Newbie Simple routing question 2

[pvwdr]

I know this has got to be simple, I just have never done it before. I have two networks 10.0.0.0 255.255.0.0 and 10.1.0.0 255.255.0.0 and I need them to communicate via this Cisco 800 router. Below is my config (10.0.0.1 is my gateway to the internet on my firewall). From 10.0.3.171 I can ping 10.1.0.50 (Ethernet0 on router) but I can't get to anything else on the 10.1.0.0 network. From 10.1.3.50 I can ping 10.0.0.5 (ethernet1 on router) but nothing else on the 10.0.0.0 network. Nat is not enabled, at least I don't think it is. I am a bit confused. If anyone could help me find the way to freedom, I would greatly appreciate it.

Thank you,
Bill Rieger

#show ip route
Gateway of last resort is 10.0.0.1 to network 0.0.0.0

10.0.0.0/16 is subnetted, 2 subnets
C 10.0.0.0 is directly connected, Ethernet1
C 10.1.0.0 is directly connected, Ethernet0
S* 0.0.0.0/0 [1/0] via 10.0.0.1

#show running-config
interface Ethernet0
ip address 10.1.0.50 255.255.0.0
no cdp enable
hold-queue 32 in
hold-queue 100 out
!
interface Ethernet1
ip address 10.0.0.5 255.255.0.0
no cdp enable
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.0.0.1
ip route 10.0.0.0 255.255.0.0 Ethernet1 permanent
ip route 10.1.0.0 255.255.0.0 Ethernet0 permanent
ip http server
!

 

[IPKONFIG]

Sweet....can you ping the firewall interface from the 10.1.3.150 PC?

Sorry, but it's in my blood to troubleshoot everything...

"I can picture a world without war. A world without hate. A world without fear. And I can picture us attacking that world, because they'd never expect it."
- Jack Handey, Deep Thoughts

 

[pvwdr]

no, I can ping it from the router, but not from 10.1.3.150

 

[IPKONFIG]

Ah....that's because the routers interface is on the same subnet. Now why can it not traverse the router to get back to the 10.1.0.0 subnet.....hmmmm

Ok, I'm just guessing here. Does the firewall have the appropriate mask for the subnet that it's in? Or did it default to a class A?

"I can picture a world without war. A world without hate. A world without fear. And I can picture us attacking that world, because they'd never expect it."
- Jack Handey, Deep Thoughts

 

[pvwdr]

no, it has a subnet of 255.25.0.0, I set it up that way (sonicwall 330)

 

[pvwdr]

my bad ... 255.255.0.0, sorry

 

[IPKONFIG]

I'm not familiar with the Sonicwall 330. But since your router is functioning correctly between the subnets. I think its safe to say that it is probably a firewall issue or the PC is not set up to use the internet. Was the PC working on the internet before?

"I can picture a world without war. A world without hate. A world without fear. And I can picture us attacking that world, because they'd never expect it."
- Jack Handey, Deep Thoughts

 

[IPKONFIG]

I'm assuming that you have the firewall set up so that it knows about network 10.0.0.0 to send all this traffic to the 10.0.0.5 interface on the router. And all other traffic out to the WAN or ISP gateway.

If it was me...I'd have the firewall dump the entire class A network to my ethernet interface on my router for the subnet of 10.0.0.0 Which is the 10.0.0.5 interface. Let the router sort it out from there. The router will put all packets destined for 10.0.0.0 back out its interface that it learned it from (don't worry about IP split horizon here since your not running routing protocols) and packets destined for 10.1.0.0 it will route to its other ethernet interface of 10.1.0.50.

"I can picture a world without war. A world without hate. A world without fear. And I can picture us attacking that world, because they'd never expect it."
- Jack Handey, Deep Thoughts

 

[pvwdr]

I had to set up a route in my firewall, just as you suspected ... I am communicating back and forth and surfing from both networks ... If you guys were here I would buy you a cup of coffee ... thank you very much!!!!!!!!!!!!!

 

[ChicagoJim]

Good to see your config issues were solved.

As a side note, I noticed that you have the HTTP server enabled on the router. If you don't use it, disable it (no ip http server). Certain versions of the server are vulnerable to a new buffer overflow exploit.

Cisco has more information about it at:

http://www.cisco.com/warp/public/707/cisco-sn-20030730-ios-2gb-get.shtml

 

[IPKONFIG]

Change your VTY password. That's crackable. Just to show you....here it is: J&Ddmc65!@

"I can picture a world without war. A world without hate. A world without fear. And I can picture us attacking that world, because they'd never expect it."
- Jack Handey, Deep Thoughts

 

[Jamesharris10]

I have two subnets 10.62.0.0 and 10.62.2.0 255.255.254.0

I would like to connect them together using a serail interface on each router. My set up is below, what IP routes would I need to conenct these two subnets together

Subnet 1 Serial 1 10.62.2.0


Subnet 2 Serail 1 10.62.0.0

 

[IPKONFIG]

Well for starters your valid subnets for the IP addresses that you have listed would be:
10.62.0.0 = Subnet address
10.62.0.1 - 10.62.1.254 = valid hosts
10.62.1.255 = broadcast
------------------------------
10.62.2.0 = Subnet address
10.62.2.1 - 10.62.3.254 = valid hosts
10.62.3.255 = broadcast

Your subnets look good, all you need to do is hook them up like this:

10.62.0.0 (S1)[Router](S0)--------(S0)[Router](S1)10.62.2.0

You have to have another subnet between the routers. Or you can use IP un-numbered if you don't want to use any more IP addresses. If you want them to communicate, run a routing protocol. Hope this helps.

"I can picture a world without war. A world without hate. A world without fear. And I can picture us attacking that world, because they'd never expect it."
- Jack Handey, Deep Thoughts