10-07-2009 04:16 AM - edited 03-06-2019 08:01 AM
Hi,
I have already wrote about connecting two networks over 876, but I want to connect it to my company network 836 router.
Because 836 doesn't support VLAN I used 876 to make a test enviroment that can interconnect with our network.
Problem is I can't ping automatically computers in work enviroment from test enviroment. Only if I ping from some work enviroment machine to test enviroment machine, I can ping back.
I suppose some more configuration needs to be set on cisco 876 router.
It's configuration is like this:
Router#sh run
Building configuration...
Current configuration : 1215 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.80.248.1 10.80.248.31
!
ip dhcp pool FJ099230
network 10.80.248.0 255.255.255.192
bootfile pxelinux.0
next-server 10.80.248.1
dns-server 192.168.85.3 192.168.85.1
default-router 10.80.248.30
lease 1 2
!
!
!
!
!
!
!
!
!
!
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
!
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
dsl operating-mode auto
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
switchport access vlan 2
!
interface Vlan1
ip address 192.168.85.217 255.255.255.0
!
interface Vlan2
ip address 10.80.248.30 255.255.255.192
!
interface Vlan3
no ip address
!
!
!
no ip http server
no ip http secure-server
!
!
!
!
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
login
!
scheduler max-task-time 5000
!
webvpn context Default_context
ssl authenticate verify all
!
no inservice
!
end
Could someone help me with this?
10-07-2009 11:41 AM
Hello Aleksandar,
your configuration has been checked by Peter in your other thread and it looks like correct.
Peter has also noted how ping results can be affected by software firewalls running on Windows PCs.
From a routing point of view, that is OSI layer3, there is no difference between a ping that starts on test side and one that starts on production side IP subnets.
but for the firewalls there is difference they can discriminate between ICMP echo requests and ICMP echo replies they can deny incoming ICMP requests and they can allow outgoing ICMP requests and incoming ICMP replies.
Hope to help
Giuseppe
10-10-2009 05:50 AM
Ok,
Today I figured it out.
It's not problem with windows firewall at all - because it's deactivated.
Problem is because machines in our work enviroment don't have route to that subnet. When I do tracert to some machine in test enviroment it doesn't go through gatway I set for VLAN 1 it goes through our Cisco 836 router that connects us to our branch offices.
That's why I couldn't ping machines. But I forgot to mantion that I added static route.
Thanks for support anyway!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: