Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

3560 routing problems

Hope you can help me here…I'm having some issues with a router setup (I believe).

Config summary:

A 3560 router connect from port 0/1 to pcn, port 0/2 is connected to a netscreen 208 firewall with a dmz and an outside connection. The firewall was configured and testing before adding in the router switch and worked fine.

Testing:

- 3560 enhanced (I've attached a config file)

- can ping from the pcn to the outside interface on the router (192.168.3.1)

- cannot ping from the pcn to the firewall trusted port (192.168.3.2)

- can ping from the dmz to the outside port of the router (192.168.3.1)

- cannot ping from the dmz to inside port of the router (107.143.4.111)

- can ping from the router console to devices on the dmz

- can ping from the router console to devices on the pcn

version 12.2

no service pad

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname RTGSW_01

!

!

no aaa new-model

ip subnet-zero

ip routing

!

!

!

!

no file verify auto

spanning-tree mode pvst

spanning-tree extend system-id

!

--More-- vlan internal allocation policy ascending

!

!

interface GigabitEthernet0/1

no switchport

ip address 107.143.4.111 255.255.248.0

duplex full

!

interface GigabitEthernet0/2

no switchport

ip address 192.168.3.1 255.255.255.0

no ip redirects

no ip proxy-arp

duplex full

speed 100

!

interface GigabitEthernet0/3

!

interface GigabitEthernet0/4

!

interface GigabitEthernet0/5

!

interface GigabitEthernet0/6

--More-- !

interface GigabitEthernet0/7

!

interface GigabitEthernet0/8

!

interface GigabitEthernet0/9

!

interface GigabitEthernet0/10

!

interface GigabitEthernet0/11

!

interface GigabitEthernet0/12

!

interface GigabitEthernet0/13

!

interface GigabitEthernet0/14

!

interface GigabitEthernet0/15

!

interface GigabitEthernet0/16

!

interface GigabitEthernet0/17

!

--More-- interface GigabitEthernet0/18

!

interface GigabitEthernet0/19

!

interface GigabitEthernet0/20

!

interface GigabitEthernet0/21

!

interface GigabitEthernet0/22

!

interface GigabitEthernet0/23

!

interface GigabitEthernet0/24

!

interface GigabitEthernet0/25

!

interface GigabitEthernet0/26

!

interface GigabitEthernet0/27

!

interface GigabitEthernet0/28

!

interface Vlan1

--More-- no ip address

shutdown

!

ip classless

ip route 0.0.0.0 0.0.0.0 192.168.3.2

no ip http server

!

!

!

control-plane

!

!

line con 0

line vty 0 4

no login

line vty 5 15

no login

!

!

end

RTGSW_01#

4 REPLIES

Re: 3560 routing problems

What subnet is the DMZ in? what vlan? Who/what is the default gateway for the DMZ? Can you extended ping from 3560 sourcing from the 107.143.4.111 to the DMZ? Same question for pcn.

New Member

Re: 3560 routing problems

The DMZ is on 192.168.2.0 subnet, gateway is 192.168.2.1/24. Can ping from the switch console port to the DMZ, cannot ping from the pcn (107.143.0.0/21 to the DMZ, infact I can't even ping to the firewall interface (192.168.3.2).

New Member

Re: 3560 routing problems

...a recap,

the pcn connects to the 0/1 interface

the firewall connects to the 0/2 interface

can ping from inside the dmz to the 0/2 interface on the router

cannot ping from inside the dmz to the 0/1 interface on the router

can ping from inside the pcn to the 0/1 interface on the router

cannot ping from inside the pcn to the 0/2 interface on the router

can ping from the router console to systems on the dmz and systems on the pcn

Re: 3560 routing problems

Canyou ping from the firewal to the ip address if gig 0/1 of the 3750? If not, I would check the firewall's routing configuration. It must know how to get to 107.143.0.0/21.

119
Views
0
Helpful
4
Replies
CreatePlease to create content