Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1581
Views
0
Helpful
7
Replies

Configuring 2nd Cisco interface on a different Subnet (Cisco 1841)

rubberdown
Level 1
Level 1

‎01-13-2011 02:48 PM - edited ‎03-06-2019 02:59 PM

Hi!

We have a Cisco 1841 Router and have a new addition to the LAN in the form of a Sonicwall unit (as seen on picture, attachment)

I have setup Cisco interface 0/1 with IP: 192.168.70.1/24 and the corresponding "WAN" interface (X1) on the Sonicwall unit with 192.168.70.2/24. Both Eth0/1 and X1 are connected up. The "LAN" interface (X2) on the Sonicwall unit is connected to a Cisco Switch, X2 has an IP of 192.168.200.251/24.

The problem I face is that I cannot ping the 192.168.7.2 or 192.168.200.251 !

I can however ping 192.168.70.1. I have setup a static route as show below. Any suggestions  on how I could get this working. I haven't done any NAT's for Eth 0/1.  Thanks!

NetworkDiag.JPG

c1.JPG

Labels:
Preview file
20 KB
0 Helpful
7 Replies 7

Jon Marshall
Hall of Fame
Hall of Fame

‎01-13-2011 03:22 PM

where can you ping 192.168.70.1 from ? is it the firewall.

If so there is a good chance the firewall is simply not accepting pings as this is usually regarded as a security feature. If you can ping from the firewall to other IPs then connectivity should be fine. Try connecting through the firewall rather than to the firewall.

Jon

0 Helpful

rubberdown
Level 1
Level 1
In response to Jon Marshall

‎01-13-2011 03:46 PM

To jon.marshall: I am pinging from my workstation and unable to get through. I don't have a console connection to the Sonicwall unit. I will check the Sonicwall unit if its disallowing PINGs

0 Helpful

Nagaraja Thanthry
Cisco Employee
Cisco Employee

‎01-13-2011 03:22 PM

Hello,

Where are you trying to ping from? If you are trying to ping from the clients, does the Cisco Switch know that 192.168.200.251 should be sent to the SONIC wall on a different VLAN? What is the default gateway on the SONIC Wall? Is it pointing to the 1841? Also, is SONIC wall configured to allow PING traffic to its interfaces?

Hope this helps.

Regards,

NT

0 Helpful

rubberdown
Level 1
Level 1
In response to Nagaraja Thanthry

‎01-13-2011 03:49 PM

To Nagaraja: I am pinging from my workstation which is on a 192.168.90.x IP. I haven't configured the Cisco switch with a VLAN (is this required? I can change the LAN interface of the Sonicwall unit to be in the same Subnet at my other LAN PC's thus not creating a VLAN?)

I will check the default gateway on the Sonicwall unit and if its pingable. Thanks

0 Helpful

rubberdown
Level 1
Level 1

‎01-13-2011 04:31 PM

I have changed the IP of the "LAN" interface on the Sonicwall unit to 192.168.90.251 and able to PING it from my PC.

I have enabled PING from the "WAN" interface on the Sonicwall unit but still not able to PING the WAN from my PC.

The default gateway on the "WAN" interface (192.168.70.2) is pointing at the Cisco router interface that it's connected to: 192.168.70.1.

Is there anything else that needs to be done ? The Sonicwall unit will be creating a VPN connection via the WAN interface. Just wondering how a request to this VPN will get routed through the Sonicwall unit from a client machine? ie. how will the switch know to send VPN traffic to the Sonicwall unit instead of the Cisco router?

0 Helpful

Nagaraja Thanthry
Cisco Employee
Cisco Employee
In response to rubberdown

‎01-13-2011 04:43 PM

Have you tried pinging the SONICWALL (70.2) from the router (70.1)? If that is working, I guess the problem is with the SonicWall trying to route the packet through its LAN interface. When you ping from the workstation (90.x) to 70.2, the packet goes out through the 1841 and hits the SonicWall. When the SonicWall replies, it will perform a lookup on its routing table to see how to deliver the packet and realizes that 90.x is connected to its LAN interface. However, since SonicWall is a stateful firewall, it determines that the response cannot be sent via the LAN interface as the original request did not come via the LAN interface. One thing you could do on the 1841 (just to test this issue) is configure NAT and make sure that all traffic from 90.x to 70.2 is being masquraded as if coming from 70.1

access-list 1 permit 192.168.90.0 0.0.0.255

ip nat inside source list 1 interface FastEthernet 0/1 overload

interface fastEthernet 0/1 (facing the SonicWall)

ip nat outside

exit

interface FastEthernet 0/0 (facing the LAN)

ip nat inside

exit

Hope this helps.

Regards,

NT

0 Helpful

rubberdown
Level 1
Level 1

‎01-13-2011 05:46 PM

I am now able to PING Sonicwall from the PC and the router to both interfaces (x.x.70.1 and x.x.70.2 as well as x.x.90.251)

I made FastEthernet 0/0 (facing Sonicwall) to "Outside" on the Designate NAT interfaces page.

However the VPN connection created in the Sonicwall unit does not work. i.e. I cannot PING the VPN gateway (202.x.x.x) from the Sonicwall unit, Cisco router or my PC.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card