03-28-2010 07:54 AM - edited 03-07-2019 12:33 AM
My network layout:
internet>cisco1841>asa5510>4006>network
From the 1841 I can ping outside I can ping the .193 and .194 address. I cannot ping the inside network 192.168.100.0.
From the Firewall and the Network I can ping the .170 the .193 and .194. I cannot ping the Gateway .169.
I know it is something simple that I am overlooking.
I have included the config files from all 3 devices.
Any help would be welcomed.
TIA
Leonard
03-28-2010 08:25 AM
Hi Leonard,
On your 1841, I donot see the route for your inside network, 192.168.100.0. You can add a static route for your inside network and point nexthop to ASA.
HTH,
Lei Tian
Each time you rate a CSC discussion we'll donate $1 to the American Red Cross Haiti fund up to a maximum donation of $10,000 USD.
03-28-2010 11:42 AM
Lei,
Thanks for the reply.
I tried adding ip route 192.168.100.0 255.255.255.0 xxx.xxx.xxx.194 and it didn't work.
03-28-2010 11:44 AM
Leonard
When you try to ping from the inside network what device IP address are you pinging from ?
Jon
03-28-2010 11:51 AM
Hi Jon,
I have tried it from the asa 192.168.100.5 and from my workstation 192.168.100.80.
03-28-2010 12:01 PM
Leonard
Are you sure the ISP is routing x.x.x.192 255.255.255.192 back to your 1841 router ?
Jon
03-28-2010 12:07 PM
Jon,
Here is the wierd part I can change the ip address on the asa to xxx.xxx.xxx.170 and hook the asa directly into their interface and I can get outside. I also have to change the default route to xxx.xxx.xxx.169. The problem with this is I cannot use my outside IP addresses.
03-28-2010 12:15 PM
desotobocc wrote:
Jon,
Here is the wierd part I can change the ip address on the asa to xxx.xxx.xxx.170 and hook the asa directly into their interface and I can get outside. I also have to change the default route to xxx.xxx.xxx.169. The problem with this is I cannot use my outside IP addresses.
Leonard
That makes sense. If you hook the ASA into their interface then your inside clients get Natted to the .170 address as they go out to the internet. This is routed correctly back to your ASA.
I suspect from what you are saying that the x.x.x.192/26 might not be routed back to your 1841.
Perhaps you could provide one of the x.x.x.192 addresses so i can do a traceroute to see if it is getting routed to you ?
Jon
03-28-2010 12:28 PM
216.45.247.193
03-28-2010 12:34 PM
desotobocc wrote:
216.45.247.193
Leonard
Just did a traceroute to the above address and the last hop reported before it timed out was 68.86.92.126 which does not appear to be the outside IP of your 1841 ie. x.x.x.170/30.
So i think your issue is with the ISP. You need to talk to the ISP who supplied the x.x.x.192/26 range to make sure they are routing that to you.
Jon
Cisco are currently donating money to the Haiti earthquake appeal for every rating so please consider rating all helpful posts.
03-28-2010 01:07 PM
Thanks Jon I have a call into them. Would that stop me from pinging the 192.168.100.5 from the router?
03-28-2010 01:11 PM
desotobocc wrote:
Thanks Jon I have a call into them. Would that stop me from pinging the 192.168.100.5 from the router?
From the router you can't ping 192.168.100.x addresses because these haven't been made available to the outside interface of your firewall ie. you are presenting internal 192.168.100.x addresses as x.x.x.192/26 addresses. If you wanted to ping a 192.168.100.x address from the router you would need something like -
static (inside,outside) 192.168.100.5 192.168.100.5 netmask 255.255.255.255
but i wouldn't do that to be honest unless you just want to test.
Jon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide