hi @luis_cordova see bellow:

 

show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR

Gateway of last resort is x.x.214.73 to network 0.0.0.0

S* 0.0.0.0/0 [1/0] via x.x.214.73

x.x.0.0/16 is variably subnetted, 2 subnets, 2 masks
C x.x.214.72/29 is directly connected, GigabitEthernet0/1
L x.x.214.75/32 is directly connected, GigabitEthernet0/1
x.x.0.0/16 is variably subnetted, 2 subnets, 2 masks
C x.x.201.80/29 is directly connected, GigabitEthernet0/2
L x.x.201.86/32 is directly connected, GigabitEthernet0/2
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.0/24 is directly connected, FastEthernet0/0/1
L 192.168.1.1/32 is directly connected, FastEthernet0/0/1
192.168.2.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.2.0/24 is directly connected, FastEthernet0/0/0
L 192.168.2.1/32 is directly connected, FastEthernet0/0/0
192.168.4.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.4.0/24 is directly connected, GigabitEthernet0/0
L 192.168.4.1/32 is directly connected, GigabitEthernet0/0

Hi @daniel253 ,

 

By having the networks directly connected and not having an ACL that blocks communication, there should be no problem in communicating the 2 networks, keeping the DHCP separated by network.
Have you done any tests to evaluate the connection between these two networks?

 

Regards

yes, these tree networks can navigate through the internet using IPS 1 or IPS2.

But I can't ping lan to lan. For example if I'm on the ge 0/0 side, i can't ping fe0/0/0.
I also tried to ping from the router but I had communication problems either.

router#ping 192.168.4.107
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.4.107, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
router#ping 192.168.2.100
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.100, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
router#ping 192.168.1.20
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.20, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

Hi @daniel253 ,

 

Only to discard, it disables the firewalls of the final devices.
Sometimes, firewalls prevent the pings of external networks.

 

Regards

Hi,

Perhaps these devices 192.168.1.20 and 192.168.2.100 you are attempting to ping from the router have a local firewall enabled, and blocking ping - Have you confirmed?

 

Can you ping the router from those client devices?

Sorry! I was a little confused that I forgot about allowing ping in Windows firewall.

I did a couple of tests and it's working.

 

Now I'm in the middle of another problem, I need to access the CCTV when I'm not in the building.

I tried some configurations to allow port traffic but nothing with success.

 

I think that there's something missing. I did some research but nothing helpful.

 

ip nat inside source static tcp 192.168.4.100 37777 interface GigabitEthernet0/1 37777
ip nat inside source static tcp 192.168.4.100 774 interface GigabitEthernet0/1 774
ip nat inside source static tcp 192.168.4.100 443 interface GigabitEthernet0/1 443
ip nat inside source static tcp 192.168.4.100 554 interface GigabitEthernet0/1 554

 

ip access-list extended nat-acl
permit ip 192.168.4.0 0.0.0.255 any
permit tcp any host 192.168.4.100 eq 37777
permit tcp any host 192.168.4.100 eq 774
permit tcp any host 192.168.4.100 eq 443
permit tcp any host 192.168.4.100 eq 554

 

Service port: 37777
HTTP: 774
HTTPS: 443
RTSP: 554