11-14-2013 08:12 AM - edited 03-07-2019 04:36 PM
I'm having trouble pinging any ip address outside of my network from a pc on a vlan. I have attached the running configs of both my 3550 switch and 2821 router. The router sits behind the sonicwall. From a pc on a vlan, I can only ping as far as Gi0/0 (which connects to the sonicwall) port on the router. On the router I can ping just about anywhere. The attached JPEG shows my current test environment. Any suggestions on how to get the PC's to connect outside the LAN?
R1#sh run
Building configuration...
Current configuration : 1721 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
enable secret 5 $1$rYd/$LU1RKfJhDIn4okW4O1W6..
!
no aaa new-model
!
dot11 syslog
ip source-route
!
!
ip cef
!
!
no ip domain lookup
ip domain name test.com
multilink bundle-name authenticated
!
!
!
!
!
!
username admin privilege 15 secret 5 $1$7h0q$STnBytgXA43SfgkSTccEQ1
archive
log config
hidekeys
!
!
ip ssh version 2
!
!
!
interface GigabitEthernet0/0
ip address 192.168.199.1 255.255.255.0
duplex auto
speed auto
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/1.10
encapsulation dot1Q 10
ip address 192.168.10.1 255.255.255.0
!
interface GigabitEthernet0/1.20
encapsulation dot1Q 20
ip address 192.168.20.1 255.255.255.0
!
interface GigabitEthernet0/1.30
encapsulation dot1Q 30
ip address 192.168.30.1 255.255.255.0
!
interface GigabitEthernet0/1.40
encapsulation dot1Q 40
ip address 192.168.40.1 255.255.255.0
!
interface GigabitEthernet0/1.50
encapsulation dot1Q 50
ip address 192.168.0.1 255.255.255.0
!
interface GigabitEthernet0/1.100
encapsulation dot1Q 100
ip address 192.168.100.1 255.255.255.0
!
interface GigabitEthernet0/1.120
encapsulation dot1Q 120
ip address 192.168.120.1 255.255.255.0
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.199.254
!
no ip http server
no ip http secure-server
!
!
!
!
control-plane
!
!
line con 0
password cisco
login
line aux 0
password cisco
login
line vty 0 4
login local
transport input ssh
line vty 5 15
login local
transport input ssh
!
scheduler allocate 20000 1000
end
--------------------------------------------------------------------------------------
R1#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 192.168.199.254 to network 0.0.0.0
C 192.168.120.0/24 is directly connected, GigabitEthernet0/1.120
C 192.168.30.0/24 is directly connected, GigabitEthernet0/1.30
C 192.168.10.0/24 is directly connected, GigabitEthernet0/1.10
C 192.168.40.0/24 is directly connected, GigabitEthernet0/1.40
C 192.168.199.0/24 is directly connected, GigabitEthernet0/0
C 192.168.20.0/24 is directly connected, GigabitEthernet0/1.20
C 192.168.0.0/24 is directly connected, GigabitEthernet0/1.50
C 192.168.100.0/24 is directly connected, GigabitEthernet0/1.100
S* 0.0.0.0/0 [1/0] via 192.168.199.254
--------------------------------------------------------------------------------------
BELL24#sh run
Building configuration...
Current configuration : 4967 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname BELL24
!
enable secret 5 $1$l/s.$5b6l8yQuCNYcZNkduck1x1
!
username admin privilege 15 secret 5 $1$4fSj$WsHF2dtSO/yZyODRB0gJw0
no aaa new-model
ip subnet-zero
ip domain-name test.com
!
!
!
crypto pki trustpoint TP-self-signed-2469554432
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2469554432
revocation-check none
rsakeypair TP-self-signed-2469554432
!
!
crypto pki certificate chain TP-self-signed-2469554432
certificate self-signed 01
30820247 308201B0 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32343639 35353434 3332301E 170D3933 30333031 30303031
30305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 34363935
35343433 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100E45C 066BC268 249E98FA 28EB2F1A CD4FC0FA ACAC5AA4 D3735A0C C500BA25
1215A37E 97BEFA53 E57A6C2B 6E5C2D22 1CD77E67 64BB56F4 4E515EE7 6C5C97EA
7C75AA96 68D84D6D F3440DFF 9729E9D0 C842D935 3BDA2D4F 9F165327 97C1F320
7C82FBFB C8786AA0 7733BF3F 758D5675 F1B7AC9D 067C707A 642BC996 D96976F2
7BFB0203 010001A3 6F306D30 0F060355 1D130101 FF040530 030101FF 301A0603
551D1104 13301182 0F42454C 4C32342E 74657374 2E636F6D 301F0603 551D2304
18301680 14CC7E72 A8F96231 04F28B6A B06DE62B B9C27879 9E301D06 03551D0E
04160414 CC7E72A8 F9623104 F28B6AB0 6DE62BB9 C278799E 300D0609 2A864886
F70D0101 04050003 81810007 CCB0945F ED46FBCE 6D269190 BEC49A34 1F5479C0
3AECECCA C5F5828D 3CBAC389 D9FA208A EAAB1790 E9ADD129 BB4D3D68 0086A0AE
C09C86EA E3C9E96A C298A8F2 273AF67A 45172668 27280F3C 47B4EFCA 2FE976D6
00C4D368 B6D5CC50 388881E2 229E3E82 B67F90DA FB54B67F 846872F3 2268FAEF
4200C58F B2EC3E0D 51D7A0
quit
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
ip ssh version 2
!
