jkimzlg
asked on
Firewall + router setup. Can't ping firewall
Two questions?
1) Is the attached picture the appropriate way it's supposed to be setup in a production environment?
2) I can't ping from my pc (192.168.1.81) to my firewall (192.168.0.10). I do have internet access by doing a "ip route 0.0.0.0 0.0.0.0 192.168.0.10" Why can't I ping?
I tried to use access control lists but it didn't seem to work
Please answer both questions. Thank you.
1) Is the attached picture the appropriate way it's supposed to be setup in a production environment?
2) I can't ping from my pc (192.168.1.81) to my firewall (192.168.0.10). I do have internet access by doing a "ip route 0.0.0.0 0.0.0.0 192.168.0.10" Why can't I ping?
I tried to use access control lists but it didn't seem to work
Please answer both questions. Thank you.
Dan Craciun
attached picture?
am i missing something? i don't see the attachment.
ASKER
my bad... here's the attached pic...
Capture.JPG
Capture.JPG
So, on the firewall do you have a route:
route inside 192.168.0.0 255.255.255.0 192.168.0.3
?
And are your NAT statements allowing 192.168.0.x to NAT?
route inside 192.168.0.0 255.255.255.0 192.168.0.3
?
And are your NAT statements allowing 192.168.0.x to NAT?
ASKER
the firewall is NATing the 192.168.0.0/24 network.
I can access the Internet from my pc I just can't access/ping 192.168.0.10
if I'm not answering your question can you be more specific.
I can access the Internet from my pc I just can't access/ping 192.168.0.10
if I'm not answering your question can you be more specific.
icmp by default is off on the firewall.
if you have no inside access list today, add a permit icmp any any and a permit ip any any.
if you have no inside access list today, add a permit icmp any any and a permit ip any any.
ASKER
from my pc I can ping 192.168.0.3, from the cisco 1760 router I can ping 192.168.0.10, so it's not an icmp issue.
what do the firewall logs say?
or have you tried packet-tracer on the firewall to duplicate the problem?
or have you tried packet-tracer on the firewall to duplicate the problem?
ASKER
jesper, is this how you would normally see a firewall and a router configured in a production environment?
what type of firewall do you have?
ASKER
it's a hardware firewall, Juniper Netscreen 5gt
when you try to ping the inside interface of the juniper from your PC, what do the logs on the juniper show?
ASKER
I think I got it, on my Netscreen 5gt I just added a routing entry for the network 192.168.1.0/24 and it started to work. jesper, if you could answer my previous question of whether of not this is normally done on a production environment, I'll give you all the points. Please be as detailed as possible.
this is correct. i had the route statement up above for the incorrect subnet.
you need to route the LAN subnet from the firewall to the router. from there, the router will know how to handle the packets.
you need to route the LAN subnet from the firewall to the router. from there, the router will know how to handle the packets.
ASKER
can anyone answer my first question with as much detail as possible?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
can u pls. read my first question and not my second?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.