Announcement

Collapse
No announcement yet.

Can't ping through 3845 router

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Can't ping through 3845 router

    The layout:


    L3 Switch(192.168.1.2) ------3845(192.168.1.4)-----2621(192.168.4.1)


    The problem:

    2621 was a standalone office but was then connected via Point to Point.

    I can ping 1.2 from 2621 with a source IP of 192.168.10.1 but not 4.1.

    People in the DHCP pool for 4.0, can ping all of the 1.0 network.

    Also, none of the computers in the DHCP pool can ping the internet.

    I see the ip nat statements on 2621 that I don't need, but if I get rid of them, will it make anything break?

    THANK YOU VERY MUCH FOR YOUR HELP

    Here is the 2621 config: (the 3845 is in the next post)

    Current configuration : 7055 bytes
    !
    ! Last configuration change at 10:07:55 EST Wed Jan 9 2008 by
    ! NVRAM config last updated at 14:42:00 EST Tue Jan 8 2008 by
    !
    version 12.3
    service timestamps debug datetime msec localtime
    service timestamps log datetime msec localtime
    service password-encryption
    !
    hostname westbury2651
    !
    boot-start-marker
    boot-end-marker
    !
    logging buffered 4096 debugging
    enable secret 5
    !

    memory-size iomem 10
    clock timezone EST -5
    clock summer-time EST recurring 2 Sun Mar 2:00 1 Sun Nov 2:00
    no network-clock-participate slot 1
    no network-clock-participate wic 0
    no aaa new-model
    ip subnet-zero
    !
    !
    ip dhcp excluded-address 192.168.10.1 192.168.10.30
    ip dhcp excluded-address 192.168.4.1 192.168.4.30
    !
    ip dhcp pool ITS
    network 192.168.10.0 255.255.255.0
    option 150 ip 192.168.5.10
    default-router 192.168.10.1
    dns-server 192.168.1.186
    option 156 ascii "ftpservers=192.168.5.5"
    option 4 ip 192.168.4.1
    !
    ip dhcp pool CLAN
    network 192.168.4.0 255.255.255.0
    default-router 192.168.4.1
    netbios-name-server 192.168.1.186
    dns-server 192.168.1.183 192.168.1.186
    option 156 ascii "ftpservers=192.168.5.5, country=1, language=1, layer2taggin
    g=1, vlanid=10"
    !
    ip dhcp pool clan
    dns-server 192.168.1.186 192.168.1.183
    !
    !
    ip cef
    ip domain name mbaum.com
    ip host SJCIPTCM1 192.168.5.10
    ip name-server 192.168.1.183
    ip name-server 192.168.1.186
    ip audit po max-events 100
    no ftp-server write-enable
    !
    ccm-manager fallback-mgcp
    ccm-manager mgcp
    ccm-manager music-on-hold
    ccm-manager config server 192.168.5.10
    ccm-manager config
    !
    class-map match-any SHORETEL_VOIP
    match ip dscp ef
    match access-group 101
    match access-group 102
    class-map match-all VOICE
    match ip dscp ef
    match ip precedence 5
    match ip dscp cs5
    match ip dscp af31
    !
    !
    policy-map WAN-EDGE-1536kbps
    class VOICE
    priority 768
    policy-map VOIP_POLICY
    class SHORETEL_VOIP
    priority percent 75
    class class-default
    set dscp default
    fair-queue
    random-detect
    !
    !
    no crypto isakmp enable
    !
    interface FastEthernet0/0
    description 802.1q trunk to 2560 on F0/24
    no ip address
    speed 100
    full-duplex
    !
    interface FastEthernet0/0.4
    description CLAN
    encapsulation dot1Q 4
    ip address 192.168.4.1 255.255.255.0
    ip nat inside
    !
    interface FastEthernet0/0.10
    description TLAN
    encapsulation dot1Q 10
    ip address 192.168.10.1 255.255.255.0
    h323-gateway voip bind srcaddr 192.168.10.1
    !
    interface Serial0/0
    description Connection to Amherst, NY
    bandwidth 1536
    ip address 10.10.10.2 255.255.255.252
    service-policy output VOIP_POLICY
    service-module t1 timeslots 1-24
    service-module t1 remote-alarm-enable
    !
    interface Service-Engine0/0
    ip unnumbered FastEthernet0/0.10
    shutdown
    service-module ip address 192.168.10.10 255.255.255.0
    service-module ip default-gateway 192.168.10.1
    !
    interface FastEthernet0/1
    description Connection to Verizon DSL
    ip address 68.236.186.161 255.255.255.0
    ip nat outside
    duplex auto
    speed auto
    !
    interface ATM1/0
    description T3 to Amherst
    no ip address
    load-interval 30
    no atm ilmi-keepalive
    !
    interface ATM1/0.1 point-to-point
    ip address 192.168.9.2 255.255.255.0
    pvc 5/201
    vbr-nrt 44209 44209
    oam-pvc 0
    encapsulation aal5snap
    !
    !
    ip classless
    ip route 0.0.0.0 0.0.0.0 192.168.1.4
    ip route 192.168.1.0 255.255.255.0 192.168.9.1
    ip route 192.168.5.0 255.255.255.0 192.168.9.1
    ip route 192.168.9.0 255.255.255.0 192.168.9.1
    ip route 192.168.10.10 255.255.255.255 Service-Engine0/0
    ip route 192.168.50.0 255.255.255.0 192.168.9.1
    ip route 192.168.200.0 255.255.248.0 192.168.9.1
    !
    ip http server
    ip http authentication local
    no ip http secure-server
    ip http path flash:
    ip nat inside source list 1 interface FastEthernet0/1 overload
    ip nat inside source static tcp 192.168.4.3 3389 interface FastEthernet0/1 3389
    !
    !
    !
    map-list atm
    ip 192.168.9.1 atm-vc 1 broadcast
    access-list 1 permit any
    access-list 101 remark : ShoreTel Voice over IP Ports
    access-list 101 permit udp any any eq 2427
    access-list 101 permit udp any any eq 2727
    access-list 101 permit udp any any range 5440 5446
    access-list 102 remark : ShoreTel Server VoIP Packets
    access-list 102 permit udp host 192.168.5.5 gt 1024 any gt 1024
    !
    !
    !
    control-plane
    !

