Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

Can't figure this out

Hello All:

Rather than a long explination, I have my network diagram posted here:

http://24.225.238.137/network.jpg

I need machines in the dmz 172.16.1.x to be able to reach machines on the 2.x segment. The routing will be done on the sonicwall. I have tried every conceivable route and cannot get it. Any help would be apprecaited.

Note - the sonicwall where the DMZ is attached is connected a 1721 router which is connected to the 3640 router. The line between the 1721 and 3640 did not show up when the diagram was saved to website.

Thanks

3 REPLIES
Cisco Employee

Re: Can't figure this out

Can you give us a bit more information on whether you are running a routing protocol between th 1721 and 3640. If so, you have a route for 10.0.2.0/24 configured on the SonicWall pointing to the 1721. You also have to configure a route for 172.16.1.0/24 on the 1721 point to the Sonicwall interface address and redistribute this route in your routing protocol. If you don't use a routing protocol between the 1721 and 3640, you will need the configure a static route for 172.16.1.0/24 on the 3640 point to the 1721.

Hope this helps,

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
New Member

Re: Can't figure this out

Thanks! You nailed it. The route statement on the 3640 did it.

Struggling to understand why. DMZ boxes could ping all the way to 4.2 which is an ethernet on the 1721. On the 1721 there was a route statement 10.0.2.0 255.255.255.0 10.0.4.1.

I would think that this would've done it. If it's not too much trouble, can you explain why the 3640 needed a route statement back to the DMZ?

Thanks again!

Cisco Employee

Re: Can't figure this out

You basically had a route to get there but as far as I can see you had no route back to 172.16.1.0/24 causing the echo reply packets to be dropped. Unless you had a default route on the 3640 pointing back to the 1721, this specific route is required.

Let me know if that answers your question,

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
98
Views
10
Helpful
3
Replies
CreatePlease to create content