cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4459
Views
0
Helpful
4
Replies
Highlighted

cant ping default gateway from internal user

Hello friends. i have configured multiple vlans on my core switch , intervlan is working fine. i have enabled ospf for that, then i connected my router firewall to one of the switchport , i assigned it ip address of the same range.and i can ping as it is directly connected. 

but the problem now i am facing is that i can ping the switch's interface which is connected to firewall but i cannot ping router/firewall's ip address from a specific subnet, i enable ip route 0.0.0.0 0.0.0.0 192.168.168.168  < 192.168.168.168> being the firewall/router's ip address, 

another issue is the i can ping the IP address of the ISP which is 51.211.169.90 while my public ip is 51.211.169.89 which is the outside IP of my router firewall. i can ping ISP's IP address from my core , but i cannot ping it from that specific vlan on my internal network. also i cannot access the internet from that subnet, DNS connection is fine. i tested the connection to DNS its fine from firewall, i am using Dell Sonicwall as router/firewall

i dont know what i have done wrong in this case kindly check the configs and let me know if i am missing something, i can provide you teavviewer access as well for troubleshooting, 

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Hi,

Like I said -- Firewalls have security setups which you need to investigate if
you want them to allow/take part in ICMP (ping and trace ) replies etc.
I am not an expert in firewalls at all.

Re the routing.

The 0.0.0.0 reoute wil be propogated to the OSPF neighboring routers.
Theese other routers will use this 0.0.0.0 route for outbound traffic to routes that are not expcitly in their routing tables.

The firewall will need routes added back to the user vlan subnets point as next hop to your router/switch address id 192.168.168.169.


Hope this helps
Regrds
Alex

Regards, Alex. Please rate useful posts.

View solution in original post

4 REPLIES 4
Highlighted
Advocate

Hi,

Firewall interfaces do not normally respond to pings.
(Part of the security set-up, you need to invokearule to allowthe ping)

Also you are deplying OSPF if you need yor neighbor routersto see the default route to 192.168.168.168 you will need to propogate this under your OSPF config.

!
router ospf 1
default-information originate
!

Hope this helps
Regrds
Alex

Regards, Alex. Please rate useful posts.
Highlighted

sir if i can ping the ISP's router from my switch's interface that is connected into firwall why cant i ping the inside IP address of firewall, i have configured that command default info originate. but that is from incomming traffic right? what about outgoing traffic from my internal VLANs?

Highlighted

Hi,

Like I said -- Firewalls have security setups which you need to investigate if
you want them to allow/take part in ICMP (ping and trace ) replies etc.
I am not an expert in firewalls at all.

Re the routing.

The 0.0.0.0 reoute wil be propogated to the OSPF neighboring routers.
Theese other routers will use this 0.0.0.0 route for outbound traffic to routes that are not expcitly in their routing tables.

The firewall will need routes added back to the user vlan subnets point as next hop to your router/switch address id 192.168.168.169.


Hope this helps
Regrds
Alex

Regards, Alex. Please rate useful posts.

View solution in original post

Highlighted

Thankyou alot sir. you have solved it, problem was the routes even though i allowed any to any traffic but i needed to specify the subnetwork id of the vlan in the firewall i dont know even thats by design from sonicwall firewall but it helped. now i can access the internet and also ping all the interfaces, Thankyou again. have a nice day

Content for Community-Ad