Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

NAT, RFC 1918, and Routing Problems

Status
Not open for further replies.
lberdick

lberdick

IS-IT--Management
Jun 20, 2002
12
US
Hey Guys,

I just need a conformation of what my hypothesis of why some of my remote sites can not ping the outside world. The "genius" NetAdmin that was here before me decided to use 150.150.XXX.XXX as its NATed private subnet scheme. We don't own 150.150.XXX.XXX - some place in Korea has that whole Class B. We have brought several sites up recently and I made their IP scheme 192.168.XXX.XXX which is typical for a remote scheme. Also, The IP scheme network between the serial interfaces on the routers is 192.168.1.XXX.

Here is where the problem exists - The firewall sits on 150.150.101.10 which works fine from a 150.150.XXX.XXX node for http, ftp, etc. requests. However, if I'm coming from a 192.168.10.2 address the only way I can get out to the Internet is to go through a 150.150.XXX.XXX proxy. I can understand maybe why a Layer 7 protocol can't go out, however; I can't do any ICMP echo to any outside address from the 192 network.

Well this post is kind of winded - but if anyone can confirm this bizarre situation or point to a work around besides converting the site over to a proper public IP scheme (Im working on that) let me know thanks
 
Sort by date Sort by votes
Is the firewall not set up to NAT the 192.168 network? Have you checked the logs on the firewall to see if it can see traffic from the 192.168 network, and if so is it just dropping it on a rule?

Chris.
**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************
 
Upvote 0 Downvote
No the firewall is not NAT to 192.168 because the core site (Which has the firewall) in NATed to 150.150. I haven't really looked at the logs - its a watchguard firewall and only go into the concentrator on a limited basis.
 
Upvote 0 Downvote
If the firewall see's a request from 192.168.x.y then it's not going to NAT it. When you go through the proxy the firewall see's the request from the proxy and not your client, so it NAT's the packets because it's configured to NAT 150.150.x.y addresses, and not 192.168.x.y addresses.

Chris.
**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Pankaj88
  • Locked
  • Question
BGP Routing Clarification
Replies
0
Views
109
Pankaj88
Pankaj88
Lccarter
  • Locked
  • Question
Cisco CUCM Provisioning and Order Management System
Replies
1
Views
136
Lccarter
Lccarter
mikey789
  • Locked
  • Question
Can 4000-M Routing VLANs ?
Replies
0
Views
70
mikey789
mikey789
acabezas2014
  • Locked
  • Question
Need to create QoS for SNMP and Radius traffic on Cisco 4948 Switches
Replies
0
Views
73
acabezas2014
acabezas2014
mutantx
  • Locked
  • Question
CiscoVG202 and Vertical PBX - routing calls
Replies
0
Views
66
mutantx
mutantx

Part and Inventory Search

Sponsor

Back
Top