Cisco 1600, IOS 12.3 not routing; probably something simple

Posted on 2005-05-11
Last Modified: 2010-05-18
I have recently installed  a Cisco 1600, IOS 12.3.  Its function is to provide a separate IP range to an R&D network segment.  For some reason, after one day, it has stopped routing packets, and I can't figure out why.  Yesterday, I had connectivity from the R&D network to the DMZ, and to outside.  The pix has static NAT entries for a couple of boxes on the R&D network, and all I was doing was web browsing and DNS lookups to a server on the DMZ.  Today, that has stopped working.  

Here's the relevant info:

Eth0 is connected to the new R&D segment, which has an address space of  
Eth1 is connected to our production DMZ network, which has an address space of

The DMZ network sits behind a PIX firewall, which statically NATs server addresses and provides port filtering.  I think my problem lies on the new 1600 router, because I can't even ping the DMZ from the R&D network.  despite its having an interface on both networks.  

Here's the config:
version 12.3
no service timestamps debug uptime
no service timestamps log uptime
service password-encryption
hostname Router
enable secret 5 zzzzzzzzzzzzzzzzzz
no aaa new-model
ip subnet-zero
ip name-server
interface Ethernet0
 ip address
interface Ethernet1
 ip address
ip classless
ip route  !   <-- this is the pix
no ip http server
no ip http secure-server
line con 0
 transport preferred all
 transport output all
line vty 0 4
 password 7 zzzzzzzzzzzzzzzzzz
 transport preferred all
 transport input all
 transport output all

Any ideas?  Thanks.  
Question by:illbydes
    LVL 79

    Expert Comment

    Can you ping from a host on the subnet?
    What is the nameserver setting on the host on subnet?

    Have you cycled power on the router?

    Author Comment

    Turned out not to be an issue on the 1600 at all.  It was flakey behavior on the pix.  A few days earlier I had set up a static route to the subnet on the pix, and that was working fine.  All machines that I tested on the network had connectivity to the segment.   However, with no changes to any router or pix configs, the pix somehow stopped routing packets back to the subnet.

    As soon as I added an explicit static route from each machine on the segment back to the 172.16.16 segment, we were back in business.  Moral: the pix is not a router!
    LVL 79

    Expert Comment

    > Moral: the pix is not a router
    DUH! PIX was designed for one purpose - to be the best firewall on the market, and that means BLOCK packets.
    Routers are designed for one purpose - to determine the best route to move packets as fast as possible...
    The PIX does not behave the same as a router, and righfully so.
    Routers don't make good firewalls, and righfully so..

    Glad you're working. What do you want to do with this Q? you can post in CS and ask a moderator to PAQ this question and refund your points using the old "I found the solution myself" ..
    LVL 1

    Accepted Solution

    PAQed with points (500) refunded

    Community Support Moderator

    Featured Post

    Free Trending Threat Insights Every Day

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    Join & Write a Comment

    Problem Description:   Couple of months ago we upgraded the ADSL line at our branch office from Home to Business line. The purpose of transforming the service to have static public IP’s. We were in need for public IP’s to publish our web resour…
    In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    755 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now