cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
383
Views
0
Helpful
4
Replies

Routing Issue

csaravanan
Level 1
Level 1

Hello,

I have my Edge router internal interface connected to a switch and also the firewalls external interface connected to the same vlan of the switch.

I also have a wireless router connected to the same VLAN on the switch. The wireless router default gateway is set to my ISP router.

The problem I am facing is I am not able to reach the internal network behind the firewall from my wireless network. I am able to connect to the internet and everything else is fine in the wireless network. I tried creating a static route on my wireless router for my internal network to route traffic to firewall. It still doesnt work , I think its because of the default route I set.

I am wondering how everything else is working fine, all traffic directed to my internal network from internet are flowing through the router and firewall.

This raises a new question to me, how does my router knows, for the incoming traffic it has to direct the traffic to my firewall instead of wireless router.

Please provide me a solution for routing to internal network from wireless router and also if someone could explain how the router passes the incoming traffic to the firewall will be great

Thanks,

Chandru

4 Replies 4

jay77jay77
Level 1
Level 1

Hi

when you say internal network, are you referring to your hosted web or mail server.

If so, it may be NATed to the PUBLIC IP assigned by the ISP.

So what you can do is- if you have access to the Internet router, you may need to put in the some routes similary as in the ISP router.

eg. 10.10.10.0/28 is the public range you are NATing ur internal servers. You need to point a route on your wireless as:

ip route 10.10.10.0 255.255.255.240 "firewall external ip"

Cheers

Hi,

I tried creating a static route on my wireless router before posting this question it doesnt work.

Thanks

Chandru

If your internal network is on the inside of the firewall it's ip subnet will be hidden by the firewall i.e. 10.0.0.0 translated to 51.0.0.0 by the firewall.

Secondly there will be rules on the firewall that allow/disallow traffic in/out

For the connection to work three things have to be correct,

1) the static rule on the wireless router has to point at the visible addresses on the outside of the firewall i.e. in the example the 51.0.0.0 addresses not the 10.0.0.0 addresses

2) there have to be rules in place on the firewall that allow traffic from the wireless network to access the internal network.

3)NATting rules on the firewall that allow the internal targets to be visible to the outside of the firewall.

Are you running a routing protocol?

On the router, if you issue a sh ip route, can you see an entry/entries for your (NATted) internal network(s)? The next hop should be your fw external int - I would imagine that is how it is routing traffic to your fw rather than the wireless device.

I think the first poster was suggesting you have a static route to the NATted address, since it will be hitting the external interface of the fw.

Review Cisco Networking for a $25 gift card