    !
    !
    call-manager-fallback
    secondary-dialtone 8
    max-conferences 4
    limit-dn 7940 2
    ip source-address 192.168.10.1 port 2000
    max-ephones 24
    max-dn 24 dual-line
    !
    banner motd ^CCCCCCC
    ^C
    !

    !
    ntp authenticate
    ntp clock-period 17208532
    ntp server 192.168.1.4
    ntp server 66.115.130.4
    ntp server 128.59.59.177
    ntp server 132.239.254.49
    !
    !
    end
    Thank you,

    Marc

  • #2
    3845 Config

    ----------------------------------------------------------------------------------------
    3845 CONFIG


    Baum3845GW#sh run
    Building configuration...

    Current configuration : 8248 bytes
    !
    ! Last configuration change at 14:54:29 EST Tue Jan 8 2008 by
    ! NVRAM config last updated at 14:35:57 EST Wed Jan 2 2008 by
    !
    version 12.4
    service timestamps debug datetime msec localtime
    service timestamps log datetime msec localtime
    service password-encryption
    service sequence-numbers
    !
    hostname
    !
    boot-start-marker
    boot system flash:c3845-spservicesk9-mz.124-2.T1.bin
    boot-end-marker
    !
    logging buffered 4096 debugging

    !
    no aaa new-model
    !
    resource policy
    !
    clock timezone EST -5
    clock summer-time EST recurring 2 Sun Mar 2:00 1 Sun Nov 2:00
    network-clock-participate wic 0
    network-clock-participate wic 1
    ip subnet-zero
    no ip dhcp use vrf connected
    !
    !
    ip cef
    !
    !
    ip domain name mbaum.com
    ip host SJCIPTCM1 192.168.5.10
    ip name-server 192.168.1.183
    ip name-server 192.168.1.176
    isdn switch-type primary-ni
    voice-card 0
    codec complexity medium
    no dspfarm
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !

