cannot ping from subnet A to subnet B for a specific host

Discussion in 'Cisco' started by soup_or_power, Aug 3, 2006.

  1. Hi
    I cannot ping 192.168.5.149 from 192.168.11.65 and vice-versa.
    The gateway for 192.168.5.149 is 192.168.5.1 and for 192.168.11.65 the
    gateway is 192.168.11.253

    Here is the router config


    Using 1165 out of 29688 bytes
    !
    version 12.0
    service timestamps debug uptime
    service timestamps log uptime
    service password-encryption
    !
    hostname Corp-WAN
    !
    enable secret 5 $1$Hfy0$HVtYn6SGr01RgJHPW33ZG.
    enable password 7 025701431B030C355946061400
    !
    ip subnet-zero
    ip name-server 141.155.0.68
    !
    !
    !
    !
    interface FastEthernet0/0
    ip address 192.168.11.253 255.255.255.0
    no ip directed-broadcast
    ip nat inside
    !
    interface Serial0/0
    ip address 192.168.254.1 255.255.255.0
    no ip directed-broadcast
    shutdown
    !
    interface FastEthernet0/1
    ip address 192.168.5.2 255.255.255.0
    no ip directed-broadcast
    ip nat outside
    !
    ip nat inside source list 2 interface FastEthernet0/1 overload
    ip nat inside source static 192.168.11.63 192.168.5.63
    ip nat inside source static 192.168.11.13 192.168.5.13
    ip nat inside source static 192.168.11.61 192.168.5.61
    ip nat inside source static 192.168.11.58 192.168.5.58
    ip classless
    ip route 0.0.0.0 0.0.0.0 192.168.5.1
    no ip http server
    !
    access-list 2 permit 192.168.11.0 0.0.0.255
    !
    line con 0
    password 7 0055161E145E08121A2943430C
    login
    transport input none
    line aux 0
    line vty 0 4
    password 7 0055161E145E08121A2943430C
    login
    !
    no scheduler allocate
    end


    I'd appreciate if you can kindly explain to me the router config.


    Thanks
     
    soup_or_power, Aug 3, 2006
    #1
    1. Advertisements

  2. This seems like a tough situation as I don't see any replies. BTW, the
    ip 192.168.5.1 belongs to a PIX firewall.
     
    soup_or_power, Aug 3, 2006
    #2
    1. Advertisements

  3. soup_or_power

    AM Guest


    From my point of view there is nothing strange...

    Alex.
     
    AM, Aug 3, 2006
    #3
  4. soup_or_power

    AM Guest


    From my point of view there is nothing strange...
    Try to enable "deb ip nat" and see if the router do the NAT.
    Be aware that such a debugging might overload the router depending on how much traffic you have

    Alex.
     
    AM, Aug 3, 2006
    #4
  5. Hi Alex
    How do I see the output of the command "deb ip nat"?

    Thanks
     
    soup_or_power, Aug 3, 2006
    #5
  6. soup_or_power

    AM Guest

    that enables the debugging of NAT translation. If you are connected to the router via telnet just type "term mon" and
    "term no mon" to disable it.

    Be prepared to a lot of garbage.

    Otherwise if you are in console the router should already display the translations.

    Alex.
     
    AM, Aug 3, 2006
    #6
  7. I don't see any output.
     
    soup_or_power, Aug 3, 2006
    #7
  8. Here is the network diagram
    Wave2WaveRouter
    |
    |
    Office firewall (192.168.5.1)
    |
    |
    office router
    |-------------------------------------------------------------------
    | |

    192.168.5.0 192.168.11.0
    192.168.5.10
    192.168.11.65
    192.168.5.149

    I can ping 192.168.5.10 from 192.168.11.65. But I cannot ping
    192.168.5.149 from 192.168.11.65.
     
    soup_or_power, Aug 3, 2006
    #8
  9. oops...the diagram didn't post as I typed. The host 192.168.11.65 was
    meant to be under 192.168.11.0

    Thanks
     
    soup_or_power, Aug 3, 2006
    #9
  10. Here is the network diagram
    Wave2WaveRouter
    |
    |
    Office firewall (192.168.5.1)
    |
    |
    office router
    |-------------------------------------------------------------------
    | |

    192.168.5.0 192.168.11.0

    192.168.5.10
    192.168.11.65
    192.168.5.149


    I can ping 192.168.5.10 from 192.168.11.65 but not 192.168.5.149
     
    soup_or_power, Aug 4, 2006
    #10
  11. Wasn't there already another thread on this problem? Why did you start
    a new one instead of continuing that one?
     
    Barry Margolin, Aug 4, 2006
    #11
  12. soup_or_power

    AM Guest

    Have you done a ping while monitoring?

    Alex.
     
    AM, Aug 4, 2006
    #12
  13. soup_or_power

    Grog Guest

    On your office router, do you have 192.168.5.x set up as a /24 network
    or do you break it out further?

    Do a sh ip ro 192.168.5.10 and a sh ip ro 192.168.5.149 and put
    the output from each back in a reply.

    Traceroute from 192.168.11.65 to the two 192.168.5.x IPs.

    The diagram makes it look like the firewall and the router are two
    different devices. Is that right?


    Grog
     
    Grog, Aug 4, 2006
    #13
  14. 192.168.5.x is set up as a /24 network
    Corp-WAN>sh ip ro 192.168.5.10
    Routing entry for 192.168.5.0/24
    Known via "connected", distance 0, metric 0 (connected, via
    interface)
    Routing Descriptor Blocks:
    * directly connected, via FastEthernet0/1
    Route metric is 0, traffic share count is 1

    Corp-WAN>sh ip ro 192.168.5.149
    Routing entry for 192.168.5.0/24
    Known via "connected", distance 0, metric 0 (connected, via
    interface)
    Routing Descriptor Blocks:
    * directly connected, via FastEthernet0/1
    Route metric is 0, traffic share count is 1


    Traceroute from 192.168.11.65 to 192.168.5.149
    Primary DNS: 192.168.5.10
    Failed to resolve Hop#1 [DNS Servers Reports Query Name Error]
    Time out!
    Failed to resolve Hop#50[DNS Server Reports Query Name Error]
    Timeout!

    Traceroute from 192.168.11.65 to 192.168.5.10
    Primary DNS: 192.168.5.10
    Failed to resolve Hop#1 [DNS Servers Reports Query Name Error]
    Failed to resolve Hop#50[DNS Server Reports Query Name Error]
    Finished Trace for 192.168.5.10

    BTW, I'm using Trellian Traceroute program.

    Yes. The outside ip of the firewall is 209.178.198.242 and the inside
    ip is 192.168.5.1

    Thanks
     
    soup_or_power, Aug 4, 2006
    #14
  15. Yes!
     
    soup_or_power, Aug 4, 2006
    #15
  16. Regarding traceroute for 192.168.5.149 this is how it looks in the main
    window of Trellian software
    192.168.11.253
    0.0.0.0

    Traceroute for 192.168.5.10 looks like
    192.168.11.253
    192.168.5.10

    I guess the traceroute for 192.168.5.149 has failed

    Regards
     
    soup_or_power, Aug 4, 2006
    #16

  17. I set the gateway on 192.168.5.149 to 192.168.5.2 (router's
    FastEthernet interface) and everything worked fine!

    Many thanks for your help.
     
    soup_or_power, Aug 4, 2006
    #17
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.