I have a cisco 2921. I have 2 networks that has its own router
192.168.1.0 network is connected to watchguard firewall
192.168.9.0 network is connected to the cisco 2921 router.
I want to connect the 2 subnet using one of the interface of the cisco router. Does anyone have any suggestion on how I can get this work? It is not connected via vpn tunnel but we want to have LAN speed when accessing resources on both network. Each network is connected to a dell switch.
I appreciate any input and help.
Im currenlty setting up the watchguard for RIP. I am able to ping 126.96.36.199 from the 192.168.9.x subnet but I cant ping anything in the 192.168.1.x network.
when I do a "show Ip protocol" under routing for networks I see
under routing information sources I see
Gateway 188.8.131.52 distance 120 last update is 4:47
At this point from Cisco network I can only ping 184.108.40.206 which is the IP of the interface on the watchguard. From the Watchguard I can only ping 220.127.116.11 which is the interface in the Cisco router.
Sounds like the problem is at the watchguard at the moment.
If you can ping from a host on the 192.168.9.0 subnet to both 18.104.22.168 & 22.214.171.124 then IP routing between subnets is working on the Cisco Side.
Can you ping from a host on the 192.168.1.0 subnet to 126.96.36.199 or 188.8.131.52? If you can the watchguard is also routing and this is an issue with the router & firewall sharing routing tables. If you CANNOT ping 184.108.40.206 or 220.127.116.11 from 192.168.1.0 the issue lies on the watchguard.
Ensure you are advertising your directly connected subnets on the firewall additionally ensure that the firewall is running RIPv2. If th firewall is running V1 this scenario will NOT work as RIPv1 is a classfull protocol and will not know what to do with the /30 subnet of the 18.104.22.168 network. If you still are having issues try reconfiguring the 22.214.171.124 to a /8(255.0.0.0) classfull network. See if this makes a difference.
Additionally check all IP Addresses, advertised subnets & subnet masks. Ensure if you are using a /30(255.255.255.252) on the Cisco side you are also replicating this subnet on the watchguard.
I cant ping any host on either subnet. The only thing I can ping is both 126.96.36.199 and 188.8.131.52 on both 9.x and 1.x network. So from the watchguard network 192.168.1.x i can ping 184.108.40.206 which is on the cisco interface. Also, from the cisco network 192.168.9.x I can ping 220.127.116.11 which is on the watchguard interface. I cant ping any host on the 1.x network from 9.x nor from 9.x to the 1.x network.
Sorry about the late reply, to get a better mental picture if I give you a list of source to destination addresses to ping.
So if you just confirm yes/no that the ping is successful.
E.g. 192.168.1.1 > 192.168.9.1 = No
18.104.22.168 > 22.214.171.124 = Yes
So if you can confirm the following
Is the following pings successful?
192.168.9.X(Host) > 126.96.36.199(Cisco interface) Yes/No
192.168.9.X(Host) > 188.8.131.52(watchguard interface) Yes/No
184.108.40.206(Cisco) > 220.127.116.11(Watchguard) Yes/No
18.104.22.168(Cisco) > 192.168.1.X(Host) Yes/No
22.214.171.124(watchguard) >192.168.1.X(Host) Yes/No
And just to confirm...
the 192.168.1.X/24 subnet is directly connected to the watchguard & the 192.168.9.X is directly connected to the Cisco.
Finally can you ensure the firewall allows communication between its own interfaces... for example a Cisco Firewall(ASA) will not allow its e0/1 interface to talk to e0/2 interface even though they are trusted(inside) interfaces until you specify they can communicate. Again I don't know enough about watchguard.
Define what can ping what.
ensure that the watchguard is not restricting communication between interfaces.
ensure the firewall(watchguard) is allowing dynamic routing protocol information between interfaces.
Note:- The Cisco will not restrict any of this information by default, so I have a feeling the issue lays somewhere on the watchguard.
finally can I have a 'show run' of the 2921(feel free to omit any sensitive data) along with a 'show ip route' & finally a 'sh ip int br'
Additionally if thier is any GUI or output so I can see what is going on with the watchguard(Again feel free to omit sensitive data)
No problem at all, glad it is finallly working!
If you dont mind me asking what was the issue in the end?