Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

firewall or switch problem???

Status
Not open for further replies.
techalum

techalum

IS-IT--Management
Oct 11, 2006
38
US
Hello all.

I am a final step away from getting this network up. The problem that I am having is with the inside interface of a firewall. At least I think that is the problem. I can go into the firewall and ping the inside interface without a problem. I can also ping out to the internet.

But the firewall and the switch can't ping each other.

Any suggestions?
 
Sort by date Sort by votes
Post configs. Can you ping like this...

firewall---switch---pc\

From pc to firewall?

Burt
 
Upvote 0 Downvote
Here is the switch:

sh run
Building configuration...

Current configuration:
!
version 12.0
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname test-dal
!
enable password xxxx
!
username xxxx password 0 xxxx
!
!
!
!
!
ip subnet-zero
ip domain-list chicago.com
ip domain-list focus.com
ip domain-name focus.com
ip name-server 192.168.169.21
ip name-server 192.168.169.22
!
!
!
interface FastEthernet0/1
duplex full
spanning-tree portfast
!
interface FastEthernet0/2
duplex full
spanning-tree portfast
!
interface FastEthernet0/3
duplex full
spanning-tree portfast
!
interface FastEthernet0/4
duplex full
spanning-tree portfast
!
interface FastEthernet0/5
duplex full
spanning-tree portfast
!
interface FastEthernet0/6
duplex full
spanning-tree portfast
!
interface FastEthernet0/7
duplex full
spanning-tree portfast
!
interface FastEthernet0/8
duplex full
spanning-tree portfast
!
interface FastEthernet0/9
duplex full
spanning-tree portfast
!
interface FastEthernet0/10
duplex full
spanning-tree portfast
!
interface FastEthernet0/11
description SWITCH UPLINK
duplex full
!
interface FastEthernet0/12
description SWITCH UPLINK
duplex full
!
interface FastEthernet0/13
description Uplink to Cisco 2924-Kitchen-bottom 192.169.169.6
duplex full
speed 100
spanning-tree portfast
!
interface FastEthernet0/14
duplex full
spanning-tree portfast
!
interface FastEthernet0/15
duplex full
spanning-tree portfast
!
interface FastEthernet0/16
duplex full
spanning-tree portfast
!
interface FastEthernet0/17
duplex full
spanning-tree portfast
!
interface FastEthernet0/18
duplex full
spanning-tree portfast
!
interface FastEthernet0/19
duplex full
spanning-tree portfast
!
interface FastEthernet0/20
duplex full
spanning-tree portfast
!
interface FastEthernet0/21
duplex full
spanning-tree portfast
!
interface FastEthernet0/22
duplex full
spanning-tree portfast
!
interface FastEthernet0/23
spanning-tree portfast
!
interface FastEthernet0/24
spanning-tree portfast
!
interface VLAN1
ip address 192.168.169.3 255.255.255.0
no ip directed-broadcast
no ip route-cache
!
ip default-gateway 192.168.169.2
!
line con 0
password xxx
login
transport input none
stopbits 1
line vty 0 4
password xxx
login
line vty 5 15
password xxx
login
!
end

test-dal#
 
Upvote 0 Downvote
Is this trunked to the kitchen switch? I assume you are trying 192.168.169.3, right? If so, from what?

Burt
 
Upvote 0 Downvote
Port 13 will be used to connect to another switch.
this switch connects to firewall via cross over cable
firewall ip on its inside interface is 192.168.169.2
 
