May be I dont understand something but I don't have any idea what default gateway those hosts have. They are not under my control. I only have ethernet outlet and the information that it is connected to dummy L2 switch which serves for 2 LANs. As I said I can ping hosts on those LANs whis the only limitation that I need to provide the source address for the "secondary" net. In my opinion it means that packets that go out of FastEth4 have default 1.1.1.1 src address. When I explicitly change it with the source directive the result is positive, but it's not enough. I want packets destined for 2.2.2.0 to go out F4 with 2.2.2.1 return address (not 1.1.1.1 which they don't know where to send).

I guess we can safely rule out notion that F4 doesn't answer arp requests on 2.2.2.1 behalf. In this case "ping 2.2.2.6 sour 2.2.2.1" wouldn't come back.

I'm stuck. I have pretty much the same configuration in my office LAN with HP router having secondary address and packets for both LANs go without troubles.

Any ideas?

Victor

I am slightly confused and hope that you can clarify. In the original post you mentioned a HP router that works with this. I am not clear whether the HP is at your office (not where you currently are) and works there or whether the HP is where you currently are and works in the situation when the Cisco does not. Perhaps you can clarify this?

HTH

Rick

I see. I guess I should not have mentioned HP at all. It's a distraction, please, don't pay attention to it.

In my original post I simplyfied things a bit. Now I feel I nedd to explain it all.

There are 2 places A & B.

A is where I work and where I am located. It has 2 nets 192.168.0.0 /24 & 192.168.1.0 /28 and HP edge router with outside ip 3.3.3.1 /29.

B is a remote place, location unknown. There is cisco 851 there which has primary ip 1.1.1.1 /28 and to which I have a route. It also (obviously) connected to lan which I don't care about.

What I am interested in is another LAN (2.2.2.0/29)that is on the same switch with 1.1.1.0. Cisco see it, can ping it, provided I specify a source address. But I can not give source address to routing rules.I need to reach 2.2.2.0 from A as I do primary B.

Hope it clarifies things, tough now I feel something is not right.

Victor

The symptoms that you describe make a bit more sense now. And they sound like a problem with end stations not with the router. If the router can ping the end stations when you specify a source address in 2.2.2 then it demonstrates that there is a good physical path and demonstrates basic IP connectivity. If the router can not ping the end stations if you use the default source address then it is likely that the end stations can not communicate with anything that is not on the local LAN. That is an end station problem and not a router problem.

HTH

Rick

But this is exactly what I want - the router to appear "local" for both LANs. Now when I thought it over again I feel I need NAT for packets source address mangling.

May be this picture explanes things better than the verbal content.

192.168.0.0/24----+>R(HP)-3.3.3.1/29--intranet--1.1.1.1/28(pri)+-R(cisco)-<192.168.1.32/28

192.168.1.112/28+____nothing_is_here_____2.2.2.1/29(sec)+

R - is router

+ - physical connection

Let me repeat an objective once again: reach hosts on 2.2.2.0 subnet from 192.168.0.0

Victor

Are you saying that you want 1.1.1.x to see the router 1.1.1.1 as local, for 2.2.2.x to the router 2.2.2.1 as local and for 1.1.1.x and 2.2.2.x to not see each other as local? If so then you need to configure it as VLANs instead of as secondary addresses. If 1.1.1.x and 2.2.2.x are in the same VLAn then they are not separated.

HTH

Rick

I was in a process of actively editing my message when I see that it has already been answered :)

Absolutely, I don't care about 1.1.1.x & 2.2.2.x being separated, so there is no need for a VLAN

Victor

I have re-read the posts in this thread. I continue to believe that the symptoms you describe suggest that the issue is the default gateway on the end stations. I know that you have explained that you do not control these end stations. But for 192.168.0.0 to access 2.2.2.x the end stations must have a default gateway of the address on the router (2.2.2.1).

In one of your posts you mention the possibility of trying to use NAT to solve this issue. I do not believe that NAT will solve this problem. If you do not control those end stations then I believe that you need to communicate with whoever does control them and verify what they are currently configured with as default gateway.

HTH

Rick

Thx. your opinion is very valuable for me. For now the idea of building a tunnel from 192.168.0.x to cisco and then NAPT these packets seems very appealing. I should try it first.

Thx. your opinion is very valuable for me. For now the idea of building a tunnel from 192.168.0.x to cisco and then NAPT these packets seems very appealing. I should try it first.