2 Subnets Issue getting out via Internet and a different subnet

I have an issue that i cant seem to figure out what so ever and its a computer on the 192.168.14.0 subnet cant reach the internet but when i do a tracert i get

192.168.14.253
192.168.11.3
then it dies

also when i do a ping it seems to give me the ip of the google but then just hangs there..
request timed out x4
if i take out the 192.168.11.1 out of the dns servers list i get nothing.


just to get this network configuration set up i have
2 dhcp servers running
1 dhcp server is my Mitel PBX for our mitel phones

and the other dhcp server is my Windows SBS server.

and i have the dns going to 192.168.11.1 which is the PDC

and i can reach the internet if the machine was on the 11.0 subnet just fine.

my gateway is 192.168.14.253 which is  this procurve switch. as you see below

______________________________________________________________________
ip default-gateway 192.168.11.3
ip routing
snmp-server community "public" Unrestricted
vlan 1
   name "DEFAULT_VLAN"
   forbid 1,13,21
   untagged 2-12,14-20,23-26
   ip address 192.168.11.2 255.255.255.0
   no untagged 1,13,21-22
   exit
vlan 2
   name "Mitel"
   untagged 1,13,21-22
   ip address 192.168.14.253 255.255.255.0
   tagged 2-12,14-20,23-24
   exit
no dhcp-relay
ip route 192.168.14.0 255.255.255.0 192.168.11.1
ip route 0.0.0.0 0.0.0.0 192.168.11.3
ip route 192.168.255.0 255.255.255.0 192.168.11.3
ip route 192.168.11.0 255.255.255.0 192.168.11.1
ProCurve Switch 2626#
__________________________________________________________
(oh and its port 22 on the procurve switch)


the computer is a member of the domain on the .14 network i can ping it from the 11 and vice versa

ping it from the router and the Procurve switch

do i have to add anything in the SBS server for the .14 subnet to go out through the internet
or do i have to change somthing on the Procurve switch

and in my cisco 831 setup i have


interface Ethernet0
 ip address 192.168.11.3 255.255.255.0
 ip access-group 102 in
 no ip redirects
 no ip unreachables
 ip directed-broadcast
 ip nat inside
 ip virtual-reassembly
 ip route-cache flow
 ip policy route-map NAT_Filter


interface Ethernet1
 description Connected to TelePacific Internet
 ip address PUBLIC IP 255.255.255.252
 ip access-group 103 in
 ip verify unicast reverse-path
 no ip redirects
 no ip unreachables
 ip directed-broadcast
 ip nat outside
 ip inspect Firewall out
 ip virtual-reassembly
 ip route-cache flow
 duplex auto
 no cdp enable
 crypto map VPN_Tunnel
 crypto ipsec fragmentation before-encryption


i added this entry to see if it worked
(access-list 102 permit ip host 192.168.14.24 192.168.254.0 0.0.0.255)




access-list 102 deny   ip PUBLIC IP 0.0.0.3 any
access-list 102 deny   ip host 255.255.255.255 any
access-list 102 deny   ip 127.0.0.0 0.255.255.255 any
access-list 102 permit ip host 192.168.14.24 192.168.254.0 0.0.0.255
access-list 102 permit ip host 192.168.14.2 192.168.254.0 0.0.0.255
access-list 102 permit ip 192.168.14.0 0.0.0.255 192.168.254.0 0.0.0.255
access-list 102 deny   ip 192.168.11.0 0.0.0.255 192.168.254.0 0.0.0.255
access-list 102 deny   icmp any 192.168.254.0 0.0.0.255
access-list 102 permit ip any any

