[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 319
  • Last Modified:

Route traffic from eth to ser int?

I am in the process of replacing my firewall appliance on my network to a different brand. I have a cisco 1760 as my internet gateway router. I have a block of 32 IPs from my internet provider.

On my existing firewall I have the wan interface setup with (these are not the real IPs just an example)
IP 80.164.15.130
SUBNET 255.255.255.24
GATEWAY 67.144.15.3

and everything works fine. The 67 is actually the serial int of my router not the eth side.

my new firewall requires that the wan int IP and the def gateway be on the same subnet...which means I would have to use the eth address instead of the ser side. When I use that one it does not work...

what do i need to do to make my eth route to my ser or any other suggestions...

here is my conf..

ASU_External#SHOW CONF                      
Using 1194 out of 29688 bytes                            
!
version 12.3            
service timestamps debug datetime msec localtime show-timezone                                                              
service timestamps log datetime msec localtime show-timezone                                                            
service password-encryption                          
service udp-small-servers                        
service tcp-small-servers                        
!
hostname ASU_External                    
!
boot-start-marker                
boot system flash flash:cisco.bin                                
boot-end-marker              
!
logging buffered 4096 debugging                              
enable secret (removed)                          
enable password (removed)                                    
!
no aaa new-model                
no ip subnet-zero                
!
!
ip name-server 205.171.3.65                          
ip name-server 205.171.2.65                          
ip name-server 162.42.150.33                            
!
ip cef      
!
!
!
!
interface FastEthernet0/0                        
 ip address 80.164.15.129  255.255.255.224                                        
 no ip route-cache                  
 speed auto          
!
interface Serial0/0                  
 bandwidth 1544              
 ip address 67.144.15.3 255.255.255.252                                        
 ip nbar protocol-discovery                          
 no fair-queue              
!
interface Serial1/0                  
 bandwidth 1544              
 no ip address              
 shutdown        
 no fair-queue              
!
router rip
 version 2
 network 10.0.0.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 67.144.15.2
no ip http server
!
!
line con 0
 (removed)
line aux 0
 (removed)
line vty 0 4
 (removed)
!
!
end

THANKS

Erik
0
htlcalbbs
Asked:
htlcalbbs
  • 3
  • 2
1 Solution
 
calvinetterCommented:
If this is your current setup:  Internet <-> s0/0  [1760]  f0/0 <-> firewall <-> LAN
...and you're replacing the firewall with a new unit, you'll need to clear the arp table on the 1760.  Then just make sure your firewall's default gateway is the IP of the router's inside interface (f0/0).

ASU_External#clear arp

BTW, when posting your config, post the output of "sh run" instead - this is what is actually running on the router.  "sh conf" only shows the startup config, & isn't necessarily the same as the current running config.

cheers
0
 
htlcalbbsAuthor Commented:
For testing purposes I gave my new firewall a new public IP from my block of publics so that i did not have to bring my  live system offline for testing. the eth on the router goes in to a hub and both wan ports on each firewall are plugged in to that hub...

old firewall still works no problems but new one does not...

so knowing this should the arp table matter?

Thanks

Erik
0
 
calvinetterCommented:
hi again Erik,  no the arp table shouldn't be a factor based on your post above.
  When you say "it doesn't work," are you trying to send traffic from a host behind the new firewall? If so, do you have NAT correctly setup on the new firewall?  What make/model/software version is the new firewall?  Please clarify - is this a *hub* or a switch that the firewall WAN interfaces are plugged into? If a switch, do you have any VLANs configured on it?

  Have you verified the obvious for the new firewall: port on the hub/switch you're plugging into works normally, WAN interface is live, IP settings have a correct subnet mask?
  Can you ping the following directly from the new firewall? -> A) f0/0 on the 1760,  B) s0/0 on the 1760, C) the 1760's default gateway (67.144.15.2)
  Have you verified w/ the ISP that their route for your 80.164.15.x block has a correct subnet mask?
  Since we're not seeing your running config ("sh run" output), have there been any ACLs added to your 1760 that might be blocking traffic?

cheers
0
 
htlcalbbsAuthor Commented:
Thanks for the update...I am not in the location right this moment or i would send the config...

The firewalls are plugged in to a hub on their wan side. No vlans..

the old firewall is a sonicwall 4060

the new one is a symantec 1620

I have not figured out how to ping from the firewalls interface yet as I am new to this model...

I am certain that the ip addresses that I am using are setup correctly since I have setup the sonicwall successfully..

Erik
0
 
htlcalbbsAuthor Commented:
My problem wasin my question...SUBNET 255.255.255.24
 duh

.224

Thanks for your help..

Erik
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now