1. Home
  2. Cisco Systems
  3. cannot ping from subnet A to subnet B for a specific host

cannot ping from subnet A to subnet B for a specific host

Hi I cannot ping 192.168.5.149 from 192.168.11.65 and vice-versa. The gateway for 192.168.5.149 is 192.168.5.1 and for 192.168.11.65 the gateway is 192.168.11.253

Here is the router config

Using 1165 out of 29688 bytes ! version 12.0 service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname Corp-WAN ! enable secret 5 $1$Hfy0$HVtYn6SGr01RgJHPW33ZG. enable password 7 025701431B030C355946061400 ! ip subnet-zero ip name-server 141.155.0.68 ! ! ! ! interface FastEthernet0/0 ip address 192.168.11.253 255.255.255.0 no ip directed-broadcast ip nat inside ! interface Serial0/0 ip address 192.168.254.1 255.255.255.0 no ip directed-broadcast shutdown ! interface FastEthernet0/1 ip address 192.168.5.2 255.255.255.0 no ip directed-broadcast ip nat outside ! ip nat inside source list 2 interface FastEthernet0/1 overload ip nat inside source static 192.168.11.63 192.168.5.63 ip nat inside source static 192.168.11.13 192.168.5.13 ip nat inside source static 192.168.11.61 192.168.5.61 ip nat inside source static 192.168.11.58 192.168.5.58 ip classless ip route 0.0.0.0 0.0.0.0 192.168.5.1 no ip http server ! access-list 2 permit 192.168.11.0 0.0.0.255 ! line con 0 password 7 0055161E145E08121A2943430C login transport input none line aux 0 line vty 0 4 password 7 0055161E145E08121A2943430C login ! no scheduler allocate end

I'd appreciate if you can kindly explain to me the router config.

Thanks

Reply to
soup_or_power
Loading thread data ...

Reply to
soup_or_power

From my point of view there is nothing strange...

Alex.

Reply to
AM

From my point of view there is nothing strange... Try to enable "deb ip nat" and see if the router do the NAT. Be aware that such a debugging might overload the router depending on how much traffic you have

Alex.

Reply to
AM

traffic you have

Hi Alex How do I see the output of the command "deb ip nat"?

Thanks

Reply to
soup_or_power

that enables the debugging of NAT translation. If you are connected to the router via telnet just type "term mon" and "term no mon" to disable it.

Be prepared to a lot of garbage.

Otherwise if you are in console the router should already display the translations.

Alex.

Reply to
AM

router via telnet just type "term mon" and

I don't see any output.

Reply to
soup_or_power

Here is the network diagram Wave2WaveRouter | | Office firewall (192.168.5.1) | | office router |------------------------------------------------------------------- | |

192.168.5.0 192.168.11.0 192.168.5.10 192.168.11.65 192.168.5.149

I can ping 192.168.5.10 from 192.168.11.65. But I cannot ping

192.168.5.149 from 192.168.11.65.
Reply to
soup_or_power

oops...the diagram didn't post as I typed. The host 192.168.11.65 was meant to be under 192.168.11.0

Thanks

Reply to
soup_or_power

Here is the network diagram Wave2WaveRouter | | Office firewall (192.168.5.1) | | office router |------------------------------------------------------------------- | |

192.168.5.0 192.168.11.0

192.168.5.10

192.168.11.65 192.168.5.149

I can ping 192.168.5.10 from 192.168.11.65 but not 192.168.5.149

Reply to
soup_or_power

Wasn't there already another thread on this problem? Why did you start a new one instead of continuing that one?

Reply to
Barry Margolin

Have you done a ping while monitoring?

Alex.

Reply to
AM

On your office router, do you have 192.168.5.x set up as a /24 network or do you break it out further?

Do a sh ip ro 192.168.5.10 and a sh ip ro 192.168.5.149 and put the output from each back in a reply.

Traceroute from 192.168.11.65 to the two 192.168.5.x IPs.

The diagram makes it look like the firewall and the router are two different devices. Is that right?

Grog

Reply to
Grog

192.168.5.x is set up as a /24 network

Corp-WAN>sh ip ro 192.168.5.10 Routing entry for 192.168.5.0/24 Known via "connected", distance 0, metric 0 (connected, via interface) Routing Descriptor Blocks: * directly connected, via FastEthernet0/1 Route metric is 0, traffic share count is 1

Corp-WAN>sh ip ro 192.168.5.149 Routing entry for 192.168.5.0/24 Known via "connected", distance 0, metric 0 (connected, via interface) Routing Descriptor Blocks: * directly connected, via FastEthernet0/1 Route metric is 0, traffic share count is 1

Traceroute from 192.168.11.65 to 192.168.5.149 Primary DNS: 192.168.5.10 Failed to resolve Hop#1 [DNS Servers Reports Query Name Error] Time out! Failed to resolve Hop#50[DNS Server Reports Query Name Error] Timeout!

Traceroute from 192.168.11.65 to 192.168.5.10 Primary DNS: 192.168.5.10 Failed to resolve Hop#1 [DNS Servers Reports Query Name Error] Failed to resolve Hop#50[DNS Server Reports Query Name Error] Finished Trace for 192.168.5.10

BTW, I'm using Trellian Traceroute program.

Yes. The outside ip of the firewall is 209.178.198.242 and the inside ip is 192.168.5.1

Thanks

Reply to
soup_or_power

Yes!

Reply to
soup_or_power

Regarding traceroute for 192.168.5.149 this is how it looks in the main window of Trellian software

192.168.11.253 0.0.0.0

Traceroute for 192.168.5.10 looks like

192.168.11.253 192.168.5.10

I guess the traceroute for 192.168.5.149 has failed

Regards

Reply to
soup_or_power

I set the gateway on 192.168.5.149 to 192.168.5.2 (router's FastEthernet interface) and everything worked fine!

Many thanks for your help.

Reply to
soup_or_power

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.