Solved

Can tracert to the internal address of the router but can't tracert to a machine on the internal network.. Checkpoint firewall going to a CISCO 1701 VPN

Posted on 2004-05-01
4
1,366 Views
Last Modified: 2013-11-16
I have currently installed a CISCO 1701 at a remote site..  I have created the VPN link through our own cooperate firewall (checkpoint R55).  I am able to successfully ping \ tracert to the internal IP address of the Cisco box but I am not able to ping \ tracert to a machine on the internal network.

When I tracert to the CISCO router the trace route completes after 2 HOPS.. This first hop being our firewall and the second being the router.

This is different if I tracert to the machine on the internal network in that I get as far as our firewall and then the tracert shows request timed out...

This one is really getting to me so any suggestions will be greatfully recieved..

Caz
0
Comment
Question by:caz1762
  • 2
  • 2
4 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 10972174
The machine that you are trying to traceroute to has to have a route back to your subnet.
Is the 1701 the machine's default gateway? If not, you will need to add a static route either on the actual default gateway router, or on the machine itself.
0
 

Author Comment

by:caz1762
ID: 10984667
Hi,

I have tried placing the route on the machine to which I am connecting... This still doesn't work... The route I have added is as follow:

Route ADD (internal firewall address at my site) MASK 255.255.255.0 (internal IP address of the CISCO router at remote site)

Any other suggestions.. Is this a problem with our firewall or is it to do with the CISCO side of things...

Caz

0
 
LVL 79

Accepted Solution

by:
lrmoore earned 380 total points
ID: 10986004
On the Cisco side of the network.
For example only, the following addresses are used:

Local LAN= 192.168.122.0
PC on local LAN = 192.168.122.122
Cisco 1700 LAN IP = 192.168.122.1

Remote LAN (Checkpoint side) = 192.168.20.0
PC on remote LAN = 192.168.20.20
Checkpoint FW Inside IP = 192.168.20.1

On Local PC:
route add <remote lan> mask <mask> <local gateway>
C:\>route add 192.168.20.0 mask 255.255.255.0 192.168.122.1

On Remote PC:
C:\>route add 192.168.122.0 mask 255.255.255.0 192.168.20.1  
0
 

Author Comment

by:caz1762
ID: 10986239
Hi,

Local Lan (checkpoint side) = 192.168.1.0
PC on local Lan = 192.168.x.x
Checkpoint FW inside IP = 192.168.1.t

Remote Lan (CISCO) = 10.2.1.x
PC on local Lan = 10.2.1.z
Cisco 1701 Lan IP = 10.2.1.g

Tried to work the routes out but couldn't... Can you assist......
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now