Help pinging Network on second network card

deversk · ‎02-15-2017

I am building a network for a project, I can ping from the pc's outside the external router as far as 192.168.1.2 on my firewall which has two network cards. I can ping the Firewall to any PC inside the 10.0.0.0 network but I just cant ping across the Firewall in packet tracer. How do I fix this? There is obviously no routing between the two NIC's can it be fixed on packet tracer?

Diana Karolina Rojas · ‎02-15-2017

Hello!

Can you provide me your firewall configuration? did you agregate rules to permit the traffic from the LAN interface to outside?

Regards,

Julio E. Moisa · ‎02-15-2017

Hi

Assuming your config behind the firewall (left side) is ok, the firewall should have any routing protocol or static route to enable the communication between these segments.

And you should enable a ICMP (echo and echo-reply on both ways)

example
access-list TEST-IN extended permit icmp any any echo
access-list TEST-IN extended permit icmp any any echo-reply

access-list TEST-OUT extended permit icmp any any echo
access-list TEST-OUT extended permit icmp any any echo-reply

Routing could be with static route:

route <name-if where the subnets are being known> 192.16.2.0 255.255.255.0 192.168.1.1
route <name-if where the subnets are being known> 192.16.3.0 255.255.255.0 192.168.1.1
route <name-if where the subnets are being known> 192.16.4.0 255.255.255.0 192.168.1.1

Also remember to associate the ACL to the access group, example:

access-group TEST-IN in interface <name-if to be applied>
access-group TEST-OUT in interface <name-if to be applied>

Also check if the router has any path to reach the subnet on the right side. It could be a static route pointing to the firewall

example

ip route 10.0.0.0 255.255.255.0 192.168.1.2

Could you please provide the firewall configuration.

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<