Solved

issue with route add

Posted on 2014-04-08
6
272 Views
Last Modified: 2014-04-10
I have a server connected to the Fw

server is also connected to ISP router ( as default GW)

i have done

route add x.x.x.x mask 255.255.255.255 y.y.y.y ( FW interface )

but cannot ping the other side of the FW
tracert times out on the fist hop
server can ping FW ( same subnet)

when i do route print i see the route

any ideas ?
0
Comment
Question by:c_hockland
6 Comments
 
LVL 68

Accepted Solution

by:
Qlemo earned 500 total points
ID: 39987319
You are trying all that from the server, or is there a workstation involved? I'll assume the former.
If you can ping the FW from server, you'll have to make sure there is no other route having precedence - unlikely with a host route (mask 255.255.255.255).
More likely, the issue is with the FW itself not forwarding traffic, or the other side of the FW doesn't. What's on the other side of the FW?
0
 
LVL 10

Expert Comment

by:Rafael
ID: 39987320
The FW may be blocking ICMP traffic. See if you're allowing this.
0
 

Author Comment

by:c_hockland
ID: 39987340
the other side of the FW is 10.221.64.2
inside 192.168.3.35


how can i check if it forwards traffic from 3.35 to 64.2 ?
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:c_hockland
ID: 39987346
actually i have

route inside 0.0.0.0 0.0.0.0 10.221.64.1  ( 64.1 ) is the router after the FW

so it does FW traffic from inside to the router
0
 
LVL 68

Expert Comment

by:Qlemo
ID: 39987396
It might help if we knew the brand of the FW, and the devices behind it (on 10.221.64.x). You'll have to check step by step each device which is involved in the route.

We'll assume you can reach the FW fine. Then you'll need to set up a route for 10.221.64.0/24 to it, and test both IPs. Then the device behind those, which you have set the host route for. It also helps to make a traceroute on the target device towards your own FW's IPs, then your server.
Of course and in any case you will need the route back, too - is that set up on the target network?
0
 
LVL 12

Expert Comment

by:Infamus
ID: 39989616
route inside 0.0.0.0 0.0.0.0 192.168.3.35

It has to be the next hop IP address.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now