    !

    controller T1 0/0/0
    framing esf
    linecode b8zs
    pri-group timeslots 1-24 service mgcp
    description Connection to Choice One PRI #1
    !
    controller T1 0/1/0
    framing esf
    linecode b8zs
    pri-group timeslots 1-24 service mgcp
    description Connection to Choice One PRI #2
    !
    class-map match-any SHORETEL_VOIP
    match ip dscp ef
    match access-group 101
    match access-group 102
    class-map match-all VOICE
    match ip dscp ef
    match ip dscp cs5
    match ip dscp af31
    match ip precedence 5
    !
    !
    policy-map WAN-EDGE-1536kbps
    class VOICE
    priority 768
    policy-map VOIP_POLICY
    class SHORETEL_VOIP
    priority percent 75
    !
    !
    !
    !
    interface GigabitEthernet0/0
    no ip address
    duplex full
    speed 1000
    media-type rj45
    no negotiation auto
    !
    interface GigabitEthernet0/0.1
    description Connection to Local Area Network (192.168.1.0/24)
    encapsulation dot1Q 1 native
    ip address 192.168.1.4 255.255.255.0
    no snmp trap link-status
    !
    interface GigabitEthernet0/0.5
    description Connection to Voice Network (192.168.5.0/24)
    encapsulation dot1Q 5
    ip address 192.168.5.4 255.255.255.0
    no snmp trap link-status
    !
    interface GigabitEthernet0/1
    description Connection to Firewall (X.X.X.X/30)
    ip address X.X.X.X 255.255.255.252
    duplex full
    speed 100
    media-type rj45
    no negotiation auto
    !
    interface Serial0/0/0:23
    no ip address
    isdn switch-type primary-ni
    isdn incoming-voice voice
    isdn bchan-number-order ascending
    no cdp enable
    !
    interface Serial0/1/0:23
    no ip address
    isdn switch-type primary-ni
    isdn incoming-voice voice
    no cdp enable
    !
    interface Serial0/3/0
    description Connection to WestBury, NY
    bandwidth 1536
    ip address 10.10.10.1 255.255.255.252
    shutdown
    service-policy output VOIP_POLICY
    !
    interface ATM1/0
    description Connection to ChoiceOne (6mbs)
    bandwidth 9264
    ip address X.X.X.X 255.255.255.252
    ip nat outside
    atm scrambling cell-payload
    no atm ilmi-keepalive
    pvc 5/10
    protocol ip X.X.X.X broadcast
    encapsulation aal5snap
    !
    !
    interface ATM2/0
    description T3 to Westbury
    no ip address
    load-interval 30
    atm clock INTERNAL
    no atm ilmi-keepalive
    !
    interface ATM2/0.1 point-to-point
    ip address 192.168.9.1 255.255.255.0
    pvc 5/201
    vbr-nrt 44209 44209
    encapsulation aal5snap
    !
    !
    ip classless
    ip route 0.0.0.0 0.0.0.0 X.X.X.X
    ip route X.X.X.X 255.255.255.252 GigabitEthernet0/1
    ip route 192.168.2.0 255.255.255.0 192.168.1.2
    ip route 192.168.3.0 255.255.255.0 192.168.1.2
    ip route 192.168.4.0 255.255.255.0 192.168.9.2
    ip route 192.168.5.0 255.255.255.0 192.168.1.2
    ip route 192.168.9.0 255.255.255.0 192.168.9.2
    ip route 192.168.10.0 255.255.255.0 192.168.9.2
    ip route 192.168.30.0 255.255.255.0 192.168.1.7
    ip route 192.168.50.0 255.255.255.0 192.168.1.1
    ip route 192.168.200.0 255.255.248.0 192.168.1.2
    ip route 192.168.200.0 255.255.255.0 192.168.1.2