!
interface FastEthernet0/1
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/2
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/3
switchport access vlan 30
switchport mode access
shutdown
!
interface FastEthernet0/4
switchport access vlan 30
switchport mode access
shutdown
!
interface FastEthernet0/5
switchport access vlan 30
switchport mode access
shutdown
!
interface FastEthernet0/6
switchport access vlan 30
switchport mode access
shutdown
!
interface FastEthernet0/7
switchport access vlan 30
switchport mode access
shutdown
!
interface FastEthernet0/8
switchport access vlan 30
switchport mode access
shutdown
!
interface FastEthernet0/9
switchport access vlan 30
switchport mode access
shutdown
!
interface FastEthernet0/10
switchport access vlan 30
switchport mode access
shutdown
!
interface FastEthernet0/11
switchport access vlan 30
switchport mode access
shutdown
!
interface FastEthernet0/12
switchport access vlan 30
switchport mode access
shutdown
!
interface FastEthernet0/13
switchport access vlan 30
switchport mode access
shutdown
!
interface FastEthernet0/14
switchport access vlan 30
switchport mode access
shutdown
!
interface FastEthernet0/15
switchport access vlan 30
switchport mode access
shutdown
!
interface FastEthernet0/16
switchport access vlan 30
switchport mode access
shutdown
!
interface FastEthernet0/17
switchport access vlan 30
switchport mode access
shutdown
!
interface FastEthernet0/18
switchport access vlan 30
switchport mode access
shutdown
!
interface FastEthernet0/19
switchport access vlan 30
switchport mode access
shutdown
!
interface FastEthernet0/20
switchport access vlan 30
switchport mode access
shutdown
!
interface FastEthernet0/21
switchport access vlan 30
switchport mode access
shutdown
!
interface FastEthernet0/22
switchport access vlan 30
switchport mode access
shutdown
!
interface FastEthernet0/23
switchport access vlan 30
switchport mode access
shutdown
!
interface FastEthernet0/24
switchport access vlan 30
switchport mode access
shutdown
!
interface GigabitEthernet0/1
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/2
switchport mode dynamic desirable
shutdown
!
interface Vlan1
no ip address
shutdown
!
interface Vlan10
no ip address
!
interface Vlan20
no ip address
!
interface Vlan30
no ip address
!
interface Vlan40
no ip address
!
interface Vlan50
ip address 192.168.0.38 255.255.255.0
!
interface Vlan100
no ip address
!
interface Vlan120
no ip address
!
ip default-gateway 192.168.10.1
ip classless
ip http server
ip http secure-server
!
!
control-plane
!
!
line con 0
password cisco
login
line vty 0 4
login local
transport input ssh
line vty 5 15
login local
transport input ssh
!
end
--------------------------------------------------------------------------------------
11-14-2013 10:31 AM
Hi,
-is the sonic wall natting all these vlans ?
-does sonicwall have routes towards these vlans?
Regards
Alain
Don't forget to rate helpful posts.
11-14-2013 11:16 AM
Our ISP does all our NATing for us. I haven't checked the sonicwall for routes, since it was configured by someone else. Do you think the routing table looks correct? I figured my default route could have been wrong, therefore no packets would get past the gateway. But even though the 192.168.199.x subnet is directly connected to the router, why is it that I cannot ping 192.168.199.254 from a PC? I thought the router would forward the ping to the correct network if it shows up in the routing table.
11-14-2013 11:26 AM
Adam
It may be that firewall is configured not to respond to pings. Your routing table looks fine.
When you say you can ping just about anywhere from the router i assume you mean the internet ? If so this supports Alain's post because when you ping from the router the source address is 192.168.199.1 and the sonicwall knows how to reach this address because it also on the same subnet.
But the sonicwall probably doesn't know about the internal subnets so it can't route back to them.
Edit - actually scrap all that. There are too many variables and the sonicwall may not be configured to allow 192.168.1.199 through. So best to check the firewall for routes as previously mentioned.
Jon
11-15-2013 11:30 AM
Problem has been solved. Thanks for everyone's help.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide