Categories
Welcome Center
Education & Development
Cyber Security
Virtualization
General
Certification Preparation
Project Management
Posts
Groups
Training Resources
Infosec
IT & Security Bootcamps
Practice Exams
Security Awareness Training
About Us
Home
Certification Preparation
Juniper
Unable to ping
rajanir
Hi all..in our test environment we have a pc connected to firewalll which is connected to modem.
192.168.1.2 59.96.48.58
PC
FIREWALL
MODEM
192.168.1.6 192.168.10.3
I am able to ping the untrust interface but not the modem and no access to internet also.
I have enabled policy from trust subnet to untrust any for ping.
I have added a default route on untrust interface 0.0.0.0 0.0.0.0 192.168.10.3
Can someone please say where I have gone wrong...
Find more posts tagged with
Comments
rajanir
Untrust interface ip: 59.96.48.58
MODEM ip: 192.168.10.3
wasatchbill
Hi Rajanir,
If the lan side of the modem is 192.168.10.3, then why is the firewall untrust port 59.96.48.58? Are those ports cabled together?
Just guessing here; maybe you want the firewall untrust side to be in the 192.168.10.x/24 subnet (or whatever the subnet is), and 59.96.48.58 on the WAN side of the modem.
Please clarify the topology. What are the subnet masks? This is my guess from your two posts:
PC 192.168.1.2 --- firewall trust int (which int) 192.168.1.6, firewall untrust int 59.96.48.58 (?) --<
why different subnet?
>-- modem (LAN port?) 192.168.10.3 --- modem wan port (what IP here?) > Internet is here?
After you clarify the topology, and make sure the ip addressing is correct (connected ports need to be in the same subnet), then you can do the following ping tests:
firewall to modem
firewall to internet (4.2.2.2 for example)
It sounds like the following do work:
PC to firewall trust side
PC to firewall untrust side
if all of the above work, then try:
PC to modem
PC to internet (4.2.2.2)
PC browse to website (DNS must also work for this test)
If this is not a stateful firewall, I believe you would have to allow the return ICMP echo reply traffic on the untrust interface side, to get the pings to work, for PC to modem for example. If you need more help, please mention what model of firewall you have, and what type of modem. A full firewall config would also be useful.
Cheers
Bill
rakem
What type of firewall is it?
Do you have security policies allowing access through the firewall?
How can you have the Untrust interface ip as 59.96.48.58 and the MODEM ip as 192.168.10.3? Thr are differnt subnets... so its just not going to work if thats the case
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
