caz1762
asked on
Can tracert to the internal address of the router but can't tracert to a machine on the internal network.. Checkpoint firewall going to a CISCO 1701 VPN
I have currently installed a CISCO 1701 at a remote site.. I have created the VPN link through our own cooperate firewall (checkpoint R55). I am able to successfully ping \ tracert to the internal IP address of the Cisco box but I am not able to ping \ tracert to a machine on the internal network.
When I tracert to the CISCO router the trace route completes after 2 HOPS.. This first hop being our firewall and the second being the router.
This is different if I tracert to the machine on the internal network in that I get as far as our firewall and then the tracert shows request timed out...
This one is really getting to me so any suggestions will be greatfully recieved..
Caz
When I tracert to the CISCO router the trace route completes after 2 HOPS.. This first hop being our firewall and the second being the router.
This is different if I tracert to the machine on the internal network in that I get as far as our firewall and then the tracert shows request timed out...
This one is really getting to me so any suggestions will be greatfully recieved..
Caz
ASKER
Hi,
I have tried placing the route on the machine to which I am connecting... This still doesn't work... The route I have added is as follow:
Route ADD (internal firewall address at my site) MASK 255.255.255.0 (internal IP address of the CISCO router at remote site)
Any other suggestions.. Is this a problem with our firewall or is it to do with the CISCO side of things...
Caz
I have tried placing the route on the machine to which I am connecting... This still doesn't work... The route I have added is as follow:
Route ADD (internal firewall address at my site) MASK 255.255.255.0 (internal IP address of the CISCO router at remote site)
Any other suggestions.. Is this a problem with our firewall or is it to do with the CISCO side of things...
Caz
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi,
Local Lan (checkpoint side) = 192.168.1.0
PC on local Lan = 192.168.x.x
Checkpoint FW inside IP = 192.168.1.t
Remote Lan (CISCO) = 10.2.1.x
PC on local Lan = 10.2.1.z
Cisco 1701 Lan IP = 10.2.1.g
Tried to work the routes out but couldn't... Can you assist......
Local Lan (checkpoint side) = 192.168.1.0
PC on local Lan = 192.168.x.x
Checkpoint FW inside IP = 192.168.1.t
Remote Lan (CISCO) = 10.2.1.x
PC on local Lan = 10.2.1.z
Cisco 1701 Lan IP = 10.2.1.g
Tried to work the routes out but couldn't... Can you assist......
Is the 1701 the machine's default gateway? If not, you will need to add a static route either on the actual default gateway router, or on the machine itself.