Re: Unicast RIP Through PIX [7:91386]

["Dain Deutschman" <daind@xxxxxxxxx>]

router rip
    no auto-s
    ver 2
    net 1.1.1.0
    nei 1.1.1.2

int e0
    ip add 1.1.1.1 255.255.255.0

PIX
static (i,o) 2.2.2.1 1.1.1.1
static (o,i ) 1.1.1.2 2.2.2.2

Then appropirate config on other router...basically outside NAT with Unicast
RIP. Be sure to open up necessary acl on PIX.

""Dain Deutschman""  wrote in message
news:200408020031.i720VDQN003037@xxxxxxxxxxxxxxxxx
> Hello Group,
>
> I am trying to exchange routes between RIP Unicast neighbors accross a
> PIX...with no success. I specifically want to avoid using GRE for this
> solution.
> I keep getting..."encapsulation failed" on deb ip packet output.....
> Also...on the PIX I see the following:
>
> PIX(config)# sh logg
>
> 312001: RIP hdr failed from 131.20.16.5: cmd=1, version=2, domain=0 on
> interface outside
> 312001: RIP hdr failed from 131.20.16.5: cmd=1, version=2, domain=0 on
> interface outside
> 312001: RIP hdr failed from 192.168.1.4: cmd=1, version=2, domain=0 on
> interface inside
> 312001: RIP hdr failed from 192.168.1.4: cmd=1, version=2, domain=0 on
> interface inside
>
> Any Ideas?? Please see more info below.
>
> Thanks,
>
> Dain
>
> --------------------------------------------------------------------------
--
> ---------
> Objective: Define Unicast RIP Neighbors Accross the PIX
> --------------------------------------------------------------------------
--
> ---------
>
>
> ----------------------------------------------------------------
> Topology:
> ----------------------------------------------------------------
>
> R7---R4---PIX---R5
>
> R7-R4 Network: 47.47.47.0/24 Frame Relay and RIPv2
> R4-PIX Network: 192.168.1.0/24 Ethernet and RIPv2
> PIX-R5 Network: 131.20.16.0/24 Ethernet and RIPv2
>
> *Unicast RIP Between R7 and R5*
>
> ----------------------------------------------------------------
> Debugs
> ----------------------------------------------------------------
>
> R5#deb ip packet det
>
> 00:18:23: IP: s=131.20.16.5 (local), d=224.0.0.9 (Ethernet0/0), len 52,
> sending broad/multicast
> 00:18:23:     UDP src=520, dst=520
> 00:18:23: IP: s=5.5.5.5 (local), d=224.0.0.9 (Loopback1), len 52, sending
> broad/multicast
> 00:18:23:     UDP src=520, dst=520
> 00:18:23: IP: s=131.20.16.5 (local), d=47.47.47.7 (Ethernet0/0), len 52,
> sending
> 00:18:23:     UDP src=520, dst=520
> 00:18:23: IP: s=131.20.16.5 (local), d=47.47.47.7 (Ethernet0/0), len 52,
> encapsulation failed
> 00:18:23:     UDP src=520, dst=520
>
> R5#deb ip rip
>
> 00:18:49: RIP: sending v2 update to 224.0.0.9 via Ethernet0/0
(131.20.16.5)
> 00:18:49: RIP: build update entries
> 00:18:49:       5.5.5.0/24 via 0.0.0.0, metric 1, tag 0
> 00:18:49: RIP: sending v2 update to 224.0.0.9 via Loopback1 (5.5.5.5)
> 00:18:49: RIP: build update entries
> 00:18:49:       131.20.16.0/24 via 0.0.0.0, metric 1, tag 0
> 00:18:49: RIP: rip_sendupdate_vk() no source specified. Set source.
> 00:18:49: RIP: source 0.0.0.0, mask 0.0.0.0
> 00:18:49: -Traceback= 80629E10 8062A454 8062A590 8049C020 8062F430
8062FA14
> 80369294
> 00:18:49: RIP: rip_sendupdate_vk() no source specified. Set source.
> 00:18:49: RIP: sending v2 update to 47.47.47.7 via Ethernet0/0
(131.20.16.5)
>
> --------------------------------------------------------------------------
--
> -----