access-list 103 permit ip 192.168.10.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 103 permit ip 192.168.10.0 0.0.0.255 192.168.255.0 0.0.0.255
access-list 103 permit ahp any host PUBLIC IP
access-list 103 permit esp any host PUBLIC IP
access-list 103 permit udp any host PUBLIC IP isakmp
access-list 103 permit udp any host PUBLIC IP eq non500-isakmp
access-list 103 permit esp any any
access-list 103 permit gre any any
access-list 103 permit tcp any any eq 1723
access-list 103 permit ip 192.168.2.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 103 permit ip 192.168.3.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 103 permit ip 192.168.3.0 0.0.0.255 192.168.11.0 0.0.0.255
access-list 103 permit ip 192.168.3.0 0.0.0.255 192.168.14.0 0.0.0.255
access-list 103 permit ip 192.168.10.0 0.0.0.255 192.168.11.0 0.0.0.255
access-list 103 permit ip 192.168.10.0 0.0.0.255 192.168.14.0 0.0.0.255
access-list 103 permit ip 192.168.254.0 0.0.0.255 host 192.168.11.28
access-list 103 permit ip 192.168.254.0 0.0.0.255 192.168.14.0 0.0.0.255
access-list 103 deny   ip 192.168.254.0 0.0.0.255 any
access-list 103 permit ip 192.168.255.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 103 permit ip 192.168.255.0 0.0.0.255 192.168.11.0 0.0.0.255
access-list 103 permit ip 192.168.255.0 0.0.0.255 192.168.14.0 0.0.0.255
access-list 103 deny   icmp 192.168.254.0 0.0.0.255 any
access-list 103 deny   icmp any host 24.120.190.66
access-list 103 permit icmp any any echo-reply
access-list 103 permit icmp any any time-exceeded
access-list 103 permit icmp any any timestamp-reply
access-list 103 permit icmp any any traceroute
access-list 103 permit icmp any any unreachable
access-list 103 deny   icmp any any
access-list 103 permit udp any any eq ntp
access-list 103 permit tcp any host PUBLIC IP eq 161
access-list 103 permit tcp any host PUBLIC IP eq 162
access-list 103 permit udp any host PUBLIC IP eq snmp
access-list 103 permit udp any host PUBLIC IP eq snmptrap
access-list 103 permit tcp any host PUBLIC IP eq telnet
access-list 103 permit tcp any host PUBLIC IP eq smtp
access-list 103 permit tcp any host PUBLIC IP eq www
access-list 103 permit tcp any host PUBLIC IP eq 443
access-list 103 permit tcp any host PUBLIC IP eq 3389
access-list 103 permit tcp any host PUBLIC IP eq 4125
access-list 103 deny   ip 192.168.11.0 0.0.0.255 any
access-list 103 deny   ip 10.0.0.0 0.255.255.255 any
access-list 103 deny   ip 172.16.0.0 0.15.255.255 any
access-list 103 deny   ip 192.168.0.0 0.0.255.255 any
access-list 103 deny   ip 127.0.0.0 0.255.255.255 any
access-list 103 deny   ip host 255.255.255.255 any
access-list 103 deny   ip host 0.0.0.0 any
access-list 103 deny   ip any any log






as you can see access lies 102 is for the internal
and accesslist 103 was for the external ..






192.168.14.2 is the ip of our pbx switch


thanks ;)
johnritzerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

johnritzerAuthor Commented:
hey i just thought of something that might beable to work ....


but dont know where to look that much

i saw this in my router

ip nat inside source route-map Nat interface Ethernet1 overload

route-map NAT_Filter permit 1
 match ip address 106
 set ip next-hop 1.1.1.2
!
route-map Nat permit 1
 match ip address 101
!

interface Loopback0
 description Virtual NAT Interface
 ip address 1.1.1.1 255.255.255.252

i dont know where to look to where it says match ip address 101

does it mean acl 101

....

access-list 106 permit ip host 192.168.11.1 192.168.3.0 0.0.0.255
access-list 106 permit ip host 192.168.11.1 192.168.10.0 0.0.0.255
access-list 106 permit ip host 192.168.11.1 192.168.255.0 0.0.0.255
access-list 106 remark Route Map Rules

access-list 101 deny   ip 192.168.11.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 101 deny   ip 192.168.11.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 101 deny   ip 192.168.11.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 101 deny   ip 192.168.11.0 0.0.0.255 192.168.254.0 0.0.0.255
access-list 101 deny   ip 192.168.11.0 0.0.0.255 192.168.255.0 0.0.0.255
access-list 101 deny   ip 192.168.14.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 101 deny   ip 192.168.14.0 0.0.0.255 192.168.254.0 0.0.0.255
access-list 101 deny   ip 192.168.14.0 0.0.0.255 192.168.255.0 0.0.0.255
access-list 101 deny   ip 192.168.255.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 101 deny   ip 192.168.3.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 101 permit ip 192.168.11.0 0.0.0.255 any

no i might be thinking do i just permite the acl 101 for the .14 subnet to be able to reach out..

thanks..


0
johnritzerAuthor Commented:
i figured it out actually

access-list 101 deny   ip 192.168.11.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 101 deny   ip 192.168.11.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 101 deny   ip 192.168.11.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 101 deny   ip 192.168.11.0 0.0.0.255 192.168.254.0 0.0.0.255
access-list 101 deny   ip 192.168.11.0 0.0.0.255 192.168.255.0 0.0.0.255
access-list 101 deny   ip 192.168.14.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 101 deny   ip 192.168.14.0 0.0.0.255 192.168.254.0 0.0.0.255
access-list 101 deny   ip 192.168.14.0 0.0.0.255 192.168.255.0 0.0.0.255
access-list 101 deny   ip 192.168.255.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 101 deny   ip 192.168.3.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 101 permit ip 192.168.11.0 0.0.0.255 any




i added
ip access-list extended 101
55 permit ip 192.168.14.0 0.0.0.255 any  and it worked haha

sorry ... for bugging found my own question.. hehe
0
EE_AutoDeleterCommented:
Urbalizer,
Because you have presented a solution to your own problem which may be helpful to future searches, this question is now PAQed and your points have been refunded.

EE_AutoDeleter
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Server OS

From novice to tech pro — start learning today.