Problem connecting to Internet, please help

[Poloboy]

Ok, Here is my situation. Currently, I watchguard firebox which allow everyone to the internet (which working fine). Now, I'm implementing Cisco 2611 Router behind the firebox and now nobody has internet access. Internet --> Firebox --> Cisco 2611 --> internal LAN. Firebox External IP xxx.xxx.16.87 Internal IP 192.168.6.1...

Here are configurations for 2611:
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Main
!
enable password xxxxx
!
ip subnet-zero
!
!
no ip domain-lookup
ip host main xxx.xxx.xxx.2
ip host Site1 xxx.xxx.110.2
ip host Site2 xxx.xxx.111.2
ip name-server xxx.xxx.x.11
!
!
!
!
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
speed 100
full-duplex
!
interface Serial0/0
description connected to Site1
ip address xxx.xxx.110.1 255.255.255.0
!
interface FastEthernet0/1
description connected to Firebox
ip address 192.168.6.2 255.255.255.0
speed 100
full-duplex
!
interface Serial0/1
description connected to Site2
ip address xxx.xxx.111.1 255.255.255.0
!
router rip
version 2
network 192.168.1.0
network 192.168.2.0
network 192.168.3.0
network xxx.xxx.110.0
network xxx.xxx.111.0
!
ip routing 0.0.0.0 0.0.0.0 FastEthernet 0/1
ip http server
ip pim bidir-enable
!
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 192.168.2.0 0.0.0.255
access-list 1 permit 192.168.3.0 0.0.0.255
access-list 1 permit xxx.xxx.110.0 0.0.0.255
access-list 1 permit xxx.xxx.111.0 0.0.0.255
!
line con 0
exec-timeout 0 0
password xxxx
login
line aux 0
line vty 0 4
password xxxx
login
!
!
end

Please Help!

 

[LedZepRock]

Would you not have the requirement to set up NAT??

Thanks

 

[phoyle]

What address are the internal devices using as the default gateway. Were they using the ip address of the firebox? If they were, then they can't find the default gateway.

Change one of you devices to use the 2611 Fa 0/0 (192.168.1.1) as the default gateway and see if it can't get to the internet.

Paul Hoyle, CCNP/CCAI

 

[andf1]

In addition Paul Hoyle's post, make the default route on the 2611 the inside address of the firewall. That is, remove the command IP ROUTE 0.0.0.0 0.0.0.0 FASTETHERNET 0/1 and add the command IP ROUTE 0.0.0.0 0.0.0.0 192.168.6.1. Then assuming you are allowing ICMP through your firewall, ping a host on the Internet that you know will respond. Look at your firewall logs for more clues. Let us know what you find.

andf1

 

[lui3]

It looks like you have added a subnet between the firebox and the router to make things work. If this is correct the firebox needs to know where the networks that it can reach are located. Ie, go into the firebox and check the routes configurations. make sure that the firebox has routes to each of the networks that you want it to communicate with and make sure it knows how to get to them. Packets are arriving at the firebox and then it is routing out the requests however when the reponses return the firebox has no idea where the source of the packets are located.

Ie on the firebox route configuration page

192.168.1.0 via 192.168.6.2
192.168.2.0 via 192.168.6.2
192.168.3.0 via 192.168.6.2
etc etc


Hope this helps.

 

[Poloboy]

Thankyou very much everyone! I got it to work.