> Running Configs
> --------------------------------------------------------------------------
--
> -----
>
> R7#
> R7#wr t
> Building configuration...
>
> Current configuration : 1166 bytes
> !
> version 12.2
> service timestamps debug uptime
> service timestamps log uptime
> no service password-encryption
> !
> hostname R7
> !
> !
> memory-size iomem 10
> ip subnet-zero
> !
> !
> ip tcp synwait-time 5
> no ip domain-lookup
> !
> ip audit notify log
> ip audit po max-events 100
> !
> call rsvp-sync
> !
> !
> !
> !
> !
> !
> !
> !
> interface Ethernet0/0
>  no ip address
>  shutdown
>  half-duplex
> !
> interface Serial0/0
>  ip address 47.47.47.7 255.255.255.0
>  encapsulation frame-relay
>  frame-relay map ip 47.47.47.4 174 broadcast
>  no frame-relay inverse-arp
> !
> interface Serial0/1
>  no ip address
>  shutdown
> !
> router rip
>  version 2
>  no validate-update-source
>  network 47.0.0.0
>  neighbor 131.20.16.5
>  no auto-summary
> !
> ip classless
> ip http server
> !
> !
> !
> dial-peer cor custom
> !
> !
> !
> !
> alias exec c config t
> alias exec s copy run start
> alias exec r show run
> alias exec si show ip int brief
> alias exec i show ip route
> alias exec on show ip ospf nei
> alias exec sen show ip eigrp nei
> alias exec b show ip bgp
> alias exec bs show ip bgp summ
> alias exec isa show crypto isakmp sa
> alias exec ipsec show crypto ipsec sa
> alias exec engine show crypto engine conn act
> !
> line con 0
>  logging synchronous
> line aux 0
> line vty 0 4
> !
> end
>
> R7#
> ts15>4
> [Resuming connection 4 to r4 ... ]
>
> R4#
> R4#wr t
> Building configuration...
>
> Current configuration : 1309 bytes
> !
> version 12.2
> service timestamps debug uptime
> service timestamps log uptime
> no service password-encryption
> !
> hostname R4
> !
> !
> memory-size iomem 10
> ip subnet-zero
> !
> !
> ip tcp synwait-time 5
> no ip domain-lookup
> !
> ip audit notify log
> ip audit po max-events 100
> !
> call rsvp-sync
> !
> !
> !
> !
> !
> !
> !
> !
> interface Ethernet0/0
>  ip address 192.168.1.4 255.255.255.0
>  half-duplex
> !
> interface BRI0/0
>  no ip address
>  encapsulation hdlc
>  shutdown
> !
> interface Serial1/0
>  ip address 47.47.47.4 255.255.255.0
>  encapsulation frame-relay
>  frame-relay map ip 47.47.47.7 147 broadcast
>  no frame-relay inverse-arp
> !
> interface Serial1/1
>  no ip address
>  shutdown
> !
> interface Serial1/2
>  no ip address
>  shutdown
> !
> interface Serial1/3
>  no ip address
>  shutdown
> !
> router rip
>  version 2
>  network 47.0.0.0
>  network 192.168.1.0
>  no auto-summary
> !
> ip classless
> ip http server
> !
> !
> !
> dial-peer cor custom
> !
> !
> !
> !
> alias exec c config t
> alias exec s copy run start
> alias exec r show run
> alias exec si show ip int brief
> alias exec i show ip route
> alias exec on show ip ospf nei
> alias exec sen show ip eigrp nei
> alias exec b show ip bgp
> alias exec bs show ip bgp summ
> alias exec isa show crypto isakmp sa
> alias exec ipsec show crypto ipsec sa
> alias exec engine show crypto engine conn act
> !
> line con 0
>  logging synchronous
> line aux 0
> line vty 0 4
> !
> end
>
> R4#
> ts15>10
> [Resuming connection 10 to pix1 ... ]
>
> PIX(config)#
> PIX(config)# wr t
> Building configuration...
> : Saved
> :
> PIX Version 6.3(1)
> interface ethernet0 auto
> interface ethernet1 100full
