------------
---------


----------------------------------------------------------------
Topology:
----------------------------------------------------------------

R7---R4---PIX---R5

R7-R4 Network: 47.47.47.0/24 Frame Relay and RIPv2
R4-PIX Network: 192.168.1.0/24 Ethernet and RIPv2
PIX-R5 Network: 131.20.16.0/24 Ethernet and RIPv2

*Unicast RIP Between R7 and R5*

----------------------------------------------------------------
Debugs
----------------------------------------------------------------

R5#deb ip packet det

00:18:23: IP: s=131.20.16.5 (local), d=224.0.0.9 (Ethernet0/0), len 52,
sending broad/multicast
00:18:23:     UDP src=520, dst=520
00:18:23: IP: s=5.5.5.5 (local), d=224.0.0.9 (Loopback1), len 52, sending
broad/multicast
00:18:23:     UDP src=520, dst=520
00:18:23: IP: s=131.20.16.5 (local), d=47.47.47.7 (Ethernet0/0), len 52,
sending
00:18:23:     UDP src=520, dst=520
00:18:23: IP: s=131.20.16.5 (local), d=47.47.47.7 (Ethernet0/0), len 52,
encapsulation failed
00:18:23:     UDP src=520, dst=520

R5#deb ip rip

00:18:49: RIP: sending v2 update to 224.0.0.9 via Ethernet0/0 (131.20.16.5)
00:18:49: RIP: build update entries
00:18:49:       5.5.5.0/24 via 0.0.0.0, metric 1, tag 0
00:18:49: RIP: sending v2 update to 224.0.0.9 via Loopback1 (5.5.5.5)
00:18:49: RIP: build update entries
00:18:49:       131.20.16.0/24 via 0.0.0.0, metric 1, tag 0
00:18:49: RIP: rip_sendupdate_vk() no source specified. Set source.
00:18:49: RIP: source 0.0.0.0, mask 0.0.0.0
00:18:49: -Traceback= 80629E10 8062A454 8062A590 8049C020 8062F430 8062FA14
80369294
00:18:49: RIP: rip_sendupdate_vk() no source specified. Set source.
00:18:49: RIP: sending v2 update to 47.47.47.7 via Ethernet0/0 (131.20.16.5)

----------------------------------------------------------------------------
-----
Running Configs
----------------------------------------------------------------------------
-----

R7#
R7#wr t
Building configuration...

Current configuration : 1166 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname R7
!
!
memory-size iomem 10
ip subnet-zero
!
!
ip tcp synwait-time 5
no ip domain-lookup
!
ip audit notify log
ip audit po max-events 100
!
call rsvp-sync
!
!
!
!
!
!
!
!
interface Ethernet0/0
 no ip address
 shutdown
 half-duplex
!
interface Serial0/0
 ip address 47.47.47.7 255.255.255.0
 encapsulation frame-relay
 frame-relay map ip 47.47.47.4 174 broadcast
 no frame-relay inverse-arp
!
interface Serial0/1
 no ip address
 shutdown
!
router rip
 version 2
 no validate-update-source
 network 47.0.0.0
 neighbor 131.20.16.5
 no auto-summary
!
ip classless
ip http server
!
!
!
dial-peer cor custom
!
!
!
!
alias exec c config t
alias exec s copy run start
alias exec r show run
alias exec si show ip int brief
alias exec i show ip route
alias exec on show ip ospf nei
alias exec sen show ip eigrp nei
alias exec b show ip bgp
alias exec bs show ip bgp summ
alias exec isa show crypto isakmp sa
alias exec ipsec show crypto ipsec sa
alias exec engine show crypto engine conn act
!
line con 0
 logging synchronous
line aux 0
line vty 0 4
!
end

R7#
ts15>4
[Resuming connection 4 to r4 ... ]

R4#
R4#wr t
Building configuration...

