Solved

issue with route add

Posted on 2014-04-08
6
268 Views
Last Modified: 2014-04-10
I have a server connected to the Fw

server is also connected to ISP router ( as default GW)

i have done

route add x.x.x.x mask 255.255.255.255 y.y.y.y ( FW interface )

but cannot ping the other side of the FW
tracert times out on the fist hop
server can ping FW ( same subnet)

when i do route print i see the route

any ideas ?
0
Comment
Question by:c_hockland
6 Comments
 
LVL 68

Accepted Solution

by:
Qlemo earned 500 total points
Comment Utility
You are trying all that from the server, or is there a workstation involved? I'll assume the former.
If you can ping the FW from server, you'll have to make sure there is no other route having precedence - unlikely with a host route (mask 255.255.255.255).
More likely, the issue is with the FW itself not forwarding traffic, or the other side of the FW doesn't. What's on the other side of the FW?
0
 
LVL 10

Expert Comment

by:Rafael
Comment Utility
The FW may be blocking ICMP traffic. See if you're allowing this.
0
 

Author Comment

by:c_hockland
Comment Utility
the other side of the FW is 10.221.64.2
inside 192.168.3.35


how can i check if it forwards traffic from 3.35 to 64.2 ?
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:c_hockland
Comment Utility
actually i have

route inside 0.0.0.0 0.0.0.0 10.221.64.1  ( 64.1 ) is the router after the FW

so it does FW traffic from inside to the router
0
 
LVL 68

Expert Comment

by:Qlemo
Comment Utility
It might help if we knew the brand of the FW, and the devices behind it (on 10.221.64.x). You'll have to check step by step each device which is involved in the route.

We'll assume you can reach the FW fine. Then you'll need to set up a route for 10.221.64.0/24 to it, and test both IPs. Then the device behind those, which you have set the host route for. It also helps to make a traceroute on the target device towards your own FW's IPs, then your server.
Of course and in any case you will need the route back, too - is that set up on the target network?
0
 
LVL 12

Expert Comment

by:Infamus
Comment Utility
route inside 0.0.0.0 0.0.0.0 192.168.3.35

It has to be the next hop IP address.
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Join & Write a Comment

Suggested Solutions

Trying to figure out group policy inheritance and which settings apply where can be a chore.  Here's a very simple summary I've written which might help.  Keep in mind, this is just a high-level conceptual overview where I try to avoid getting bogge…
Let’s list some of the technologies that enable smooth teleworking. 
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now