Solved

Can't ping device on optional network Watchguard Xtm 5Series

Posted on 2014-02-05
8
1,225 Views
Last Modified: 2014-02-24
I'm trying to ping a router on the optional port and can't get a responds thru the trusted network. I have another router on that optional network that responds to ping. To test I've plug in a computer directly into the optional network, assigned an IP and i'm able to ping both routers. But from my trusted network, I can only ping one router .

setup
The trusted network is 10.0.1.X/24 (Interface 10.0.1.1)
the optional network is 10.0.2.x/24 (Interface 10.0.2.1)

Router A is 10.0.2.9 (can ping from trusted)
Router B is 10.0.2.11 (CANT ping from trusted)

Test computer1 10.0.2.100 plugged directly into same hub has above routers. I can ping both routers

Test computer2 10.0.1.100 plugged into same hub has trusted network. This computer can only ping Router A.

There is nothing showing up as being blocked in traffic monitor.

How can I tell if IP 10.0.1.100 is being NAT to 10.0.2.1 when it crossed over to the Optional network? Router B MIGHT have an access rule only allow traffic from 10.0.2.X network....But I can't verify that. Do you know if the 10.0.1.X is NAT to 10.0.2.X when It crosses to the optional port?

Why is it being blocked with no log?

Thanks for any help in advance.
0
Comment
Question by:stevebishop
  • 4
  • 4
8 Comments
 
LVL 9

Expert Comment

by:M Roe
ID: 39836257
setup a rule for icmp from trusted to optional
0
 

Author Comment

by:stevebishop
ID: 39837583
thanks for the reply but I've already have a rule for icmp that says allow from 10.0.1.x to any. (which is trusted to any).

any other suggestions?

I did notice I can ping the device from the diag tool in system manager.

Thanks
0
 

Author Comment

by:stevebishop
ID: 39837590
also the router does have an access rule that only allows 10.0.2.x ip's.

Like I mentioned on my first post, if I setup a computer 10.0.2.100 and plug it directly into the optional network 10.0.2.x...I can ping the 10.0.2.11 router.

Also can ping 10.0.2.11 router from the diag tool in system manager on the watchguard firewall.

but not from the 10.0.1.x , there is nothing showing up as being denied.

Thanks
0
Surfing Is Meant To Be Done Outdoors

Featuring its rugged IP67 compliant exterior and delivering broad, fast, and reliable Wi-Fi coverage, the AP322 is the ideal solution for the outdoors. Manage this AP with either a Firebox as a gateway controller, or with the Wi-Fi Cloud for an expanded set of management features

 
LVL 9

Expert Comment

by:M Roe
ID: 39842932
do you have any routes setup?

I have a xtm 515 with 4 remote offices and VPN setup.

I do not have any ip addresses in the from and to for ping.  I have any trusted and any optional in from area and any trusted and any otional in the to area with no issues.
0
 
LVL 9

Expert Comment

by:M Roe
ID: 39842945
In the ping setup

from
10.0.2.0/24
10.0.1.0/24

to
10.0.2.0/24
10.0.1.0/24
0
 

Accepted Solution

by:
stevebishop earned 0 total points
ID: 39870510
it ended up being one of the routers had an access list not allowing my internal ip's
0
 
LVL 9

Expert Comment

by:M Roe
ID: 39870539
My answer I believe was used to make person think about other devices and if the ports were open for access.
0
 

Author Closing Comment

by:stevebishop
ID: 39882042
issue was related to an internal setup
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Occasionally, we encounter connectivity issues that appear to be isolated to cable internet service.  The issues we typically encountered were reset errors within Internet Explorer when accessing web sites or continually dropped or failing VPN conne…
Network traffic routing plays key role in your network, if you have single site with heavy browsing or multiple sites, replicating important application data from your Primary Default Gateway ,you have to route your other network traffic from your p…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question