    !
    !
    ip http server
    ip http authentication local
    ip http secure-server
    ip http timeout-policy idle 600 life 86400 requests 10000
    !
    access-list 1 permit any
    access-list 101 remark : ShoreTel Voice over IP Ports
    access-list 101 permit udp any any eq 2427
    access-list 101 permit udp any any eq 2727
    access-list 101 permit udp any any range 5440 5446
    access-list 102 remark : ShoreTel Server VoIP Packets
    access-list 102 permit udp host 192.168.5.5 gt 1024 any gt 1024
    snmp-server community FLTGmon RO
    !
    !
    !
    control-plane
    !
    !
    !
    voice-port 0/0/0:23
    !
    voice-port 0/1/0:23
    !
    voice-port 0/2/0
    timing hookflash-out 50
    !
    voice-port 0/2/1
    timing hookflash-out 50
    !
    voice-port 0/2/2
    !
    voice-port 0/2/3
    !
    ccm-manager fallback-mgcp
    ccm-manager mgcp
    ccm-manager music-on-hold
    ccm-manager config server 192.168.5.10
    ccm-manager config
    !
    mgcp
    mgcp call-agent SJCIPTCM1 2427 service-type mgcp version 0.1
    mgcp dtmf-relay voip codec all mode out-of-band
    mgcp rtp unreachable timeout 1000 action notify
    mgcp modem passthrough voip mode nse
    mgcp package-capability rtp-package
    no mgcp package-capability res-package
    mgcp package-capability sst-package
    no mgcp package-capability fxr-package
    mgcp package-capability pre-package
    no mgcp timer receive-rtcp
    mgcp sdp simple
    mgcp fax t38 inhibit
    mgcp rtp payload-type g726r16 static
    !
    mgcp profile default
    !
    !
    !
    dial-peer voice 999020 pots
    service mgcpapp
    port 0/2/0
    !
    dial-peer voice 999021 pots
    service mgcpapp
    port 0/2/1
    !
    dial-peer voice 1 pots
    preference 1
    destination-pattern 8.T
    direct-inward-dial
    !
    dial-peer voice 2 pots
    preference 2
    destination-pattern 8.T
    direct-inward-dial
    port 0/1/0:23
    !
    dial-peer voice 3 pots
    preference 3
    destination-pattern 8.T
    direct-inward-dial
    port 0/0/0:23
    !
    !
    !
    call-manager-fallback
    secondary-dialtone 8
    max-conferences 4 gain -6
    ip source-address 192.168.5.4 port 2000
    max-ephones 250
    max-dn 500 dual-line

    ^C
    !

    !
    scheduler allocate 20000 1000
    ntp clock-period 17179279
    ntp master
    ntp server 128.59.59.177
    !
    end
    Thank you,

    Marc

    Comment


    • #3
      Re: Can't ping through 3845 router

      Any ideas? I plan on adding at least one more subnet at that site and want to make sure they can get everywhere.

      Any help at all would be much appreciated.
      Thank you,

      Marc

      Comment


      • #4
        Re: Can't ping through 3845 router

        Can you please post the configs as an attachment.
        Also, please make a full drawing with all ip addresses.
        Marcel
        Technical Consultant
        Netherlands
        http://www.phetios.com
        http://blog.nessus.nl

        MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
        "No matter how secure, there is always the human factor."

        "Enjoy life today, tomorrow may never come."
        "If you're going through hell, keep going. ~Winston Churchill"

        Comment


        • #5
          Re: Can't ping through 3845 router

          Please see attachments.
          Attached Files
          Thank you,

          Marc

          Comment


          • #6
            Re: Can't ping through 3845 router

            If I'm right you want to allow internet access from one central point which is the ASA 5510.

            In that case you don't need nat on the 2621; Run the following commands

            no ip nat inside source list 1 interface FastEthernet0/1 overload
            no ip nat inside source static tcp 192.168.4.3 3389 interface FastEthernet0/1 3389
            !
            interface FastEthernet0/1
            no ip nat outside
            !
            interface FastEthernet0/0.4
            no ip nat inside

            However, before doing this, I can't see you're VPN configuration in the 2621 config.
            How did you connect both networks?
            Last edited by Dumber; 16th January 2008, 14:35. Reason: added a no.
            Marcel
            Technical Consultant
            Netherlands
            http://www.phetios.com
            http://blog.nessus.nl

            MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
            "No matter how secure, there is always the human factor."

            "Enjoy life today, tomorrow may never come."
            "If you're going through hell, keep going. ~Winston Churchill"

            Comment


            • #7
              Re: Can't ping through 3845 router

              Originally posted by Dumber View Post
              If I'm right you want to allow internet access from one central point which is the ASA 5510.

