Thanks for help... anyway still can't ping zywall on 92.x.x.253 address. More info:

cisco#sh arp

Protocol  Address          Age (min)  Hardware Addr   Type   Interface

Internet  10.0.1.10                  7   0010.b5d8.f828  ARPA   FastEthernet0/0

Internet  10.0.1.1                    -   001c.5849.9024  ARPA   FastEthernet0/0

Internet  80.x.x.1                  16   0030.8550.58af  ARPA   FastEthernet0/1

Internet  92.x.x.254                -   001c.5849.9025  ARPA   FastEthernet0/1

Internet  92.x.x.253                0   Incomplete      ARPA

Internet  80.65.83.48             -   001c.5849.3025  ARPA   FastEthernet0/1

and this:

007071: *Mar  9 23:32:30.578 CST: IP ARP req filtered src 92.x.x.253 0013.491e.77cb, dst 92.x.x.254 0000.0000.0000 wrong cable, interface FastEthernet0/0

007072: *Mar  9 23:32:30.754 CST: IP ARP: sent req src 92.x.x.254 001c.5889.9025,

                 dst 92.x.x.253 0000.0000.0000 FastEthernet0/1

007073: *Mar  9 23:32:30.754 CST: IP ARP: sent req src 92.36.231.254 0,

                 dst 92.x.x.253 0 FastEthernet0/1

Sorry but I'm not following you. 92.x.x.254 is wan interface on cisco (secondary ip address) and 92.x.x.253 is wan interface on zywall p1 (image in first post).

Uh oh... it was late night here sorry... you said gateway for zywall p1 and i refered to external interface ip address. I'll check this out. thnks!

Gateway on p1 is set to 92.x.x.254... i can't even ping this py from outside.

Here's my config:

Current configuration : 3518 bytes

!

version 12.4

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

service password-encryption

service sequence-numbers

!

hostname cisco

!

boot-start-marker

boot-end-marker

!

security authentication failure rate 3 log

security passwords min-length 6

!

no aaa new-model

!

resource policy

!

clock timezone CST -1

clock summer-time CDT recurring

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

ip subnet-zero

no ip source-route

ip cef

!

!

ip tcp synwait-time 10

no ip dhcp use vrf connected

!

!

no ip bootp server

ip domain name mikroaldi.org

ip name-server 195.x.x.10

ip name-server 195.x.x.20

!

!

!

!

interface FastEthernet0/0

description LAN

ip address 10.0.1.1 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

ip route-cache flow

duplex auto

speed auto

no mop enabled

!

interface FastEthernet0/1

description WAN

ip address 92.x.x.254 255.255.255.252 secondary

ip address 80.x.x.48 255.255.255.192

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat outside

ip route-cache flow

duplex auto

speed auto

no mop enabled

!

interface Serial0/0/0

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

shutdown

!

ip classless

ip route 0.0.0.0 0.0.0.0 80.x.x.1

!

no ip http server

ip nat inside source list 101 interface FastEthernet0/1 overload

ip nat inside source static tcp 10.0.1.10 80 80.x.x.48 80 extendable

ip nat inside source static 92.x.x.253 92.x.x.254

!

logging trap debugging

access-list 101 permit ip any any

no cdp run

!

control-plane

!

banner login ^CAuthorized access only!

Disconnect IMMEDIATELY if you are not an authorized user!^C

!

line con 0

line aux 0

line vty 0 4

!

scheduler allocate 4000 1000

end

Any clue?

My primary IP address is 80.x.x.48 and after a while i needed 2 more addresses so they gave me these 92.x.x.252 / 30.

And yes.. I want to make zywall accessible from internet by using one of these 92.x.x.252. In this case 92.x.x.253.