[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [FW1] Is the Firewall the problem???
Sounds like routing issues to me, not the firewall. The PC on the London
Network apparently knows where to send the ping requests, but the routers
further down the chain may not know where to send the responses. For
example, you said the PC can ping 10.6.0.1 (the network side of MF2610), but
nothing else on the 10.6.0.0 network. That would indicate that the devices
on that network have no clue where to send traffic destined for 10.5.0.0.
Have you set up default gateways correctly? Are the routers exchanging
routing tables via RIP or OSPF? We could figure this out better if we knew
the routing configuration of the 2610s and the 1601s, as well as the default
gateways for other devices on the Luton and Hitchin networks.
As this appears to be a routing issue rather than a firewall issue, why
don't you take this offline with me and I'll help you as best I can, okay?
Ray Lodato
NEF Information Services
617-578-3197
rlodato@nefn.com
> -----Original Message-----
> From: Steve Thompson [SMTP:steve@proscript.co.uk]
> Sent: Thursday, March 02, 2000 7:43 AM
> To: fw-1-mailinglist@lists.us.checkpoint.com
> Subject: [FW1] Is the Firewall the problem???
>
>
> I am having a problem with someone who has supplied us with a couple of
> Cisco routers. Here's the network layout
>
> Internet
> |
> Cisco 2610 (provided by ISP)
> |
> FW-1
> |
> London Network
> |
> Cisco 2610 (LON2610)
> |
> | 2Mb Data Line
> |
> Cisco 2610 (MF2610)
> |
> Luton Network
> |
> Cisco 1601 (MF1601)
> |
> | 256k Data line
> |
> Cisco 1601 (SP1601)
> |
> Hitchin Network
>
>
> London Network: 10.5.0.0 mask 255.255.0.0
> Luton Network: 10.6.0.0 mask 255.255.0.0
> Hitchin Network: 10.7.0.0 mask 255.255.0.0
>
> The FW-1 is a NT box.
>
> The IP addresses are as follows:
>
> FW-1 Internal interface 10.5.0.1
> LON2610 10.5.0.2
> MF2610 10.6.0.1
> MF1601 10.6.0.2
> SP1601 10.7.0.1
>
> The firewall has the following routes (among others)
> Dest Mask Gateway Interface
> 10.6.0.0 255.255.0.0 10.5.0.2 10.5.0.1
> 10.7.0.0 255.255.0.0 10.5.0.2 10.5.0.1
>
> Now, to the point.
>
> If you telnet to LON2610 (10.5.0.2) you can ping 10.6.0.1, 10.6.0.2 and
> 10.7.0.1
>
> From a PC at the London office, you can ping 10.5.0.2 and 10.6.0.1, but no
> other devices on the 10.6.0.0 and nothing on the 10.7.0.0 network
>
> If you telnet to MF2610 (10.6.0.1) you can ping 10.5.0.2 but nothing else.
>
> The supplier maintains it's our firewall (which they supplied, but I
> configured) When asked why they think it's the firewall, they give an
> answer
> along the lines of "Don't know, but it is"
>
> Has anyone seen this before? I'll happily part with any other info on
> this.
> If you want to see the running configs or the firewall configuration,
> please
> say..
>
>
>
>
>
>
> ==========================================================================
> ======
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ==========================================================================
> ======
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
|