              In that case you don't need nat on the 2621; Run the following commands

              no ip nat inside source list 1 interface FastEthernet0/1 overload
              no ip nat inside source static tcp 192.168.4.3 3389 interface FastEthernet0/1 3389
              !
              interface FastEthernet0/1
              no ip nat outside
              !
              interface FastEthernet0/0.4
              ip nat inside

              However, before doing this, I can't see you're VPN configuration in the 2621 config.
              How did you connect both networks?
              There is no VPN. It is just the point to point T3 (9.1 to 9.2). That is why I route all traffic to the 9.1. Should I route 0.0.0.0 to 9.1 instead of 1.4 (both are the 3845)
              Thank you,

              Marc

              Comment


              • #8
                Re: Can't ping through 3845 router

                oh sorry, missed that one.

                Can you post the show ip route of both devices?
                also if you ping from the 2621 to the internal ipaddress from the 3845?
                Marcel
                Technical Consultant
                Netherlands
                http://www.phetios.com
                http://blog.nessus.nl

                MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                "No matter how secure, there is always the human factor."

                "Enjoy life today, tomorrow may never come."
                "If you're going through hell, keep going. ~Winston Churchill"

                Comment


                • #9
                  Re: Can't ping through 3845 router

                  Originally posted by Dumber View Post
                  oh sorry, missed that one.

                  Can you post the show ip route of both devices?
                  also if you ping from the 2621 to the internal ipaddress from the 3845?
                  I just noticed that I have been calling it a 2621 when it is actually a 2651. Shouldn't make a difference....

                  westbury2651#sh ip route
                  Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
                  D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
                  N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
                  E1 - OSPF external type 1, E2 - OSPF external type 2
                  i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
                  ia - IS-IS inter area, * - candidate default, U - per-user static route
                  o - ODR, P - periodic downloaded static route

                  Gateway of last resort is 192.168.1.4 to network 0.0.0.0

                  68.0.0.0/24 is subnetted, 1 subnets
                  C 68.236.186.0 is directly connected, FastEthernet0/1
                  C 192.168.9.0/24 is directly connected, ATM1/0.1
                  C 192.168.10.0/24 is directly connected, FastEthernet0/0.10
                  C 192.168.4.0/24 is directly connected, FastEthernet0/0.4
                  S 192.168.5.0/24 [1/0] via 192.168.9.1
                  S 192.168.50.0/24 [1/0] via 192.168.9.1
                  S 192.168.1.0/24 [1/0] via 192.168.9.1
                  S* 0.0.0.0/0 [1/0] via 192.168.1.4
                  S 192.168.200.0/21 [1/0] via 192.168.9.1
                  westbury2651#

                  (THE VERIZON DSL (FA0/1) IS NO LONGER THERE)

                  I can ping to both 9.1 and 1.4 on the 3845 from the 2651, but I can not ping 1.2 unless I make my source IP 10.1. This is where I get confused. AND all of the computers that get their DHCP from the 2621 CAN ping 1.2......

                  Baum3845GW#sh ip route
                  Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
                  D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
                  N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
                  E1 - OSPF external type 1, E2 - OSPF external type 2
                  i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
                  ia - IS-IS inter area, * - candidate default, U - per-user static route
                  o - ODR, P - periodic downloaded static route

                  Gateway of last resort is 64.*.*.* to network 0.0.0.0

                  69.0.0.0/30 is subnetted, 1 subnets
                  S 69.*.*.* is directly connected, GigabitEthernet0/1
                  S 192.168.30.0/24 [1/0] via 192.168.1.7
                  64.0.0.0/30 is subnetted, 2 subnets
                  C 64.*.*.* is directly connected, ATM1/0
                  C 64.*.*.* is directly connected, GigabitEthernet0/1
                  216.*.*.0/30 is subnetted, 1 subnets
                  S 216.*.*.* is directly connected, GigabitEthernet0/1
                  C 192.168.9.0/24 is directly connected, ATM2/0.1
                  216.*.*.0/29 is subnetted, 1 subnets
                  S 216.*.*.* is directly connected, GigabitEthernet0/1
                  S 192.168.10.0/24 [1/0] via 192.168.9.2
                  S 192.168.200.0/24 [1/0] via 192.168.1.2
                  S 192.168.4.0/24 [1/0] via 192.168.9.2
                  C 192.168.5.0/24 is directly connected, GigabitEthernet0/0.5
                  S 192.168.50.0/24 [1/0] via 192.168.1.1
                  C 192.168.1.0/24 is directly connected, GigabitEthernet0/0.1
                  S 192.168.2.0/24 [1/0] via 192.168.1.2
                  S 192.168.3.0/24 [1/0] via 192.168.1.2
                  S* 0.0.0.0/0 [1/0] via 64.*.*.*
                  S 192.168.200.0/21 [1/0] via 192.168.1.2
                  Baum3845GW#
                  Thank you,

                  Marc

                  Comment


                  • #10
                    Re: Can't ping through 3845 router

                    S* 0.0.0.0/0 [1/0] via 192.168.1.4

                    This should be 9.1
                    Marcel
                    Technical Consultant
                    Netherlands
                    http://www.phetios.com
                    http://blog.nessus.nl

                    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                    "No matter how secure, there is always the human factor."

