I have a Cisco 2600 router with two FETHERs. 0/0 is connected to a closed network and 0/1 is connected to our regular corporate network. I have setup a firewall PC between the closed network and the corporate network. When I connect the firewall PC directly to the switch of our corporate network, I am able to browse the Internet. When I place the router between the firewall and the corporate network, in the same port, from the firewall I can no longer browse the Internet. From the router, I am able to ping both the firewall, which is directly connected, and the VLAN gateway, which is also directly connected. I am also able to ping just about anywhere else on the corporate network to include out to the Internet. However, when the firewall pings, it is only able to ping to the far-side of the router. It can't even ping the next hop which is the VLAN gateway on the switch. I have added a route to the outside on the router but whenever I do a traceroute from the firewall, it always ends on the near-side router interface. I have also added a gateway of last resort which is pointing to the far-side interface. Can anyone tell me what I am missing? (Please don't bother asking why I want the router between the firewall and our corporate network..... long story & not important.)
Acutally, the only access-lists that I have are deny anything from that network except www traffic. Actually, your right about the ICMP traffic from the firewall to the corp net. I remembered after I sent the message. I will try NATting. Thank you. I'll let you know. Any recommendation/examples on access-lists for internet.
[toc:faq]The ProblemOn traditional switches whenever we have a trunk
interface we use the VLAN tag to demultiplex the VLANs. The switch needs
to determine which MAC Address table to look in for a forwarding
decision. To do this we require the switch to do...
[toc:faq]Introduction:Netdr is a tool available on a RSP720, Sup720 or
Sup32 that allows one to capture packets on the RP or SP inband. The
netdr command can be used to capture both Tx and Rx packets in the
software switching path. This is not a substitut...
IntroductionOSPF, being a link-state protocol, allows for every router
in the network to know of every link and OSPF speaker in the entire
network. From this picture each router independently runs the Shortest
Path First (SPF) algorithm to determine the b...