Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5390
Views
0
Helpful
20
Replies

Simple problem: Traffic doesn't appear to be getting through router

Baphijmm1
Level 1
Level 1

‎11-24-2014 10:56 PM - edited ‎03-07-2019 09:38 PM

Trying to set up an extended network within a corporate network; I'm entirely new to this, as our previous network administrator unfortunately passed away earlier this year. Cisco 3845 router; the router itself easily sees both sides of itself and is configured, as far as I can tell, to pass traffic through itself to the greater network. Devices on one side of the router cannot see through it to the other, and vice versa; devices can easily see the router from either side, and devices on the inside of the router can see the IP address of the external interface of the router; however, absolutely nothing is visible beyond this. I've spent days researching papers and manuals trying to find the problem, and at this point am throwing up my arms in frustration. Any assistance, please? Why would a router not be, you know, routing?

Labels:
0 Helpful
20 Replies 20

Jon Marshall
Hall of Fame
Hall of Fame
In response to Baphijmm1

‎12-02-2014 01:55 AM

I think your 3845 should be routing so please add "ip routing" and the static route back (if you removed them).

The 3845 is using 192.168.x.x IPs on both interfaces. These are not routable on the internet and yet you say the 3845 can access internet IPs (but not clients behind the 3845).

This means the 192.168.10.x IP on the gi0/0 interface must be changed with NAT to a public IP. Looking at the multilink router there is no NAT configuration which suggests that the firewall is doing it.

So if the fa0/0 interface on the multilink router is a public IP then, as Paul suggested, the issue is very probably with the firewall. This also means you don't need to add any routes to the multilink router.

You need to check three things on the firewall -

1) the firewall needs to have a route for 192.168.100.0/24 pointing to the gi0/0 192.168.10.x IP address so it knows how to route traffic back to the 3845

and

2) the firewall needs to allow through the 192.168.100.x/24 IPs towards the internet

and

3) the firewall needs to have NAT setup for the 192.168.100.0/24 subnet

If the firewall is not Cisco we can probably be of limited help.

Can you confirm if the fa0/0 interface on the multilink router is a public IP just so we can be sure it is the firewall that is the issue. No need to post the actual IP,  just check whether it is a public IP or  not.

Jon

0 Helpful

Baphijmm1
Level 1
Level 1
In response to Jon Marshall

‎12-02-2014 02:02 AM

Your understanding is precisely backwards (which is reasonable, considering the hardware involved): the 3845 is behind another router, *not* directly connected to the internet. It's able to see through that router to the internet; however, objects on the inside of the 3845 cannot see objects on the outside of the 3845 but the inside of the other router (or outside the other router, for that matter).

You did, however, explain what Paul meant about the firewall much better; I can give that a shot the next chance I get and get back with the forum here with the results.

Because you asked, yes, the Multilink IP is a public IP.

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to Baphijmm1

‎12-02-2014 02:10 AM

Your understanding is precisely backwards (which is reasonable, considering the hardware involved): the 3845 is behind another router, *not* directly connected to the internet.

I wasn't assuming the 3845 was connected to the internet. I was using your topology diagram you posted below ie. the 3845 is connected to a firewall which is connected to the multilink router which is connected to the internet.

Also I know the multilink IP is a public IP but I was asking about the fa0/0 interface on the multilink router.

Perhaps have another read of my post and please come back if it still doesn't make sense.

Jon

0 Helpful

Baphijmm1
Level 1
Level 1
In response to Jon Marshall

‎12-02-2014 02:11 AM

Sorry, I guess I'm a bit confused by your nomenclature; do you mean the FastEthernet0/0 interface? If so, yes, it, too, is a public IP.

I've had two people now assume the 3845 either wasn't seeing the outside, or was on the outside, or something to that effect; I guess I read into your wording what wasn't there. In that case, I was confused by your statement about the IP address on the gi0/0 and how it should be an outside address, missing the part where you'd mentioned the NAT-ing. Yes, the NAT is provided by the firewall. In any event, I'll certainly give that a look tomorrow when I'm not so clearly frazzled.

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to Baphijmm1

‎12-02-2014 02:25 AM

No problem, I may well not have explained it as clearly as I could.

If the fa0/0 interface on the multilink router is also a public IP then it definitely looks like the firewall is the issue for you.

It may be that the NAT setup is already there ie. it might be setup for all internal 192.168.x.x IPs and not just the 192.168.10.x IPs ie. the gi0/0 interface IP on the 3845.

And it may also be that the firewall allows all internal IPs through to the internet.

They both need checking but if they are already setup then you probably just need to add a route to the firewall so it knows how to get back to the 192.168.100.x subnet.

Jon

0 Helpful

Baphijmm1
Level 1
Level 1

‎11-28-2014 04:38 PM

Anyone else want to take a crack at this? It is supremely confusing that the configuration which, by all means, should work, doesn't seem to be.

0 Helpful
Customers Also Viewed These Support Documents