1. Home
  2. Cisco Systems
  3. Routing problem

Routing problem

I am working right now with a single router. Ethernet connection is pointing towards my firewall and my serial connection my internal network. I can ping my firewall from my router but if I do a extended ping I cannot reach my firewall from my internal network.

2500B#ping 192.168.20.98

Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.20.98, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/12/48 ms

2500B#ping Protocol [ip]: Target IP address: 192.168.20.98 Repeat count [5]: Datagram size [100]: Timeout in seconds [2]: Extended commands [n]: y Source address or interface: 192.168.40.2 Type of service [0]: Set DF bit in IP header? [no]: Validate reply data? [no]: Data pattern [0xABCD]: Loose, Strict, Record, Timestamp, Verbose[none]: Sweep range of sizes [n]: Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.20.98, timeout is 2 seconds: ..... Success rate is 0 percent (0/5)

2500B#show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route

Gateway of last resort is 192.168.20.98 to network 0.0.0.0

192.168.40.0/30 is subnetted, 1 subnets C 192.168.40.0 is directly connected, Serial0 192.168.20.0/28 is subnetted, 1 subnets C 192.168.20.96 is directly connected, Ethernet0 S* 0.0.0.0/0 [1/0] via 192.168.20.98

I am unable to reach my firewall at 192.168.20.98 from 192.168.40.2 s0.

I have been working on this a few days and cannot figure it out.

2500B#show run Building configuration...

Current configuration : 771 bytes ! version 12.1 no service single-slot-reload-enable service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname 2500B ! enable password 7 151A0E1E09253825 ! ! ! ! ! ip subnet-zero no ip domain-lookup ip host 2500A 192.168.40.1 ! ! ! ! interface Ethernet0 ip address 192.168.20.107 255.255.255.240 ! interface Serial0 ip address 192.168.40.2 255.255.255.252 ! interface Serial1 no ip address shutdown ! router rip version 2 passive-interface Ethernet0 network 192.168.20.0 network 192.168.40.0 ! ip classless ip route 0.0.0.0 0.0.0.0 192.168.20.98 no ip http server ! ! line con 0 password 7 10460C0B0818010A logging synchronous login line aux 0 line vty 0 password 7 0829495C04161616 login line vty 1 4 login ! end

Reply to
bob
Loading thread data ...

Is your firewall configured to route

192.168.40.0/30 via 192.168.20.107 ??

If that's not the case, the replies to your ping will be sent elsewhere by the firewall.

Rainer

Reply to
Rainer Temme

The firewall is my gateway to the internet. I can ping the firewall sucessfully from the router, however when I try to ping from the serial interface of the router through the ethernet interface I get nothing. I am using a sonic wall soho 3 which will be replace by a PIX

520 as soon as I finish my CCNA studies. I only thought that you had to make allow trafic both ways with an ACL (which I am not using). I cannot wait to get past this CCNA so I can fire up my PIX. I know it is overkill for my needs, but it is what I need for my cisco pathway.

Bob

Reply to
Xevius

Not on a router ... if there is no ACL all traffic is allowed.

Try a traceroute from the fire to the router (and vice versa) ... May be that digs up something.

Reply to
Rainer Temme

Does your firewall know where 192.168.40.0/30 is? It needs a route to that network via 192.168.20.107 else it ain't gonna work. You could put a static route on the firewall for it, although I guess you want it to learn about the route (and others) via RIP. RIP is not advertising to the firewall because of the passive-interface command. If you are expecting it to work via RIP then you could remove the passive-interface command and make sure that the firewall is running RIP.

Luggy

Reply to
Luggy

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.