Upvote 0 Downvote
here is the inside interface info for the pix


access-list inside_in remark __ Traffic from INSIDE permitted to:

access-list inside_in remark __

access-list inside_in remark __ Ping IDCDMZ and IDCSabre to itself:

access-list inside_in permit icmp 192.168.174.0 255.255.255.0 192.168.173.0 255.255.255.0

access-list inside_in permit icmp 192.168.173.0 255.255.255.0 192.168.173.0 255.255.255.0

access-list inside_in remark __

access-list inside_in remark __ Ping IDCDMZ to/from CorpDMZ

access-list inside_in remark __

access-list inside_in permit icmp 10.100.1.0 255.255.255.0 192.168.173.0 255.255.255.0
access-list inside_in permit icmp 192.168.173.0 255.255.255.0 10.100.1.0 255.255.255.0

access-list inside_in remark __

access-list inside_in remark __ All CorpDMZ traffic to IDCDMZ

access-list inside_in remark __

access-list inside_in permit ip 10.100.1.0 255.255.255.0 192.168.173.0 255.255.255.0

access-list inside_in remark __

access-list inside_in remark __ Inside segment, TF Corp, NVPN, Chicago can PING anywhere

access-list inside_in remark __

access-list inside_in permit icmp 192.168.172.0 255.255.255.0 any

access-list inside_in permit icmp 192.168.169.0 255.255.255.0 any

access-list inside_in permit icmp 70.250.120.0 255.255.255.0 any

access-list inside_in permit icmp 10.200.32.0 255.255.255.0 any

access-list inside_in permit icmp 10.200.20.0 255.255.255.0 any

access-list inside_in remark __

access-list inside_in remark __ PING Sabre Segment

access-list inside_in remark __

access-list inside_in permit icmp 151.193.141.0 255.255.255.0 10.254.254.0 255.255.255.0

access-list inside_in remark __

access-list inside_in remark __ Allow all traffic from inside into the DMZ

access-list inside_in remark __

access-list inside_in permit ip 192.168.172.0 255.255.255.0 192.168.173.0 255.255.255.0

access-list inside_in permit ip 192.168.169.0 255.255.255.0 192.168.173.0 255.255.255.0

access-list inside_in remark __

access-list inside_in remark __ Allow web browsing and POP3 email outbound
access-list inside_in remark __

access-list inside_in permit tcp any any object-group www

access-list inside_in permit tcp any any eq 1434

access-list inside_in permit tcp any any object-group pop-www

access-list inside_in remark __

access-list inside_in remark __ Allow SMTP out from Exchange Server

access-list inside_in remark __

access-list inside_in permit tcp host 192.168.169.23 any eq smtp

access-list inside_in permit tcp host 192.168.169.24 any eq smtp

access-list inside_in permit tcp host 192.168.169.15 any eq smtp

access-list inside_in remark

access-list inside_in remark __ Allow SMTP out from Barracuda

access-list inside_in remark __

access-list inside_in permit tcp any eq smtp host 192.168.174.3

access-list inside_in remark __

access-list inside_in remark __ Allow SMTP out from Ex3 and HTTP3

access-list inside_in remark __

access-list inside_in permit tcp host 10.100.1.66 eq smtp host 192.168.172.15

access-list inside_in permit tcp host 10.100.1.69 eq smtp host 192.168.172.15

access-list inside_in remark __

access-list inside_in remark __ Permit DNS for all systems

access-list inside_in remark __

access-list inside_in permit udp any any eq domain

access-list inside_in permit tcp any any eq domain

access-list inside_in remark __

access-list inside_in remark __ Permit DNS for all systems

access-list inside_in remark __

access-list inside_in permit tcp any any eq ssh

access-list inside_in remark __

access-list inside_in remark __ Allow Inside/VPN clients to RDP to DMZ/Internet Servers

access-list inside_in remark __

access-list inside_in permit tcp 192.168.169.0 255.255.255.0 any eq 3389

access-list inside_in permit tcp 192.168.172.0 255.255.255.0 any eq 3389

access-list inside_in permit tcp 10.0.0.0 255.0.0.0 any eq 3389

access-list inside_in deny tcp any any eq 3389

access-list inside_in remark __

access-list inside_in remark __ Permit VNC Out to remote viewers (IDCO Support)

