Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

IP routing problems

Status
Not open for further replies.
TKjoernes

TKjoernes

Technical User
Nov 2, 2002
2
NO
Hi, I have a test-setup at home with routing problems. I've basically got four logical IP subnets:

80.232.101.128/.224 (Internet)
192.168.200.0 /.0 (LAN1)
192.168.201.0 /.0 (LAN2)
192.168.100.0 /.0 (LAN3)

I've got one computer with Windows 2000 Server on it, with two network cards, one connected to the internet (Wireless PCMCIA card) with IP 80.232.101.131 (gateway .129), and another card connected to LAN1 with IP 192.168.200.10. This computer is running NAT.

Then I've got a second computer connected to LAN1 with IP 192.168.200.12 and LAN2 with IP 192.168.201.12.

Now, then I have a Symantec Firewall/VPN 100 box connected with the WAN-port to the LAN2 subnet and given IP 192.168.201.1. This box is also running NAT.

The Symantec-box then has a LAN-interface with IP 192.168.100.1 and DHCP range of 192.168.100.50 to .254. My third computer gets an IP 192.168.100.50 from this box.

From the third computer, i can successfully access (PING) the symantec box at both LAN and WAN interfaces, and I can also access the second computer at both interfaces, in other words the following PINGs work:

ping 192.168.100.1
ping 192.168.201.1
ping 192.168.201.12
ping 192.168.200.12

but... I cannot get past the second computer, and thereby access the internet nor the gateway-PC on LAN1 (192.168.200.10). Please not that the second computer (with IP 192.168.200.12 and .201.12) CAN access the internet.

Can anybody please help me?
 
Sort by date Sort by votes
I guess that I have a few questions. First would be is IP forwarding turned on on Box 2?

Next I would ask why you have ANY boxes that are not behind the Firewall.

I would also want to know what NAT addresses you were assigning on the outbound side of your Symantec firewall. It really doesn't make any sense at all to NAT an interface that is not Internet attached, unless you are using it to attach two RFC 1918 addressed networks with conflicting address spaces.

Also, as far as I know, you have to use a resolvable address (no NAT) for a VPN appliance because the certificate is tied to the IP address.

Are you just trying to see how fast the outside two boxes get hacked?

pansophic
 
Upvote 0 Downvote
Sorry for wasting anybody's time here, I found the problem.

I'm not using any kinds of RIP on my network, so I needed to add a static route the gateway PC (192.168.200.10), otherwise all replies got sent to the default gateway.

Thanks for the effor.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

CryptoTuke
  • Locked
  • Question
Maximum buffer size on Winsock for sending one block of data over TCP / IP
Replies
1
Views
758
maybeimaleo
maybeimaleo
jmarkus
  • Locked
  • Question
Can I have a different private IP address which isn't on my router's subnet?
Replies
6
Views
637
sbcsu
sbcsu
Demon Monkey
  • Locked
  • Question
Whitelisting varying IP address?
Replies
2
Views
563
SamBones
SamBones
uuunnniiixxx
  • Locked
  • Question
Fieldbus vs TCP/IP
Replies
2
Views
417
meneerB
meneerB
TheFaz_
  • Locked
  • Question
Sending udp packets from fpga to the computer using Lwip tcp/ip stack using C programming
Replies
0
Views
515
TheFaz_
TheFaz_

Part and Inventory Search

Sponsor

Back
Top