Current configuration : 1309 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname R4
!
!
memory-size iomem 10
ip subnet-zero
!
!
ip tcp synwait-time 5
no ip domain-lookup
!
ip audit notify log
ip audit po max-events 100
!
call rsvp-sync
!
!
!
!
!
!
!
!
interface Ethernet0/0
 ip address 192.168.1.4 255.255.255.0
 half-duplex
!
interface BRI0/0
 no ip address
 encapsulation hdlc
 shutdown
!
interface Serial1/0
 ip address 47.47.47.4 255.255.255.0
 encapsulation frame-relay
 frame-relay map ip 47.47.47.7 147 broadcast
 no frame-relay inverse-arp
!
interface Serial1/1
 no ip address
 shutdown
!
interface Serial1/2
 no ip address
 shutdown
!
interface Serial1/3
 no ip address
 shutdown
!
router rip
 version 2
 network 47.0.0.0
 network 192.168.1.0
 no auto-summary
!
ip classless
ip http server
!
!
!
dial-peer cor custom
!
!
!
!
alias exec c config t
alias exec s copy run start
alias exec r show run
alias exec si show ip int brief
alias exec i show ip route
alias exec on show ip ospf nei
alias exec sen show ip eigrp nei
alias exec b show ip bgp
alias exec bs show ip bgp summ
alias exec isa show crypto isakmp sa
alias exec ipsec show crypto ipsec sa
alias exec engine show crypto engine conn act
!
line con 0
 logging synchronous
line aux 0
line vty 0 4
!
end

R4#
ts15>10
[Resuming connection 10 to pix1 ... ]

PIX(config)#
PIX(config)# wr t
Building configuration...
: Saved
:
PIX Version 6.3(1)
interface ethernet0 auto
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
hostname PIX
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
names
access-list ingress permit ip any any
access-list nonat permit ip 47.47.47.0 255.255.255.0 any
pager lines 24
logging on
logging buffered debugging
mtu outside 1500
mtu inside 1500
ip address outside 131.20.16.11 255.255.255.0
ip address inside 192.168.1.11 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm history enable
arp timeout 14400
nat (inside) 0 access-list nonat
access-group ingress in interface outside
rip outside passive version 2
rip inside passive version 2
rip inside default version 2
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225
1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
telnet timeout 5
ssh timeout 5
console timeout 0
terminal width 80
Cryptochecksum:bbcce3de663ecf0414018a16319d1cc5
: end
[OK]
PIX(config)#
ts15>5
[Resuming connection 5 to r5 ... ]

R5#
R5#wr t
Building configuration...

Current configuration : 1243 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname R5
!
!
memory-size iomem 10
ip subnet-zero
!
!
ip tcp synwait-time 5
no ip domain-lookup
!
ip audit notify log
ip audit po max-events 100
!
call rsvp-sync
!
!
!
!
!
!
!
!
interface Loopback1
 ip address 5.5.5.5 255.255.255.0
!
interface Ethernet0/0
 ip address 131.20.16.5 255.255.255.0
 half-duplex
!
interface Serial0/0
 no ip address
 shutdown
!
interface BRI0/0
 no ip address
 encapsulation hdlc
 shutdown
!
router rip
 version 2
 no validate-update-source
 network 5.0.0.0
 network 131.20.0.0
 neighbor 47.47.47.7
 no auto-summary
!
ip classless
ip route 47.47.47.0 255.255.255.0 131.20.16.11
ip http server
!
!
!
voice-port 1/0/0
!
voice-port 1/0/1
!
dial-peer cor custom
!
!
!
!
alias exec c config t
alias exec s copy run start
alias exec r show run
alias exec si show ip int brief
alias exec i show ip route
alias exec on show ip ospf nei
alias exec sen show ip eigrp nei
alias exec b show ip bgp
alias exec bs show ip bgp summ
alias exec isa show crypto isakmp sa
alias exec ipsec show crypto ipsec sa
alias exec engine show crypto engine conn act
!
line con 0
 logging synchronous
line aux 0
line vty 0 4
!
end




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=91386&t=91386
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html