                    "Enjoy life today, tomorrow may never come."
                    "If you're going through hell, keep going. ~Winston Churchill"

                    Comment


                    • #11
                      Re: Can't ping through 3845 router

                      Originally posted by Dumber View Post
                      S* 0.0.0.0/0 [1/0] via 192.168.1.4

                      This should be 9.1
                      I made this change and removed the nat statements and can still not ping 192.168.1.2 or the internet (128.59.59.177)

                      When I tracert from one of the computers down there to the internet, it always dies at 9.1.

                      westbury2651#sh ip route
                      Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
                      D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
                      N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
                      E1 - OSPF external type 1, E2 - OSPF external type 2
                      i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
                      ia - IS-IS inter area, * - candidate default, U - per-user static route
                      o - ODR, P - periodic downloaded static route

                      Gateway of last resort is 192.168.9.1 to network 0.0.0.0

                      68.0.0.0/24 is subnetted, 1 subnets
                      C 68.236.186.0 is directly connected, FastEthernet0/1
                      C 192.168.9.0/24 is directly connected, ATM1/0.1
                      C 192.168.10.0/24 is directly connected, FastEthernet0/0.10
                      C 192.168.4.0/24 is directly connected, FastEthernet0/0.4
                      S 192.168.5.0/24 [1/0] via 192.168.9.1
                      S 192.168.50.0/24 [1/0] via 192.168.9.1
                      S 192.168.1.0/24 [1/0] via 192.168.9.1
                      S* 0.0.0.0/0 [1/0] via 192.168.9.1
                      S 192.168.200.0/21 [1/0] via 192.168.9.1
                      westbury2651#
                      Last edited by tnshurtm; 16th January 2008, 18:34.
                      Thank you,

                      Marc

                      Comment


                      • #12
                        Re: Can't ping through 3845 router

                        You also need a Access-list on the ASA 5510 to allow traffic..
                        Marcel
                        Technical Consultant
                        Netherlands
                        http://www.phetios.com
                        http://blog.nessus.nl

                        MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                        "No matter how secure, there is always the human factor."

                        "Enjoy life today, tomorrow may never come."
                        "If you're going through hell, keep going. ~Winston Churchill"

                        Comment


                        • #13
                          Re: Can't ping through 3845 router

                          Originally posted by Dumber View Post
                          You also need a Access-list on the ASA 5510 to allow traffic..
                          I only have this problem from that subnet. I also have other subnets that have no problem getting to the internet. I looked through the config and access lists for rules specific to my networks and didn't see any for outbound. what should I look for? The config is pretty big and personal to post. If need be, I can try to scrub it and put it up here.

                          I did notice that the ip route for 4.0 is pointing to 1.2 (3750), which in turn routes it to 1.4 (3845). Should I change the firewall to route 4.0 to 1.4.

                          There is no routing for 9.0 on the firewall.
                          Thank you,

                          Marc

                          Comment


                          • #14
                            Re: Can't ping through 3845 router

                            Currently I'm bit out of time but a few guidlines which might push you in the right direction.

                            Make sure routing is setup correctly so everybody (routers, switches etc) knows where to find the subnets.
                            Make sure you don't have overlapping subnets otherwise routing gets nuts
                            Make sure there are no ACL's blocking the traffic
                            Make sure that gateways are in the same subnet as the device which uses that address as gateway.
                            Marcel
                            Technical Consultant
                            Netherlands
                            http://www.phetios.com
                            http://blog.nessus.nl

                            MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                            "No matter how secure, there is always the human factor."

                            "Enjoy life today, tomorrow may never come."
                            "If you're going through hell, keep going. ~Winston Churchill"

                            Comment

                            Working...
                            X