access-list inside_in remark __

access-list inside_in permit tcp any any eq 5500

access-list inside_in remark __

access-list inside_in remark __ Permit Access to GALILEO

access-list inside_in remark __

access-list inside_in permit ip any object-group GALILEO

access-list inside_in permit esp any object-group GALILEO

access-list inside_in remark __

access-list inside_in remark __ Blackberry Ports

access-list inside_in remark __

access-list inside_in permit tcp any any eq 3101

access-list inside_in permit udp any any eq 3101

access-list inside_in remark __

access-list inside_in remark __

access-list inside_in remark __ Phone VOIP from Internet

access-list inside_in remark __

access-list inside_in permit tcp any eq 5566 any

access-list inside_in permit udp any eq 5567 any

access-list inside_in permit udp any object-group voip any

access-list inside_in remark __

access-list inside_in remark __ Amadeus Ports

access-list inside_in remark __

access-list inside_in remark __

access-list inside_in remark __

access-list inside_in permit udp any any eq 443

access-list inside_in permit tcp any any eq 1503

access-list inside_in permit udp any any eq 1503

access-list inside_in permit tcp any any eq 9876

access-list inside_in permit udp any any eq 9876

access-list inside_in permit tcp any any eq 522

access-list inside_in permit udp any any eq 522

access-list inside_in permit tcp any any eq ldap

access-list inside_in permit udp any any eq 389

access-list inside_in permit tcp any any eq h323

access-list inside_in permit udp any any eq 1720

access-list inside_in permit tcp any any eq 1731

access-list inside_in permit udp any any eq 1731

access-list inside_in remark __

access-list inside_in permit udp any object-group voip2 any

access-list inside_in permit tcp host 192.168.169.36 any eq smtp

access-list inside_in permit udp host 192.168.172.6 any object-group voip

access-list inside_in permit udp host 192.168.172.6 object-group voip any

access-list inside_in permit udp host 192.168.172.10 any object-group voip

access-list inside_in permit udp host 192.168.172.10 object-group voip any

access-list inside_in permit udp host 192.168.172.6 any eq 5567

access-list inside_in permit udp host 192.168.172.6 eq 5567 any

access-list inside_in permit udp host 192.168.172.10 any eq 5567

access-list inside_in permit udp host 192.168.172.10 eq 5567 any

access-list inside_in permit tcp host 192.168.172.6 any eq 5566

access-list inside_in permit tcp host 192.168.172.6 eq 5566 any

access-list inside_in permit tcp host 192.168.172.10 any eq 5566

access-list inside_in permit tcp host 192.168.172.10 eq 5566 any

access-list inside_in permit tcp host 192.168.172.6 any eq 5570

access-list inside_in permit tcp host 192.168.172.6 eq 5570 any

access-list inside_in permit tcp host 192.168.172.10 any eq 5570

access-list inside_in remark __

access-list inside_in permit tcp host 192.168.172.10 eq 5570 any

access-list inside_in permit ip host 192.168.172.6 any

access-list inside_in permit ip host 192.168.172.10 any

access-list inside_in permit tcp host 192.168.172.15 any eq smtp

access-list inside_in remark __

access-list inside_in permit ip 10.100.20.0 255.255.255.0 10.100.1.0 255.255.255.0

access-list inside_in permit ip 10.100.1.0 255.255.255.0 10.100.20.0 255.255.255.0

access-list inside_in permit tcp any host 65.82.131.45 eq 10021

access-list inside_in remark __ opened per Steve Edgerton 05/29/07

access-list inside_in permit tcp host 192.168.173.5 any eq www

access-list inside_in permit tcp host 192.168.173.5 any eq https

access-list inside_in permit tcp host 192.168.173.5 any object-group www

access-list inside_in permit tcp host 192.168.173.5 any

access-list inside_in permit ip host 192.168.173.5 host 192.168.169.26

access-list inside_in permit ip host 192.168.169.26 host 192.168.173.5

access-list inside_in permit tcp host 192.168.173.5 host 192.168.169.26 range 1433 1434

access-list inside_in permit tcp host 192.168.169.26 host 192.168.173.5 range 1433 1434

