Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Lan to Lan router ios firewall

Hello, i want to install a router with two interfaces fastethernet between my Lan and a prolan as a firewall.

Lan-----Router/firewall----RouterProlan------Network's partners/RoamingUsers

I have configured only the routing and Nat without filtering but it don't work

I can ping only the 192.168.51.0 network but no others networks in the prolan. And roaming users cannot access to Lan

Any help

It's 1721 router with a Cisco 4-port 10/100BASE-T Fast Ethernet Switch WAN Interface Card (WIC-4ESW)

Thanks

3 REPLIES
Blue

Re: Lan to Lan router ios firewall

please provide a "show ip route" output.

please provide the source & destination addresses you're trying to get to communicate.

also, i dont see a proper network for VLAN1 begin serviced by OSPF.

your OSFP is servicing:

10.166.50.0/24 and (network 10.166.50.0 0.0.0.255)

10.166.0.0 - 10.166.3.255 (network 10.166.0.0 0.0.3.255)

where is the VLAN1 network 10.166.10.0/22 in ospf? if your source network is 10.166.10.0/22 and you have no static routes on the other routers for this network, it should not work. you need to get OSPF to advertise 10.166.10.0/22.

a better OSPF network entry could be:

network 10.166.50.0 0.0.0.255 area 0 (advertise 10.166.50.0/24)

network 10.166.10.0 0.0.3.255 area 0 (advertise 10.166.10.0 - 10.166.13.255)

Blue

Re: Lan to Lan router ios firewall

oops...did i do my 10.166.0.0 0.0.3.255 calculation right? verify plz...may have mistated this....

also, since your access-lists in use on the interfaces allow all IP, then remove them for a test without them to see if you get different results.

New Member

Re: Lan to Lan router ios firewall

I tought network 10.166.0.0 0.0.3.255 area 0 is to advertise the 10.166.0.0 /22 network isn't?

But i made a mistake here my network is 10.166.8.0 /22

So opsf command should be network 10.166.8.0 0.0.3.255 area 0 is it right?

I have the same problem with or without access-list

Also i have the same problem with a static route

For exemple Destination adress 192.168.53.7 (host in the partner metwork via the prolan) Source address host 10.166.11.30 /22

I have the problem, even if i enter an ip route 192.168.53.0 255.255.255.0 10.166.50.1(the prolan router). And i ve a default route ip route 0.0.0.0 0.0.0.0 10.166.50.1

Lan---------------routerfirewall--------Routerprolan

10.166.8.0/22 F1 F0 10.166.50.1

The interface F1 is the first interface of the WIC-4ESW i ve plugged a cable from F1 to the Lan switches

I ve putted F1 in vlan 1 because i cannot enter an ip address to F1

is it correct config?

90
Views
0
Helpful
3
Replies