02-05-2008 07:31 AM - edited 03-03-2019 08:34 PM
I have been trying to move my company from a 1.5 managed Internet line
(includes telco router) to a 4.5 multilink Internet line (3 T1 lines +
telco router) for over a month now. We have a PIX Firewall behind our
current 1.5 managed Internet connection which works perfectly. The PIX points to the gateway of last resort on the 1.5 Internet router (route outside
0.0.0.0. 0.0.0.0. 12.94.x.x 1). All external IP addressing for the
old and new telco router is the same. The problem is, when I try to
switch to the new 4.5 multilink Internet line -- I cannot get out to
the Internet, ping the serial interface of the new router, nothing. I
clear arp and power the PIX down when I try to switch over to the new
4.5 Internet line + router. I have attached the configuration of the 4.5 telco router and the PIX? Any ideas? We directly
connect our firewall into g0/0, but we are unable to ping the customer
serial IP address. The Telco has basically refused to work with us and says it is our PIX firewall. HELP!!!
02-05-2008 08:31 AM
When you post "show ip interface brief" from you router.
02-05-2008 09:13 AM
Thanks for posting.
The telco controls the router, I do not have the ability to logon to the router.
I keep thinking the acl in permissions are missing on the serial interfaces, but I do not know enough about MLPPP connections.
02-05-2008 09:56 AM
Can you ping from the outside interface of the PIX to the inside of the router and then try the outside of the router.
02-05-2008 10:45 AM
I was only able to ping the 12.94.x.x interface on the router (g0/0) from the outside interface of the PIX. I could not ping anything else.
02-05-2008 11:11 AM
Well that would suggest that it is an issue with the router not passing data from G0/0 to the serial interface of the router. I would do a trace from the pix and copy that and send it to the telco company.
02-05-2008 11:14 AM
Could you try to ping from the inside of the pix to the g0/0 of the router?
02-05-2008 11:19 AM
I was only able to ping the g0/0 from our internal subnet as well (inside the pix).
I will try the trace as you have suggested.
I have to bring our current 1.5 Internet line down to test, so I need to come in late at night to test the multilink line + router.
02-05-2008 03:29 PM
I was able to bring the main line down for a few minutes and bring the mulitlink up to try a tracert. I have attached the results. It just times out through the new router and dns does not resolve. I do not understand this, when everything works fine through the single t1 and the same PIX. I think it is the multilink router. Please help!!!!
02-05-2008 03:35 PM
I think it is the router. Ping from the inside of your PIX and from the outside of the pix to the inside and outside of the router. Then get the CO on the phone and let them see the results. That should be enought to show them they have an issue with the multilink setup.
02-06-2008 11:02 AM
Thanks and I will gather this info for the telco. We are going to due another full test this Friday night with the telco. I will post the results.
02-11-2008 07:39 AM
The Telco finally fixed their router on Friday evening after I sent them the tracert and ping information from outside my Firewall.
Thanks for all your suggestions.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide