Can't ping device on optional network Watchguard Xtm 5Series

I'm trying to ping a router on the optional port and can't get a responds thru the trusted network. I have another router on that optional network that responds to ping. To test I've plug in a computer directly into the optional network, assigned an IP and i'm able to ping both routers. But from my trusted network, I can only ping one router .

setup
The trusted network is 10.0.1.X/24 (Interface 10.0.1.1)
the optional network is 10.0.2.x/24 (Interface 10.0.2.1)

Router A is 10.0.2.9 (can ping from trusted)
Router B is 10.0.2.11 (CANT ping from trusted)

Test computer1 10.0.2.100 plugged directly into same hub has above routers. I can ping both routers

Test computer2 10.0.1.100 plugged into same hub has trusted network. This computer can only ping Router A.

There is nothing showing up as being blocked in traffic monitor.

How can I tell if IP 10.0.1.100 is being NAT to 10.0.2.1 when it crossed over to the Optional network? Router B MIGHT have an access rule only allow traffic from 10.0.2.X network....But I can't verify that. Do you know if the 10.0.1.X is NAT to 10.0.2.X when It crosses to the optional port?

Why is it being blocked with no log?

Thanks for any help in advance.
stevebishopAsked:
Who is Participating?
 
stevebishopConnect With a Mentor Author Commented:
it ended up being one of the routers had an access list not allowing my internal ip's
0
 
Mike RoeCommented:
setup a rule for icmp from trusted to optional
0
 
stevebishopAuthor Commented:
thanks for the reply but I've already have a rule for icmp that says allow from 10.0.1.x to any. (which is trusted to any).

any other suggestions?

I did notice I can ping the device from the diag tool in system manager.

Thanks
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
stevebishopAuthor Commented:
also the router does have an access rule that only allows 10.0.2.x ip's.

Like I mentioned on my first post, if I setup a computer 10.0.2.100 and plug it directly into the optional network 10.0.2.x...I can ping the 10.0.2.11 router.

Also can ping 10.0.2.11 router from the diag tool in system manager on the watchguard firewall.

but not from the 10.0.1.x , there is nothing showing up as being denied.

Thanks
0
 
Mike RoeCommented:
do you have any routes setup?

I have a xtm 515 with 4 remote offices and VPN setup.

I do not have any ip addresses in the from and to for ping.  I have any trusted and any optional in from area and any trusted and any otional in the to area with no issues.
0
 
Mike RoeCommented:
In the ping setup

from
10.0.2.0/24
10.0.1.0/24

to
10.0.2.0/24
10.0.1.0/24
0
 
Mike RoeCommented:
My answer I believe was used to make person think about other devices and if the ports were open for access.
0
 
stevebishopAuthor Commented:
issue was related to an internal setup
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.