Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

WAN Link help...

I just intalled a new WAN link to our production facility.. At Site-A, I have a Firewall connected to the net and internal interface of 192.168.1.1 . I have the WAN router Eth0 192.168.1.2 . The Site-A WAN router is connected to the Site-B WAN router with a Frame.. The Site-B WAN router Eth0 is 192.168.2.1 ..

From the Site-A WAN router I can ping the Firewall's internal interface and the outside world. But from the Site-B router I cannot ping the Firewall or the outside world..

A trace route from a host on the Site-B network hits the Site-B WAN router (192.168.2.1), hits the Site-A WAN router (192.168.1.2) but then just stalls...

1 <10 ms <10 ms <10 ms 192.168.2.1

2 <10 ms <10 ms <10 ms 192.168.1.2

3 * * * Request timed out.

4 * * * Request timed out.

5 * ^C

This is the Site-A router config.....

Current configuration : 1206 bytes

!

version 12.1

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname SITE-A-FR-01

!

enable password XXXXXX

!

!

!

!

!

memory-size iomem 25

ip subnet-zero

no ip finger

ip name-server XXX.XXX.XXX.XXX

!

!

!

!

interface Serial0

no ip address

encapsulation frame-relay

service-module t1 remote-alarm-enable

frame-relay lmi-type ansi

!

interface Serial0.1 point-to-point

description connected to SITE-B-FR-01

ip unnumbered FastEthernet0

frame-relay interface-dlci 16

!

interface FastEthernet0

description connected to EthernetLAN_1

ip address 192.168.1.2 255.255.255.0

no keepalive

speed auto

!

router rip

version 2

network 192.168.1.0

no auto-summary

!

ip classless

ip route 0.0.0.0 0.0.0.0 192.168.1.1

ip route 192.168.2.0 255.255.255.0 Serial0.1 permanent

ip http server

!

snmp-server community public RO

snmp-server location

snmp-server contact

banner motd

!

line con 0

exec-timeout 0 0

password XXXXX

login

transport input none

line aux 0

line vty 0 4

password XXXXX

login

!

no scheduler allocate

end

5 REPLIES
New Member

Re: WAN Link help...

Check the firewall config. Some firewalls wouldn't respond to icmp except from predefined addresses/networks, that a "stealth" rule. Also if you're just adding site B, the firewall needs to know about it and permit communication from the new subnet to the outside world.

Simply on firewalls everything is denied unless explicitly permitted!

New Member

Re: WAN Link help...

I'm guessing that the Firewall doesn't know where the 192.168.2.0 network lives. You need to enter a route on the firewall to send all traffic for network 192.168.2.0 to 192.168.1.2 (your WAN router). Hope this helps.

New Member

Re: WAN Link help...

I think that is the prob... thanks for jaring my brain!! now i just gotta deal with that @#$$%# FireBox fire wall... GUI driven !@!#$%$#..!!

New Member

Re: WAN Link help...

I feel for ya..I've installed hundreds of Watchguards since 1997! Which one do you have a Firebox II? And what software version? The latest I believe is 5.0

Anyway it's pretty straight forward to add a static route on the firewall.

Good luck!

New Member

Re: WAN Link help...

Michael.. yeah it's a FireBoxII with version 4.61 running on it.. How do you add Static routes to it?? I don't see anyting in the manual about static routes and i didn't see anyting poking around in the GUI either.. any help would be great!!! I might shoot you an e-mail as well...

THANKS!!

116
Views
0
Helpful
5
Replies
CreatePlease to create content