Cisco 1600, IOS 12.3 not routing; probably something simple

I have recently installed  a Cisco 1600, IOS 12.3.  Its function is to provide a separate IP range to an R&D network segment.  For some reason, after one day, it has stopped routing packets, and I can't figure out why.  Yesterday, I had connectivity from the R&D network to the DMZ, and to outside.  The pix has static NAT entries for a couple of boxes on the R&D network, and all I was doing was web browsing and DNS lookups to a server on the DMZ.  Today, that has stopped working.  

Here's the relevant info:

Eth0 is connected to the new R&D segment, which has an address space of          172.16.16.0/24.  
Eth1 is connected to our production DMZ network, which has an address space of 192.168.0.0/24

The DMZ network sits behind a PIX firewall, which statically NATs server addresses and provides port filtering.  I think my problem lies on the new 1600 router, because I can't even ping the DMZ from the R&D network.  despite its having an interface on both networks.  

Here's the config:
!=========================================
version 12.3
no service timestamps debug uptime
no service timestamps log uptime
service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
enable secret 5 zzzzzzzzzzzzzzzzzz
!
no aaa new-model
ip subnet-zero
ip name-server 192.168.0.66
!
interface Ethernet0
 ip address 172.16.16.200 255.255.255.0
!
interface Ethernet1
 ip address 192.168.0.200 255.255.255.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.0.180  !   <-- this is the pix
no ip http server
no ip http secure-server
!
line con 0
 transport preferred all
 transport output all
line vty 0 4
 password 7 zzzzzzzzzzzzzzzzzz
 login
 transport preferred all
 transport input all
 transport output all
!
end
!=====================================

Any ideas?  Thanks.  
illbydesAsked:
Who is Participating?
 
DarthModConnect With a Mentor Commented:
PAQed with points (500) refunded

DarthMod
Community Support Moderator
0
 
lrmooreCommented:
Can you ping 192.168.0.180 from a host on the 172.16.16.0 subnet?
What is the nameserver setting on the host on 172.16.16.0 subnet?

Have you cycled power on the router?
0
 
illbydesAuthor Commented:
Turned out not to be an issue on the 1600 at all.  It was flakey behavior on the pix.  A few days earlier I had set up a static route to the 172.16.16.0 subnet on the pix, and that was working fine.  All machines that I tested on the 192.168.0.0 network had connectivity to the 172.16.16.0 segment.   However, with no changes to any router or pix configs, the pix somehow stopped routing packets back to the 172.16.16.0 subnet.

As soon as I added an explicit static route from each machine on the 192.168.0.0 segment back to the 172.16.16 segment, we were back in business.  Moral: the pix is not a router!
0
 
lrmooreCommented:
> Moral: the pix is not a router
DUH! PIX was designed for one purpose - to be the best firewall on the market, and that means BLOCK packets.
Routers are designed for one purpose - to determine the best route to move packets as fast as possible...
The PIX does not behave the same as a router, and righfully so.
Routers don't make good firewalls, and righfully so..

Glad you're working. What do you want to do with this Q? you can post in CS and ask a moderator to PAQ this question and refund your points using the old "I found the solution myself" ..
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.