Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

issue with route add

Posted on 2014-04-08
6
Medium Priority
?
296 Views
Last Modified: 2014-04-10
I have a server connected to the Fw

server is also connected to ISP router ( as default GW)

i have done

route add x.x.x.x mask 255.255.255.255 y.y.y.y ( FW interface )

but cannot ping the other side of the FW
tracert times out on the fist hop
server can ping FW ( same subnet)

when i do route print i see the route

any ideas ?
0
Comment
Question by:c_hockland
6 Comments
 
LVL 71

Accepted Solution

by:
Qlemo earned 2000 total points
ID: 39987319
You are trying all that from the server, or is there a workstation involved? I'll assume the former.
If you can ping the FW from server, you'll have to make sure there is no other route having precedence - unlikely with a host route (mask 255.255.255.255).
More likely, the issue is with the FW itself not forwarding traffic, or the other side of the FW doesn't. What's on the other side of the FW?
0
 
LVL 10

Expert Comment

by:Rafael
ID: 39987320
The FW may be blocking ICMP traffic. See if you're allowing this.
0
 

Author Comment

by:c_hockland
ID: 39987340
the other side of the FW is 10.221.64.2
inside 192.168.3.35


how can i check if it forwards traffic from 3.35 to 64.2 ?
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:c_hockland
ID: 39987346
actually i have

route inside 0.0.0.0 0.0.0.0 10.221.64.1  ( 64.1 ) is the router after the FW

so it does FW traffic from inside to the router
0
 
LVL 71

Expert Comment

by:Qlemo
ID: 39987396
It might help if we knew the brand of the FW, and the devices behind it (on 10.221.64.x). You'll have to check step by step each device which is involved in the route.

We'll assume you can reach the FW fine. Then you'll need to set up a route for 10.221.64.0/24 to it, and test both IPs. Then the device behind those, which you have set the host route for. It also helps to make a traceroute on the target device towards your own FW's IPs, then your server.
Of course and in any case you will need the route back, too - is that set up on the target network?
0
 
LVL 12

Expert Comment

by:Infamus
ID: 39989616
route inside 0.0.0.0 0.0.0.0 192.168.3.35

It has to be the next hop IP address.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
Unable to change the program that handles the scan event from a network attached Canon/Brother printer/scanner. This means you'll always have to choose which program handles this action, e.g. ControlCenter4 (in the case of a Brother).
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question