[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


Cisco 1600, IOS 12.3 not routing; probably something simple

Posted on 2005-05-11
Medium Priority
Last Modified: 2010-05-18
I have recently installed  a Cisco 1600, IOS 12.3.  Its function is to provide a separate IP range to an R&D network segment.  For some reason, after one day, it has stopped routing packets, and I can't figure out why.  Yesterday, I had connectivity from the R&D network to the DMZ, and to outside.  The pix has static NAT entries for a couple of boxes on the R&D network, and all I was doing was web browsing and DNS lookups to a server on the DMZ.  Today, that has stopped working.  

Here's the relevant info:

Eth0 is connected to the new R&D segment, which has an address space of  
Eth1 is connected to our production DMZ network, which has an address space of

The DMZ network sits behind a PIX firewall, which statically NATs server addresses and provides port filtering.  I think my problem lies on the new 1600 router, because I can't even ping the DMZ from the R&D network.  despite its having an interface on both networks.  

Here's the config:
version 12.3
no service timestamps debug uptime
no service timestamps log uptime
service password-encryption
hostname Router
enable secret 5 zzzzzzzzzzzzzzzzzz
no aaa new-model
ip subnet-zero
ip name-server
interface Ethernet0
 ip address
interface Ethernet1
 ip address
ip classless
ip route  !   <-- this is the pix
no ip http server
no ip http secure-server
line con 0
 transport preferred all
 transport output all
line vty 0 4
 password 7 zzzzzzzzzzzzzzzzzz
 transport preferred all
 transport input all
 transport output all

Any ideas?  Thanks.  
Question by:illbydes
  • 2
LVL 79

Expert Comment

ID: 13985154
Can you ping from a host on the subnet?
What is the nameserver setting on the host on subnet?

Have you cycled power on the router?

Author Comment

ID: 13992674
Turned out not to be an issue on the 1600 at all.  It was flakey behavior on the pix.  A few days earlier I had set up a static route to the subnet on the pix, and that was working fine.  All machines that I tested on the network had connectivity to the segment.   However, with no changes to any router or pix configs, the pix somehow stopped routing packets back to the subnet.

As soon as I added an explicit static route from each machine on the segment back to the 172.16.16 segment, we were back in business.  Moral: the pix is not a router!
LVL 79

Expert Comment

ID: 14000323
> Moral: the pix is not a router
DUH! PIX was designed for one purpose - to be the best firewall on the market, and that means BLOCK packets.
Routers are designed for one purpose - to determine the best route to move packets as fast as possible...
The PIX does not behave the same as a router, and righfully so.
Routers don't make good firewalls, and righfully so..

Glad you're working. What do you want to do with this Q? you can post in CS and ask a moderator to PAQ this question and refund your points using the old "I found the solution myself" ..

Accepted Solution

DarthMod earned 0 total points
ID: 16143829
PAQed with points (500) refunded

Community Support Moderator

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen some questions on problems with SSH/telnet access to Cisco routers that may occur despite the fact that from a PC connected to your LAN, Internet connectivity is in place and users can access Internet sites without any issues.  There are…
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question