> nameif ethernet0 outside security0
> nameif ethernet1 inside security100
> enable password 8Ry2YjIyt7RRXU24 encrypted
> passwd 2KFQnbNIdI.2KYOU encrypted
> hostname PIX
> fixup protocol ftp 21
> fixup protocol h323 h225 1720
> fixup protocol h323 ras 1718-1719
> fixup protocol http 80
> fixup protocol ils 389
> fixup protocol rsh 514
> fixup protocol rtsp 554
> fixup protocol sip 5060
> fixup protocol sip udp 5060
> fixup protocol skinny 2000
> fixup protocol smtp 25
> fixup protocol sqlnet 1521
> names
> access-list ingress permit ip any any
> access-list nonat permit ip 47.47.47.0 255.255.255.0 any
> pager lines 24
> logging on
> logging buffered debugging
> mtu outside 1500
> mtu inside 1500
> ip address outside 131.20.16.11 255.255.255.0
> ip address inside 192.168.1.11 255.255.255.0
> ip audit info action alarm
> ip audit attack action alarm
> pdm history enable
> arp timeout 14400
> nat (inside) 0 access-list nonat
> access-group ingress in interface outside
> rip outside passive version 2
> rip inside passive version 2
> rip inside default version 2
> timeout xlate 3:00:00
> timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225
> 1:00:00
> timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
> timeout uauth 0:05:00 absolute
> aaa-server TACACS+ protocol tacacs+
> aaa-server RADIUS protocol radius
> aaa-server LOCAL protocol local
> no snmp-server location
> no snmp-server contact
> snmp-server community public
> no snmp-server enable traps
> floodguard enable
> telnet timeout 5
> ssh timeout 5
> console timeout 0
> terminal width 80
> Cryptochecksum:bbcce3de663ecf0414018a16319d1cc5
> : end
> [OK]
> PIX(config)#
> ts15>5
> [Resuming connection 5 to r5 ... ]
>
> R5#
> R5#wr t
> Building configuration...
>
> Current configuration : 1243 bytes
> !
> version 12.2
> service timestamps debug uptime
> service timestamps log uptime
> no service password-encryption
> !
> hostname R5
> !
> !
> memory-size iomem 10
> ip subnet-zero
> !
> !
> ip tcp synwait-time 5
> no ip domain-lookup
> !
> ip audit notify log
> ip audit po max-events 100
> !
> call rsvp-sync
> !
> !
> !
> !
> !
> !
> !
> !
> interface Loopback1
>  ip address 5.5.5.5 255.255.255.0
> !
> interface Ethernet0/0
>  ip address 131.20.16.5 255.255.255.0
>  half-duplex
> !
> interface Serial0/0
>  no ip address
>  shutdown
> !
> interface BRI0/0
>  no ip address
>  encapsulation hdlc
>  shutdown
> !
> router rip
>  version 2
>  no validate-update-source
>  network 5.0.0.0
>  network 131.20.0.0
>  neighbor 47.47.47.7
>  no auto-summary
> !
> ip classless
> ip route 47.47.47.0 255.255.255.0 131.20.16.11
> ip http server
> !
> !
> !
> voice-port 1/0/0
> !
> voice-port 1/0/1
> !
> dial-peer cor custom
> !
> !
> !
> !
> alias exec c config t
> alias exec s copy run start
> alias exec r show run
> alias exec si show ip int brief
> alias exec i show ip route
> alias exec on show ip ospf nei
> alias exec sen show ip eigrp nei
> alias exec b show ip bgp
> alias exec bs show ip bgp summ
> alias exec isa show crypto isakmp sa
> alias exec ipsec show crypto ipsec sa
> alias exec engine show crypto engine conn act
> !
> line con 0
>  logging synchronous
> line aux 0
> line vty 0 4
> !
> end




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=91708&t=91386
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html