Solved

Can tracert to the internal address of the router but can't tracert to a machine on the internal network.. Checkpoint firewall going to a CISCO 1701 VPN

Posted on 2004-05-01
4
1,412 Views
Last Modified: 2013-11-16
I have currently installed a CISCO 1701 at a remote site..  I have created the VPN link through our own cooperate firewall (checkpoint R55).  I am able to successfully ping \ tracert to the internal IP address of the Cisco box but I am not able to ping \ tracert to a machine on the internal network.

When I tracert to the CISCO router the trace route completes after 2 HOPS.. This first hop being our firewall and the second being the router.

This is different if I tracert to the machine on the internal network in that I get as far as our firewall and then the tracert shows request timed out...

This one is really getting to me so any suggestions will be greatfully recieved..

Caz
0
Comment
Question by:caz1762
  • 2
  • 2
4 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 10972174
The machine that you are trying to traceroute to has to have a route back to your subnet.
Is the 1701 the machine's default gateway? If not, you will need to add a static route either on the actual default gateway router, or on the machine itself.
0
 

Author Comment

by:caz1762
ID: 10984667
Hi,

I have tried placing the route on the machine to which I am connecting... This still doesn't work... The route I have added is as follow:

Route ADD (internal firewall address at my site) MASK 255.255.255.0 (internal IP address of the CISCO router at remote site)

Any other suggestions.. Is this a problem with our firewall or is it to do with the CISCO side of things...

Caz

0
 
LVL 79

Accepted Solution

by:
lrmoore earned 380 total points
ID: 10986004
On the Cisco side of the network.
For example only, the following addresses are used:

Local LAN= 192.168.122.0
PC on local LAN = 192.168.122.122
Cisco 1700 LAN IP = 192.168.122.1

Remote LAN (Checkpoint side) = 192.168.20.0
PC on remote LAN = 192.168.20.20
Checkpoint FW Inside IP = 192.168.20.1

On Local PC:
route add <remote lan> mask <mask> <local gateway>
C:\>route add 192.168.20.0 mask 255.255.255.0 192.168.122.1

On Remote PC:
C:\>route add 192.168.122.0 mask 255.255.255.0 192.168.20.1  
0
 

Author Comment

by:caz1762
ID: 10986239
Hi,

Local Lan (checkpoint side) = 192.168.1.0
PC on local Lan = 192.168.x.x
Checkpoint FW inside IP = 192.168.1.t

Remote Lan (CISCO) = 10.2.1.x
PC on local Lan = 10.2.1.z
Cisco 1701 Lan IP = 10.2.1.g

Tried to work the routes out but couldn't... Can you assist......
0

Featured Post

Surfing Is Meant To Be Done Outdoors

Featuring its rugged IP67 compliant exterior and delivering broad, fast, and reliable Wi-Fi coverage, the AP322 is the ideal solution for the outdoors. Manage this AP with either a Firebox as a gateway controller, or with the Wi-Fi Cloud for an expanded set of management features

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question