HI,
I have asked a couple of times but try as I do, I can't seem to get the routing working on a 2850.
I have the following:

SITE A (WAN = 10.1.1.1/32, LAN 192.168.1.0/24)
SITE B (WAN = 10.1.2.1/32, LAN 192.168.2.0/24)

SITE A's LAN can ping SITE B's WAN and vice versa.
How can I get SITE A's LAN to talk to SITE B's LAN?
I do not want a VPN here, just plain routing. I have placed a static router in each router eg SITE A = 192.168.2.0/24 (SITE B's LAN) via 10.1.2.1(SITE B's WAN) and vice versa and get no reply.
I think this is to do with NAT as I have no firewall rules (both call & data filters disabled)

Does anybody have any ideas?

DO both routes appear on both routing tables?

Does the a route trace take the right hops from both ends?

I cant remember if it was the 2850 but I do remember a while back someone saying there was a routing bug causing a similar issue to what you describe.
I cant find the threads though sorry

I've taken this a step further. I can create an IPSEC tunnel between SITE A & SITE B and talk to each others LAN's.
What I can't do is get SITE A's LAN to talk to SITE B's LAN without an IPSEC tunnel.
Could somebody confirm how they would set this up in their router?

In the IPSEC setup, it's easy to set the remote router IP/LAN but how would I do this without IPSEC?

have you asked the MPLS provider if the routing is in place for the two to work, perhaps they require an IPSEC to be inplace???
I know I used to have to create them when using an MPLS...

Hi,

What is happening is that you are not placing the LAN ip addresses into the VRF tables for some reason, hence the issue. In routing, you need to route the LAN into the WAN. With IPsec tunnels, are you are terminating on effect a virtual interface within the device, the routing is formed for you. With MPLS and non IPsec you need to do that yourself.

Regards

Martyn

Hi,

What is happening is that you are not placing the LAN ip addresses into the VRF tables for some reason, hence the issue. In routing, you need to route the LAN into the WAN. With IPsec tunnels, are you are terminating on effect a virtual interface within the device, the routing is formed for you. With MPLS and non IPsec you need to do that yourself.

You shouldn't need to put in static routes to point to each LAN as your using a static route to point all traffic to the PE. The PE should be doing the routing, so either your not injecting the LAN ip addresses correct (ask BT to supply the relevent VRF routing tables to check) or the PE VRFs are not forwarding correctly. I'm afraid I suspect the former and not the later.

Regards

Martyn