Pinging a Cisco router interface from the Internet when this interface is not the route of last resort.
Posted on 2006-07-03
172.27.4.17/24-┐------SonicWall Content filter-----X.X.235.251
172.27.4.1/24─└─│Int 0/0 int 3/1 │----------------X.X.235.253
172.27.6.1/24----─│int 4/1 │
DHCP (for users) set to Default gateway of 172.27.X.1
My problem is this: My 0.0.0.0 0.0.0.0 route listed in the router is set to 172.27.4.17, so that the SonicWall will filter Internet traffic to the users. Our VPN tunnels go out 3/1 so that the content filter doesn't have to handle the tunnel traffic. All works well except that I now need to ping X.X.235.253 interface from the Internet. I cant because my 0.0.0.0 0.0.0.0 route is not set to X.X.235.254, my ISP's default gateway. I have static routes set for the individual Internet addresses for the far-end tunnel destinations, and those routes are set to the X.X.235.254 GW. I can't make my router 0.0.0.0 0.0.0.0 set to 254 because then my users won't get content filter. I cant make my users default gateway 4.17 becaust then my 5.0 and 6.0 users couldn't reach the Internet. Port re-direction for ICMP packets seems to be the answer but I can't seem to wrap my mind around the concept completely and I'm very rusty on ACL's. Could someone please provide me with some code?
Addl info: My goal is to put an address of 172.27.4.25 on an Asterisk box and use port redirection to expose it to the Internet. Until I can ping the router port from the Internet, the port re-direction won't work either. I temporarily gateway'd my router to X.X.235.254, and all worked well on the Asterisk deal, but of course that leaves the SonicWall out of the picture.