Troubleshooting a routing issue - Best tools?

F

Fran

I have a client with a small office who shares an internet connection
(T1 line) in a office building (this line is shared by 3 other
offices). The T1 is eventually connected to a Linksys router in a
communications closet. From here the other offices are simply plugged
into one of the 4 switch ports on the back.

Recently my client began experiencing intermittent problems with their
internet connection. They also have a linksys router on their network
(acting as a NAT router/gateway to the main router in the closet.)

I have tested the router on the client side and it appears to be
working well. I had the ISP check their equipment and that appears to
be working well. Yet we're failing repeatedly now (and they use the
internet for their business management application.)

How can I tell where this is failing? Are there any commercially
available or free tools that will help me fix this quickly for the
client?

Any advice is appreciated. This is a situation I have not run into yet
and I would like to get them back up and running properly as quickly
as possible.

-Fran-
 
P

Phillip Windell

I don't know of any "tools". When it fails you simply have to determine
where the point of failure is. When it stops working you need to start
pinging the different devices "along the way" out to the internet. The
"problem" device will either be the last one you pinged or the one just
after that one depending on the situation.

Devices with two interfaces (like the NAT Routers) will require you to ping
each interface in the proper order (from closest to farthest).

Linksys boxes are generally "Home User" technology and, in my opinion, do
not have the durabiltiy, stability, and dependabilty of commercial grade
devices. The old saying "You get what you pay for" applies. Most Linksys
boxes range around $100-$200,...commercial grade Router are generally around
$1000 for cheap ones and go up from there. I paid $10,000 for ours and have
seen one built on a "blade" design for around $250,000. (a few of them and
you have over a million $ in just routers alone).

BTW - I never heard of a Linksys Router on a T1,...I thought all those
things were on SDSL, ADSL, and "Cable Internet" links. Since Cisco bought
Linksys are they moving the name of "Linksys" into some of their commercial
grade products?

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Deployment Guidelines for ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/prodtechnol/isa/2004/deploy/dgisaserver.mspx
 
F

Fran

This is an inherited mess, I'm afraid. The system was already there
when I got there. There is a DSU/CSU unit (like an AdTran but diff.
name...I forget now) and that interface is connected to the LinkSys
router. I think the people that installed all this have more Phone
experience than they do networking. I know SOME Cisco commands but I'm
afraid this is my weak point in networking.

In any case, what we have is the T1 coming into the DSU and out to the
LinkSys router. Curiously when i checked the ARP I found that my
client's router had a MAC address of 00-00-00-00-00-00! Once I got
access to the closet I was able to check the router inside and ping
other LAN IP addresses. Three offices had the same WAN IP
(192.168.20.16) on their Linksys routers. After changing them to
unique addresses we were able to fix the issue.

Naturally I would have preferred a software program that could already
know this stuff ;) But I guess that's what I get paid for, huh? :)

Thanks for the insite. I have recommended an upgrade to a "real"
router and a firewall (no, they don't have one of those, either.) For
their needs a good firewall will do both quite nicely (the routing
needs are minimal, really. NAT will do it for this location.)

-Fran-
 
P

Phillip Windell

Fran said:
Naturally I would have preferred a software program that could already
know this stuff ;) But I guess that's what I get paid for, huh? :)
Click to expand...

That's right. You can't do everything with software. Software will only
function properly if the environment it is installed in also functions
properly (generally speaking). So it just isn't that simple.
Thanks for the insite. I have recommended an upgrade to a "real"
router and a firewall (no, they don't have one of those, either.) For
their needs a good firewall will do both quite nicely (the routing
needs are minimal, really. NAT will do it for this location.)
Click to expand...

No. The firewall device will go behind the router,...it should not "be" the
router. Since their is a CSU/DSU connected to the Linksys router then it
sounds like it is a "real" router and I would recommend leaving it alone.
It should be doing *only* routing and nothing else.

*Both* your side of the router and the ISP's side of the router should run
Public IP Ranges but be different Subnets. The firewall device would go
between the LAN and the current router and possess the Public IP Range from
your side of the router between it and the router,...on the LAN side of the
firewall device you will run RFC Private Addresses.

Watch out for the term "real firewall",...there is no such thing. "Firewall"
is just a *slang* and generic term that has gotten so popular that people
think it actually means something. What you really have in the industry are
NAT Servers and Proxy Servers,...*both* are "firewalls" but the two
represent two competeling technologies for accomplishing the same job.

Some products like MS ISA Server have both NAT and "proxying" abilities
built into the same product. Of ISA's three primary "services", 2 of them
are proxying based and 1 is NAT based. They are independent, yet work
together.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Deployment Guidelines for ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/prodtechnol/isa/2004/deploy/dgisaserver.mspx
-----------------------------------------------------
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Complicated Networking setup problems w/vpn (For Techies) 4
External to Internal NAT Question 1
2 default gateways for fault tolerance 3
LAN + shared Internet connection 4
Internet Connection Issues - HELP!! 2
Routing problem 3
Routing problem on Microsoft RAS VPN 0
Using multiple gateways simoultaniously in Win2k Server 4

Top