c_hockland
asked on
issue with route add
I have a server connected to the Fw
server is also connected to ISP router ( as default GW)
i have done
route add x.x.x.x mask 255.255.255.255 y.y.y.y ( FW interface )
but cannot ping the other side of the FW
tracert times out on the fist hop
server can ping FW ( same subnet)
when i do route print i see the route
any ideas ?
server is also connected to ISP router ( as default GW)
i have done
route add x.x.x.x mask 255.255.255.255 y.y.y.y ( FW interface )
but cannot ping the other side of the FW
tracert times out on the fist hop
server can ping FW ( same subnet)
when i do route print i see the route
any ideas ?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The FW may be blocking ICMP traffic. See if you're allowing this.
ASKER
the other side of the FW is 10.221.64.2
inside 192.168.3.35
how can i check if it forwards traffic from 3.35 to 64.2 ?
inside 192.168.3.35
how can i check if it forwards traffic from 3.35 to 64.2 ?
ASKER
actually i have
route inside 0.0.0.0 0.0.0.0 10.221.64.1 ( 64.1 ) is the router after the FW
so it does FW traffic from inside to the router
route inside 0.0.0.0 0.0.0.0 10.221.64.1 ( 64.1 ) is the router after the FW
so it does FW traffic from inside to the router
It might help if we knew the brand of the FW, and the devices behind it (on 10.221.64.x). You'll have to check step by step each device which is involved in the route.
We'll assume you can reach the FW fine. Then you'll need to set up a route for 10.221.64.0/24 to it, and test both IPs. Then the device behind those, which you have set the host route for. It also helps to make a traceroute on the target device towards your own FW's IPs, then your server.
Of course and in any case you will need the route back, too - is that set up on the target network?
We'll assume you can reach the FW fine. Then you'll need to set up a route for 10.221.64.0/24 to it, and test both IPs. Then the device behind those, which you have set the host route for. It also helps to make a traceroute on the target device towards your own FW's IPs, then your server.
Of course and in any case you will need the route back, too - is that set up on the target network?
route inside 0.0.0.0 0.0.0.0 192.168.3.35
It has to be the next hop IP address.
It has to be the next hop IP address.