Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
768
Views
4
Helpful
11
Replies

Issue with Firewall

eBHWorker
Level 1
Level 1

‎01-07-2024 11:01 AM

I've been trying to resolve this issue for about 2 days but cannot find the problem. The computer circled dark blue can ping any PC or device from the WAN (Network A and C). Network devices from A and C can do the same. There is a slight issue though, the PC with the orange (and all other PCs inside of Network C) cannot ping any PC besides themselves but can receive the DNS and ICMP traffic from the other side of the firewall (AKA the 8.8.8.8 DNS server). 

I've been trying to fix this issue by configuring the routers 10.10.1.1 and 10.10.100.1 to enable ICMP and allow DNS, but none can communicate with the DNS server but still can ping any PC (including the orange and the rest of Network C's PCs). 

If anyone could help me with the issue that would be amazing.

 

Labels:
Preview file
241 KB
0 Helpful
11 Replies 11

M02@rt37
VIP
VIP

‎01-07-2024 11:20 AM

Hello @eBHWorker

Where is hosted the IP Gw of that PC dark bule ?

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

eBHWorker
Level 1
Level 1
In response to M02@rt37

‎01-07-2024 11:30 AM

Hello M02@rt37, thank you for the reply,

The Dark Blue and the Orange PCs are all receiving default Gateway from the Firewall since it's serving as a DHCP with IP 192.168.1.1

The other networks are using the Routers that are connecting to their respective Switches as their DHCP configurations (as the routers have DHCP for each default IP [for example 192.168.2.1 and 192.168.3.1])

0 Helpful

M02@rt37
VIP
VIP
In response to eBHWorker

‎01-07-2024 11:35 AM

Thanks @eBHWorker for that clarification.

Do you use simulation mode to "follow" the packet ? 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

eBHWorker
Level 1
Level 1
In response to M02@rt37

‎01-07-2024 11:49 AM

My pleasure, M02@rt37 I tried using a sample PDU to determine what part of the movement was causing the issue, but it would seem that the PC (as an example) from network 192.168.3.1 goes off to the switch to the Firewall, and attempts to leave, but is decline and failed when doing so. 

eBHWorker_0-1704656914972.png

But for some reason, the computers in Network C go perfectly to the Firewall, and from the firewall to the other side with no conflict (and return the ping or are capable of using DNS from the DNS server).

 

Georg Pauwen
VIP
VIP

‎01-08-2024 02:28 AM

Hello,

post your zipped Packet Tracer (pkt) project file...

eBHWorker
Level 1
Level 1

‎01-08-2024 10:08 AM

Hello @Georg Pauwen, thank you for the kindness intent, 

Hereby is the project that I was trying to configure. When starting the firewall, there's an unexpected behavior even though I already configured the wanted Inside and Outside properties (that for some reason reversed). So every time I start the CPT file, I have to write "reload" inside of the CLI.
Thank you for the help M02@rt37 

Project.zip
0 Helpful

Georg Pauwen
VIP
VIP
In response to eBHWorker

‎01-08-2024 11:16 AM

Hello,

I have opened your file, but I cannot reproduce your connectivity problem, it looks like there is full connectivity. From which IP address to which IP address do you NOT have connectivity ?

0 Helpful

eBHWorker
Level 1
Level 1
In response to Georg Pauwen

‎01-08-2024 11:38 AM

Hi there, 

The issue is mainly that the connections show stable, but for example, the ICMP communication between the network 192.168.3.1 and the network 192.168.1.1 is now able to communicate with each other (even though they are connected wired and show good connectivity). 

0 Helpful

Georg Pauwen
VIP
VIP
In response to eBHWorker

‎01-08-2024 12:05 PM

Hello,

what instructions are you following ? The router interface and the firewall interface have the same IP address. 

interface GigabitEthernet0/0
ip address 192.168.1.1 255.255.255.0
ip helper-address 178.167.2.150
ip access-group 1 in
duplex auto
speed auto

Firewall Vlan 2:

192.168.1.1

0 Helpful

eBHWorker
Level 1
Level 1
In response to Georg Pauwen

‎01-08-2024 01:07 PM

I believe I set the IP address on GigabitEthernet0/0 since that's the port that is connecting to the router (with the switch that belongs to that network). The firewall is configuring the DHCP for the network IP 192.168.1.1 directly and is also connected to the switch. But the Router is essentially configuring DHCP to the network 192.168.3.1 on the left (the one with the access point). 

0 Helpful

Georg Pauwen
VIP
VIP
In response to eBHWorker

‎01-09-2024 12:06 AM

Hello,

what is the password for the Firewall ?

Does the Vlan 2 interface on the firewall (the one is IP address 192.168.1.1) need to be in the same address space as the DHCP pool you named 'vlan2' on the router ? If that is the case, change the IP address of the Vlan2 interface on the firewall to an address in the 192.168.3.0/24 address space.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card