Solved

Can tracert to the internal address of the router but can't tracert to a machine on the internal network.. Checkpoint firewall going to a CISCO 1701 VPN

Posted on 2004-05-01
4
1,427 Views
Last Modified: 2013-11-16
I have currently installed a CISCO 1701 at a remote site..  I have created the VPN link through our own cooperate firewall (checkpoint R55).  I am able to successfully ping \ tracert to the internal IP address of the Cisco box but I am not able to ping \ tracert to a machine on the internal network.

When I tracert to the CISCO router the trace route completes after 2 HOPS.. This first hop being our firewall and the second being the router.

This is different if I tracert to the machine on the internal network in that I get as far as our firewall and then the tracert shows request timed out...

This one is really getting to me so any suggestions will be greatfully recieved..

Caz
0
Comment
Question by:caz1762
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 10972174
The machine that you are trying to traceroute to has to have a route back to your subnet.
Is the 1701 the machine's default gateway? If not, you will need to add a static route either on the actual default gateway router, or on the machine itself.
0
 

Author Comment

by:caz1762
ID: 10984667
Hi,

I have tried placing the route on the machine to which I am connecting... This still doesn't work... The route I have added is as follow:

Route ADD (internal firewall address at my site) MASK 255.255.255.0 (internal IP address of the CISCO router at remote site)

Any other suggestions.. Is this a problem with our firewall or is it to do with the CISCO side of things...

Caz

0
 
LVL 79

Accepted Solution

by:
lrmoore earned 380 total points
ID: 10986004
On the Cisco side of the network.
For example only, the following addresses are used:

Local LAN= 192.168.122.0
PC on local LAN = 192.168.122.122
Cisco 1700 LAN IP = 192.168.122.1

Remote LAN (Checkpoint side) = 192.168.20.0
PC on remote LAN = 192.168.20.20
Checkpoint FW Inside IP = 192.168.20.1

On Local PC:
route add <remote lan> mask <mask> <local gateway>
C:\>route add 192.168.20.0 mask 255.255.255.0 192.168.122.1

On Remote PC:
C:\>route add 192.168.122.0 mask 255.255.255.0 192.168.20.1  
0
 

Author Comment

by:caz1762
ID: 10986239
Hi,

Local Lan (checkpoint side) = 192.168.1.0
PC on local Lan = 192.168.x.x
Checkpoint FW inside IP = 192.168.1.t

Remote Lan (CISCO) = 10.2.1.x
PC on local Lan = 10.2.1.z
Cisco 1701 Lan IP = 10.2.1.g

Tried to work the routes out but couldn't... Can you assist......
0

Featured Post

What Is Transaction Monitoring and who needs it?

Synthetic Transaction Monitoring that you need for the day to day, which ensures your business website keeps running optimally, and that there is no downtime to impact your customer experience.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question