01-14-2002 09:21 AM - edited 03-01-2019 08:02 PM
I just intalled a new WAN link to our production facility.. At Site-A, I have a Firewall connected to the net and internal interface of 192.168.1.1 . I have the WAN router Eth0 192.168.1.2 . The Site-A WAN router is connected to the Site-B WAN router with a Frame.. The Site-B WAN router Eth0 is 192.168.2.1 ..
From the Site-A WAN router I can ping the Firewall's internal interface and the outside world. But from the Site-B router I cannot ping the Firewall or the outside world..
A trace route from a host on the Site-B network hits the Site-B WAN router (192.168.2.1), hits the Site-A WAN router (192.168.1.2) but then just stalls...
1 <10 ms <10 ms <10 ms 192.168.2.1
2 <10 ms <10 ms <10 ms 192.168.1.2
3 * * * Request timed out.
4 * * * Request timed out.
5 * ^C
This is the Site-A router config.....
Current configuration : 1206 bytes
!
version 12.1
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname SITE-A-FR-01
!
enable password XXXXXX
!
!
!
!
!
memory-size iomem 25
ip subnet-zero
no ip finger
ip name-server XXX.XXX.XXX.XXX
!
!
!
!
interface Serial0
no ip address
encapsulation frame-relay
service-module t1 remote-alarm-enable
frame-relay lmi-type ansi
!
interface Serial0.1 point-to-point
description connected to SITE-B-FR-01
ip unnumbered FastEthernet0
frame-relay interface-dlci 16
!
interface FastEthernet0
description connected to EthernetLAN_1
ip address 192.168.1.2 255.255.255.0
no keepalive
speed auto
!
router rip
version 2
network 192.168.1.0
no auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.1
ip route 192.168.2.0 255.255.255.0 Serial0.1 permanent
ip http server
!
snmp-server community public RO
snmp-server location
snmp-server contact
banner motd
!
line con 0
exec-timeout 0 0
password XXXXX
login
transport input none
line aux 0
line vty 0 4
password XXXXX
login
!
no scheduler allocate
end
01-14-2002 10:34 AM
Check the firewall config. Some firewalls wouldn't respond to icmp except from predefined addresses/networks, that a "stealth" rule. Also if you're just adding site B, the firewall needs to know about it and permit communication from the new subnet to the outside world.
Simply on firewalls everything is denied unless explicitly permitted!
01-14-2002 11:51 AM
I'm guessing that the Firewall doesn't know where the 192.168.2.0 network lives. You need to enter a route on the firewall to send all traffic for network 192.168.2.0 to 192.168.1.2 (your WAN router). Hope this helps.
01-14-2002 01:10 PM
I think that is the prob... thanks for jaring my brain!! now i just gotta deal with that @#$$%# FireBox fire wall... GUI driven !@!#$%$#..!!
01-14-2002 02:53 PM
I feel for ya..I've installed hundreds of Watchguards since 1997! Which one do you have a Firebox II? And what software version? The latest I believe is 5.0
Anyway it's pretty straight forward to add a static route on the firewall.
Good luck!
01-14-2002 03:13 PM
Michael.. yeah it's a FireBoxII with version 4.61 running on it.. How do you add Static routes to it?? I don't see anyting in the manual about static routes and i didn't see anyting poking around in the GUI either.. any help would be great!!! I might shoot you an e-mail as well...
THANKS!!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: