Router on local lan, no ping, no sharing

Posted on 2004-10-01
Last Modified: 2008-02-01
Have a bit of a LAN problem. We have one Cisco 2611xm router. We have two Pix firewalls. All devices connected to Lan switch with 192.168.0.x/24 addressing. We have two seperate Wan circuits.

1-High Speed Cable(providing internet access to all users)
2-T1 Line(providing special app (X) access to 8 users)

All users using 192.168.0.x/24 subnet. All users default gateway is Pix506( except (X) users gateway is Router( (X) users traffic for special app is routed to T1 and Internet traffic to High Speed Cable. The router route statements are as follows:
ip classless
ip route
ip route
ip route

Although two Lan interfaces on Router, only fastethernet 0/0 is connected. Router is routing all traffic back through same ethernet interface(not ideal set-up). All internet traffic routed to Pix506. Pix 506 is running NAT.

QUESTION:Current configuration works however I am unable to ping or file share with (X) users on LAN. (X) users accessing proper route for Internet and special app on T1. I believe something may be wrong with route statements, but not sure what ?
All users windows xp.  Maybe requires a different subnet for (X) users ?

Question by:mmm5
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2

Expert Comment

ID: 12199748
Can you do an ASCII net diagram?

                           -------firewall---cable modem


Author Comment

ID: 12200832
Not sure. I can try.

             |------- Pc's
             | -------firewall(pix506)---cable modem
             |--------Nt server

All devices attached to switch ports.

Hope this is what you asked for.
LVL 79

Accepted Solution

lrmoore earned 250 total points
ID: 12200917
>Current configuration works however I am unable to ping or file share with (X) users on LAN.
Assuming that your setup is like netspec01's diagram, and your explanation that all users, including (X) users are all on the same 192.168.0.x / 24 subnet, then everyone is local to each other and routers/firewalls are not even in the picture. However, since you have dual PIX's on the LAN, you need to disable proxyarp on one of them. Suggest that on (T1 firewall), you disable proxyarp on the inside interface:
   sysopt noproxyarp inside

It wouldn't hurt to turn it off on both PIX's..

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Assisted Solution

netspec01 earned 250 total points
ID: 12201154
From your diagram, it doesn't look like you even need the router.  Unless you are using it for intervlan routing or some other function.

Assuming that you don't need the router, you could set the following routes on all PCs (either manually or via DHCP).

set default gateway to                                
route add
route add

I am assuming that your switch is layer 2 switch and does not perfrom any routing functionality.  Also we have only a single network/mask defined on all devices.

Expert Comment

ID: 12201183
You didn't install XP service pack 2 by any chance did you?  By defualt ALL file sharing (including administrative shares) and ICMP (ping traceroute)  is shut off.  You can allow these by exception in the firewall configuration or shut off the firewall feature.

Author Comment

ID: 12205874
Did not install SP2, thanks for tip.

Router will be used in future multiple subnets, therefore would like to resolve using router statements. However, did not even think of XP route statements as interim, sounds about right, will try next week and post result.

Could you briefly explain "sysopt noproxyarp inside" main purpose.

It also may be important to mention that CheckPoint vpn client software is running on (X) users, altough I do select the KILL command on Securemote Icon that shows up in the system tray.

LVL 79

Expert Comment

ID: 12207953
Understanding Proxy Arp

With two PIX's on your LAN, they are competing against each other for local arp. Whenever you have two PIX's on the same lan, trust me, you must disable proxy arp on at least one of them, it won't hurt to disable on both.

Author Comment

ID: 12228865
Problem solved, it req'd a vpn "diable policy" and "kill" within the VPN software. However, suggestions regarding pc route and diabling proxy arp do apply in some respects. I will split points to both responders. Thank you very much for the assistance. I will be calling again!

Expert Comment

ID: 12232803
Glad we could help!

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses
Course of the Month10 days, 9 hours left to enroll

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question