«

Dear All,

I'm stuck with a problem encountered recently, hope the kind souls here
could give me a clue to the problem.

Currently we have a 64kbps circuit to a remote site and we have plan to
move it to a new circuit (T1) on a new router. I have recently
performed a test on a new circuit (faster) on the new router to the
remote site.

I configured the new router on the T1 having the same internal
interface IP address so that I do not have to change the default
gateway on the clients configured with static addresses. I did the
switch by disconnecting the link on the router connected to the 64kbps.

All went well except only a single host at secured vlan20 and another
host at the remote site have problems connecting to each other.The
affected host on vlan20 has no problems connecting to the other hosts
at the remote site.

The connectivety between the other secured vlans to the hosts at the
remote site is fine.

host on vlan20--FWSM--6509--Checkpoint--1721--{IPVPN}--1721--Remote
Site

I have cleared the arp-cache on the connected routers/switches/hosts
and even reloaded the devices but it didnt help. traceroute from the
remote site stops at the 6509 core switch and I dont see anything
hitting vlan20 from the FWSM logs. I do see outgoing traffic from the
host on vlan20 hitting the access-list created on the FWSM but it didnt
even hit the checkpoint firewall. It looks likes the traffic stops at
the 6509 but there are no access list applied.

I'm missing out on something after the change. Strange that it only
happens on this particular host. Hope you guys could advise me.

Thanks,
latour

Misconfigured IP gateway on host with problem ???

Is proxy ARP enabled on current router ?

Is proxy ARP disabled on new router ?

I

Misconfigured IP gateway on host with problem ???

Is proxy ARP enabled on current router ?

Is proxy ARP disabled on new router ?

I

Merv wrote:
> Misconfigured IP gateway on host with problem ???
>
> Is proxy ARP enabled on current router ?
>
> Is proxy ARP disabled on new router ?
>
>

Hi Merv,

Thanks for the reply.

1. Gateway is configured correctly
2. Proxy ARP disabled
3. Proxy ARP disabled.

Proxy ARP is enabled on the FWSM.

Thanks!

Might I suggest creating an simple access-list with the offending
host's IP address and running a 'debug ip packet detail' to see what's
happening to the packets on the 6509? This should be able to tell you
if you if it's being routed incorrectly for some reason. Also, do you
have any sort of policy routing enabled? That could possibly create
issues.

Thanks,
Phillip

wrote:
> Merv wrote:
> > Misconfigured IP gateway on host with problem ???
> >
> > Is proxy ARP enabled on current router ?
> >
> > Is proxy ARP disabled on new router ?
> >
> >
>
> Hi Merv,
>
> Thanks for the reply.
>
> 1. Gateway is configured correctly
> 2. Proxy ARP disabled
> 3. Proxy ARP disabled.
>
> Proxy ARP is enabled on the FWSM.
>
> Thanks!

In article <. com>,
"" <> wrote:

> Might I suggest creating an simple access-list with the offending
> host's IP address and running a 'debug ip packet detail' to see what's
> happening to the packets on the 6509? This should be able to tell you
> if you if it's being routed incorrectly for some reason. Also, do you
> have any sort of policy routing enabled? That could possibly create
> issues.

Another troubleshooting step would be to run traceroutes in both
directions, and see how far each one gets.

>
> Thanks,
> Phillip
>
> wrote:
> > Merv wrote:
> > > Misconfigured IP gateway on host with problem ???
> > >
> > > Is proxy ARP enabled on current router ?
> > >
> > > Is proxy ARP disabled on new router ?
> > >
> > >
> >
> > Hi Merv,
> >
> > Thanks for the reply.
> >
> > 1. Gateway is configured correctly
> > 2. Proxy ARP disabled
> > 3. Proxy ARP disabled.
> >
> > Proxy ARP is enabled on the FWSM.
> >
> > Thanks!

--
Barry Margolin,
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***