Link to home
Create AccountLog in
Avatar of arefone
arefone

asked on

How to be able to ping from lan to lan

Hi,
I have a Cisco 851w Router configured between two lans, the outside lan connected to fe0/4 is the 192.168.100.0/24, and the inside lan is 192.168.9.0/24.
The problem is that I can do anything from the 192.168.9.0 lan on the 192.168.100.0 but I can't access the 192.168.9.0 from the 192.168.100.0.
Example: I can ping the 192.168.100.190 from the 192.168.9.0 lan, but when I try to ping the 192.168.9.254 from the 192.168.100.190 I does not rispond.
Example: I can access via vnc the server 192.168.100.166 from my pc 192.168.9.2, but I can't access via telnet the 192.168.9.254 from the lan 192.168.100.0.
In the attached file there is the complete configs of my 851w router.

Thanx in advance
Cisco851W-CONFIGS.txt
Avatar of slemmesmi
slemmesmi

Dear arefone,

First of all - verify you can ping between hosts internally in the "inside LAN".
What is your configured default gateway on 192.168.100.190 and can you ping it from 192.168.100.190 (I'd guess your default gateway is the routers IP 192.168.100.1)?
Also ensure you netmask is correct on the 192.168.100.190.
The default gateway is what "enables" routing between networks, including your two LANs.
Another interesting point is whether you from your Cisco router can ping both networks default gateways and hosts?

What I could guess might be the problem is either wrongly configured default gateway or blocking (lack of access list) for UDP (i.e. ping) bidirectional.

Kind regards,
Soren
Avatar of arefone

ASKER

Hi slemmesmi,

From the inside network I can do every thing, either in the 192.168.9.0 lan or in the 192.168.100.0 lan.
The 192.168.100.190 is the firewall of the 192.168.100.0 lan, and the default gateway is 192.168.100.181. Know that from any host in the 192.168.100.0 lan I can't either ping or access to services into the 192.168.9.0 lan.
Note that I add a route on the 192.168.100.190 to the 192.168.9.0 network with the gateway 192.168.100.22 which is the external interface on my 851w router.
I tried also to change the default gateway on a host inside the 192.168.100.0 lan putting it as 192.168.100.190 but nothing changed, I tried also to change it and set it as 192.168.100.22 but the result is the same.
I guess it is a security or some thing configured wrong on my router 851w.

What happens when you configured a host on the 192.168.100.0/24 VLAN with a default route pointing to the IP of INT FA4 (192.168.100.22) and then try ping a host on the 192.168.9.0/24 network?  Try pining something besides the BVI interface of the router.  

I
Avatar of arefone

ASKER

I did this also, happens this when I configure a static route on the host 192.168.100.241 pointing to the 192.168.100.22:

1. if I ping the 192.168.9.254 "the ip of BVI1 on 851w router" the replay return with 192.168.100.22 address.
2. if I ping my pc 192.168.9.2 the replay does not return.

Try removing the NAT statement:

ip nat inside source list 1 interface FastEthernet4 overload

and clear the IP nat translations:

clear ip nat translation *

Do the above again and tell me what happens.  I believe you dynamic NAT is interfering with your "test".
ASKER CERTIFIED SOLUTION
Avatar of norgetek
norgetek
Flag of United States of America image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of arefone

ASKER

Yes norgetek, that is what I want.
SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of arefone

ASKER

norgetek, I did the configs of nat you posted, now I can't ping 192.168.100.0 from the 192.168.9.0 lan, but I can connect to the internet from the 192.168.9.0 lan.

Your hosts on the 192.168.100.0/24 IP subnet will need to have static IP route for the 192.168.9.0/24 network pointing to 192.168.100.22.

On a Windows machine it would look like this:

route -p add 192.168.9.0 mask 255.255.255.0 192.168.100.22

The "-p"  makes the route persistent and will survive a reboot of the system.
Avatar of arefone

ASKER

I have already a static route on the 192.168.100.190 firewall to the 192.168.9.0 network via 192.168.100.22.
For clarity, in the 192.168.100.0 network the default gateway is 192.168.100.181, this router return the hole traffic to the firewall 192.168.100.190, so it should be already function!
SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of arefone

ASKER

norgetek, even though I added the "route add 192.168.9.0 maks 255.255.255.0 192.168.100.22" on a host in the 192.168.100.0 lan it still does not working! I can't ping the 192.168.9.254 from the 192.168.100.0 lan, and I still could not be able to ping hosts in the 192.168.100.0 lan from the 192.168.9.0 lan.
Avatar of arefone

ASKER

Thank you!!!
Avatar of arefone

ASKER

Norgetek, you are right, the firewall does not route from 192.168.100.0 to 192.168.9.0, when I tried again from a host adding a static route "route add 192.168.9.0 mask 255.255.255.0 192.168.100.22" it did work.

Thanx again.

Try and make a connection attempt from a inside host to the host on the 100 network running VNC and then do a

"show ip nat translations"

On the router and paste the results.

No problem.
Avatar of arefone

ASKER

Now from the 192.168.9.0 I can ping and access via vnc the host where I added on it the static route to the 192.168.9.0 network via 192.168.100.22.

Thanx again.