Solved

Firewall + router setup.  Can't ping firewall

Posted on 2014-01-27
18
399 Views
Last Modified: 2014-01-28
Two questions?

1)  Is the attached picture the appropriate way it's supposed to be setup in a production environment?  

2)  I can't ping from my pc (192.168.1.81) to my firewall (192.168.0.10).  I do have internet access by doing a "ip route 0.0.0.0 0.0.0.0 192.168.0.10"  Why can't I ping?

I tried to use access control lists but it didn't seem to work

Please answer both questions.  Thank you.
0
Comment
Question by:jkimzlg
  • 9
  • 8
18 Comments
 
LVL 34

Expert Comment

by:Dan Craciun
ID: 39812649
attached picture?
0
 
LVL 28

Expert Comment

by:Jan Springer
ID: 39812650
am i missing something?  i don't see the attachment.
0
 
LVL 1

Author Comment

by:jkimzlg
ID: 39813122
my bad... here's the attached pic...
Capture.JPG
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 28

Expert Comment

by:Jan Springer
ID: 39813168
So, on the firewall do you have a route:

route inside 192.168.0.0 255.255.255.0 192.168.0.3

?

And are your NAT statements allowing 192.168.0.x to NAT?
0
 
LVL 1

Author Comment

by:jkimzlg
ID: 39813207
the firewall is NATing the 192.168.0.0/24 network.

I can access the Internet from my pc I just can't access/ping 192.168.0.10

if I'm not answering your question can you be more specific.
0
 
LVL 28

Expert Comment

by:Jan Springer
ID: 39813221
icmp by default is off on the firewall.

if you have no inside access list today, add a permit icmp any any and a permit ip any any.
0
 
LVL 1

Author Comment

by:jkimzlg
ID: 39813266
from my pc I can ping 192.168.0.3, from the cisco 1760 router I can ping 192.168.0.10, so it's not an icmp issue.
0
 
LVL 28

Expert Comment

by:Jan Springer
ID: 39813288
what do the firewall logs say?

or have you tried packet-tracer on the firewall to duplicate the problem?
0
 
LVL 1

Author Comment

by:jkimzlg
ID: 39813390
jesper, is this how you would normally see a firewall and a router configured in a production environment?
0
 
LVL 28

Expert Comment

by:Jan Springer
ID: 39813414
what type of firewall do you have?
0
 
LVL 1

Author Comment

by:jkimzlg
ID: 39813430
it's a hardware firewall, Juniper Netscreen 5gt
0
 
LVL 28

Expert Comment

by:Jan Springer
ID: 39813448
when you try to ping the inside interface of the juniper from your PC, what do the logs on the juniper show?
0
 
LVL 1

Author Comment

by:jkimzlg
ID: 39813489
I think I got it, on my Netscreen 5gt I just added a routing entry for the network 192.168.1.0/24 and it started to work.  jesper, if you could answer my previous question of whether of not this is normally done on a production environment, I'll give you all the points.  Please be as detailed as possible.
0
 
LVL 28

Expert Comment

by:Jan Springer
ID: 39813506
this is correct.  i had the route statement up above for the incorrect subnet.

you need to route the LAN subnet from the firewall to the router.  from there, the router will know how to handle the packets.
0
 
LVL 1

Author Comment

by:jkimzlg
ID: 39813857
can anyone answer my first question with as much detail as possible?
0
 
LVL 28

Accepted Solution

by:
Jan Springer earned 500 total points
ID: 39814980
the answer is that the juniper was not aware of that route (it wasn't being announced, for example, by OSPF between the router and firewall).

so, a static route, tells the firewall how to reach that subnet.
0
 
LVL 1

Author Comment

by:jkimzlg
ID: 39815226
can u pls. read my first question and not my second?
0
 
LVL 28

Assisted Solution

by:Jan Springer
Jan Springer earned 500 total points
ID: 39815242
Yes, your hardware configuration is correct.

Outside (untrusted) to the firewall to the inside (trusted).
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article will cover setting up redundant ISPs for outbound connectivity on an ASA 5510 (although the same should work on the 5520s and up as well).  It’s important to note that this covers outbound connectivity only.  The ASA does not have built…
Problem Description:   Couple of months ago we upgraded the ADSL line at our branch office from Home to Business line. The purpose of transforming the service to have static public IP’s. We were in need for public IP’s to publish our web resour…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now