[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Cisco 1600, IOS 12.3 not routing; probably something simple

Posted on 2005-05-11
5
Medium Priority
?
216 Views
Last Modified: 2010-05-18
I have recently installed  a Cisco 1600, IOS 12.3.  Its function is to provide a separate IP range to an R&D network segment.  For some reason, after one day, it has stopped routing packets, and I can't figure out why.  Yesterday, I had connectivity from the R&D network to the DMZ, and to outside.  The pix has static NAT entries for a couple of boxes on the R&D network, and all I was doing was web browsing and DNS lookups to a server on the DMZ.  Today, that has stopped working.  

Here's the relevant info:

Eth0 is connected to the new R&D segment, which has an address space of          172.16.16.0/24.  
Eth1 is connected to our production DMZ network, which has an address space of 192.168.0.0/24

The DMZ network sits behind a PIX firewall, which statically NATs server addresses and provides port filtering.  I think my problem lies on the new 1600 router, because I can't even ping the DMZ from the R&D network.  despite its having an interface on both networks.  

Here's the config:
!=========================================
version 12.3
no service timestamps debug uptime
no service timestamps log uptime
service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
enable secret 5 zzzzzzzzzzzzzzzzzz
!
no aaa new-model
ip subnet-zero
ip name-server 192.168.0.66
!
interface Ethernet0
 ip address 172.16.16.200 255.255.255.0
!
interface Ethernet1
 ip address 192.168.0.200 255.255.255.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.0.180  !   <-- this is the pix
no ip http server
no ip http secure-server
!
line con 0
 transport preferred all
 transport output all
line vty 0 4
 password 7 zzzzzzzzzzzzzzzzzz
 login
 transport preferred all
 transport input all
 transport output all
!
end
!=====================================

Any ideas?  Thanks.  
0
Comment
Question by:illbydes
  • 2
4 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 13985154
Can you ping 192.168.0.180 from a host on the 172.16.16.0 subnet?
What is the nameserver setting on the host on 172.16.16.0 subnet?

Have you cycled power on the router?
0
 

Author Comment

by:illbydes
ID: 13992674
Turned out not to be an issue on the 1600 at all.  It was flakey behavior on the pix.  A few days earlier I had set up a static route to the 172.16.16.0 subnet on the pix, and that was working fine.  All machines that I tested on the 192.168.0.0 network had connectivity to the 172.16.16.0 segment.   However, with no changes to any router or pix configs, the pix somehow stopped routing packets back to the 172.16.16.0 subnet.

As soon as I added an explicit static route from each machine on the 192.168.0.0 segment back to the 172.16.16 segment, we were back in business.  Moral: the pix is not a router!
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 14000323
> Moral: the pix is not a router
DUH! PIX was designed for one purpose - to be the best firewall on the market, and that means BLOCK packets.
Routers are designed for one purpose - to determine the best route to move packets as fast as possible...
The PIX does not behave the same as a router, and righfully so.
Routers don't make good firewalls, and righfully so..

Glad you're working. What do you want to do with this Q? you can post in CS and ask a moderator to PAQ this question and refund your points using the old "I found the solution myself" ..
0
 
LVL 1

Accepted Solution

by:
DarthMod earned 0 total points
ID: 16143829
PAQed with points (500) refunded

DarthMod
Community Support Moderator
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen some questions on problems with SSH/telnet access to Cisco routers that may occur despite the fact that from a PC connected to your LAN, Internet connectivity is in place and users can access Internet sites without any issues.  There are…
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question