access-list inside_in permit tcp any eq 1433 host 192.168.173.5

access-list inside_in permit tcp any eq 1433 host 192.168.169.26

access-list inside_in permit tcp any eq 1434 host 192.168.169.26

access-list inside_in permit tcp any eq 1434 host 192.168.73.56

access-list inside_in remark NEW PORTS OPENED FOR SABRE 7/9/2007

access-list inside_in permit tcp any any eq 30030

access-list inside_in permit tcp any any eq 30031

access-list inside_in permit tcp any any eq 30032

access-list inside_in permit tcp any any eq 30051

access-list inside_in remark PORTS opened for WORLDSPAN 07/31/07

access-list inside_in permit tcp any any eq 4000

access-list inside_in permit tcp any any eq 4002

access-list inside_in permit tcp any any eq 2021

access-list inside_in remark inter-tel license site

access-list inside_in permit tcp any any eq 8888
access-list INSIDE remark ... Inside to the Internet OUTBOUND rule

access-list INSIDE remark ... GALILEO

access-list INSIDE permit udp host 192.168.169.56 eq isakmp object-group GALILEO eq isakmp

access-list INSIDE permit esp host 192.168.169.56 object-group GALILEO

access-list INSIDE permit tcp any any eq 4500

access-list INSIDE permit udp any any eq 4500

access-list INSIDE permit ip any host 198.151.32.105

access-list INSIDE remark ...

access-list INSIDE permit ip 192.168.169.0 255.255.255.0 10.200.0.0 255.255.0.0

access-list INSIDE permit ip 192.168.169.0 255.255.255.0 10.100.20.0 255.255.255.0

access-list INSIDE permit ip 192.168.169.0 255.255.255.0 192.168.170.0 255.255.255.0

access-list INSIDE permit udp host 192.168.169.35 gt 1024 host 216.166.54.1 eq snmp

access-list INSIDE permit tcp host 192.168.169.16 any eq smtp

access-list INSIDE permit tcp host 192.168.169.15 any eq smtp

access-list INSIDE permit tcp host 192.168.169.17 any eq smtp

access-list INSIDE permit tcp host 192.168.169.23 any eq smtp

access-list INSIDE permit tcp host 192.168.169.24 any eq smtp

access-list INSIDE permit tcp host 192.168.169.19 any eq smtp

access-list INSIDE deny tcp any any eq smtp log

access-list INSIDE permit object-group tcp-udp 192.168.169.0 255.255.255.0 any object-group ALL-ACCESS

access-list INSIDE permit ip 192.168.169.0 255.255.255.0 151.193.130.0 255.255.255.0

access-list INSIDE permit ip 192.168.169.0 255.255.255.0 151.193.141.0 255.255.255.0

access-list INSIDE permit icmp any any

<--- More --->

access-list INSIDE remark .. Allow any other outbound traffic not blocked above

access-list INSIDE permit ip any any

access-list INSIDE permit tcp any any eq 3101

access-list INSIDE permit udp any any eq 3101

access-list INSIDE permit tcp any any eq 5566

access-list INSIDE permit udp any any eq 6004

access-list INSIDE permit udp any any eq 6005

access-list INSIDE permit udp any any eq 5567

access-list INSIDE permit tcp any any eq 4000


ip address outside 12.156.45.34 255.255.255.224

ip address inside 192.168.169.2 255.255.255.0


 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Skip Rango
  • Locked
  • Question
how to backup cisco sg500-52p switch
Replies
1
Views
238
madwok
madwok
DavidSigma
  • Locked
  • Question
CP7861 problem
Replies
0
Views
118
DavidSigma
DavidSigma
khashyar2021
  • Locked
  • Question
Problem with cisco switch after upgrading
Replies
1
Views
134
Geraldine Souza
Geraldine Souza
bfordz
  • Locked
  • Question
new help on setting up third party VoIP phones through Catalyst 2960x switch
Replies
0
Views
114
bfordz
bfordz
Lccarter
  • Locked
  • Question
Cisco CUCM Provisioning and Order Management System
Replies
1
Views
154
Lccarter
Lccarter

Part and Inventory Search

Sponsor

Back
Top