Problem accessing internet

[tabularasa]

Ok, im having what i think to be a simple problem and hopefully you guys can help me out quickly

4 interfaces

LAN - 10.10.0.x
DMZ - 10.10.1.x
WAN1 - 63.x.x.x
WAN2 - 65.x.x.x

Im using a Nokia IP530 with Ipso 3.6 with NG FP2. i have no rule base set up in the policy editor (ie. any any accept). i am unable to get on the internet.

i have a static IP set up for my one machine, 10.10.0.110. The default gateway is the LAN port in the 530 '10.10.0.240'

i have DNS set up to 198.1.6.3 198.1.6.4 and 198.1.6.5.

i have a static route (last resort) to 65.x.x.x (which is a Cisco router ehternet interface [T1])

i cant ping the default route.

i cant nslookup to yahoo.com

tracert goes to 10.10.0.240 then stops.

HELP!

 

[tabularasa]

In the log it shows that it is dropping packets from the 530 to the router.

hence why i cant ping it.

suggestions?

 

[Piloria]

dont worry about the ping packets (you have to enable icmp in the firewall object and again in the general properties)
(trace routes on fp2 are a pain in the a** they never get past the firewall unless you are using a unix trace)

1. remove the static route
2. make sure you have a rule base (nothing = any any drop)
put a rule in (any any accept)

3. on the 10.10.0.110 object go to the NAT tab and set to hide and use the option to use external interface IP (unless you have a spare valid IP number then hide behind that.

 

[tabularasa]

I have a DNS issue also, i think.

i telneted into the 530 and i can not nslookup yahoo.com. this is boggling my mind. i do a traceroute and it its 10.10.0.240 and stops. :-(

My rule base has one rule. any any accept.

should i ping both of the routers that have the T1s? on WAN1 and WAN2 and both connected to Ciscos with T1s. i can not even traceroute to my DNS servers 198.6.1.5 198.6.1.4.

sounds like layer one. but its not. do i need x-over cables to WAN1 and WAN2 to the switch? or one from the Cisco to the switch?

help!

Thanks!

 

[Piloria]

if you are using a switch you dont need crossover cables at all. only when linking 2 network ports without a hub or switch do you need crossover.

i am presuming the interface cards on the nokia are configured with the cisco router on its T1 as their gateways.

in the routing table of the nokia what is the default route? 0.0.0.0 mask 0.0.0.0 this will be the primary route out and should have one of the ciscos IP addresses as its gateway. (dont code this if you setup is right the nokia will generate them)

 

[tabularasa]

""""""i am presuming the interface cards on the nokia are configured with the cisco router on its T1 as their gateways.""""""

how can you configure gateways on individual interfaces on the nokia. if you can, than this might solve my problem.

i hade the default route 0.0.0.0 mask 0.0.0.0 to 65.x.x.x which is the ethernet interface of one of the ciscos...

 

[Piloria]

on the nokia in its TCP/IP configuration where it will have information on its Nic's the Wan links will have
WAN1 - 63.x.x.x
Mask 255.255.255.???
Gateway 63.x.x.y

WAN2 - 65.x.x.x
Mask 255.255.255.???
Gateway 65.x.x.y

where y is the IP address of the Ciscio routers

 

[tabularasa]

OK,

there is no way to configure a gateway for individual interfaces on the nokia. I can set up a static default route, but like i said, when i do that i cant even ping it. :-(

 

[Piloria]

Going backa few you say you have a dns problem - it is the same problem it cant get to ythe internet so it cant get to the dns servers.

is there anyway you can get your routing table printed this might help me trace the problem ( i wouldnt ask you to post it her but to email it it me)

alltsec@yahoo.co.uk

 

[tabularasa]

Piloria,

I Thank you for your dedication to helping me with this problem. I now have some new information that could shed some light on the subject.

Ok, i disabled all the Checkpoint packages on the Nokia. then i got the routing to work by setting the default gateway to 65.x.x.x. Now my local machine can get on the internet. great! so, i re-enabled the packages, and i can still get on the internet. great! ok, i push the policy, any any accept, and i can still get on the internet. great!

ok, now the bad part. i unplug to old firewall (sonicwall), and plug back in the new one(ip530), and crap! i cant get on the internet again. :-(

i cant ping the WAN interfaces. even though they are plugged into the same switch right next to each other!

This must be puzzling to you, because i know it is to me!

Anymore information i can give you?

 

[Piloria]

does the new nokia have the same IP address as the sonicwall?

 

[Piloria]

if not you might need to change the gateway on the internal interface of the wan router