Unable to ping

rajanirrajanir Registered Users Posts: 2 ■□□□□□□□□□
Hi all..in our test environment we have a pc connected to firewalll which is connected to modem.

I am able to ping the untrust interface but not the modem and no access to internet also.

I have enabled policy from trust subnet to untrust any for ping.

I have added a default route on untrust interface

Can someone please say where I have gone wrong...


  • rajanirrajanir Registered Users Posts: 2 ■□□□□□□□□□
    Untrust interface ip:

    MODEM ip:
  • wasatchbillwasatchbill Registered Users Posts: 6 ■□□□□□□□□□
    Hi Rajanir,
    If the lan side of the modem is, then why is the firewall untrust port Are those ports cabled together?

    Just guessing here; maybe you want the firewall untrust side to be in the 192.168.10.x/24 subnet (or whatever the subnet is), and on the WAN side of the modem.

    Please clarify the topology. What are the subnet masks? This is my guess from your two posts:
    PC --- firewall trust int (which int), firewall untrust int (?) --< why different subnet?>-- modem (LAN port?) --- modem wan port (what IP here?) > Internet is here?

    After you clarify the topology, and make sure the ip addressing is correct (connected ports need to be in the same subnet), then you can do the following ping tests:
    firewall to modem
    firewall to internet ( for example)

    It sounds like the following do work:
    PC to firewall trust side
    PC to firewall untrust side
    if all of the above work, then try:
    PC to modem
    PC to internet (
    PC browse to website (DNS must also work for this test)

    If this is not a stateful firewall, I believe you would have to allow the return ICMP echo reply traffic on the untrust interface side, to get the pings to work, for PC to modem for example. If you need more help, please mention what model of firewall you have, and what type of modem. A full firewall config would also be useful.
  • rakemrakem Member Posts: 800
    What type of firewall is it?
    Do you have security policies allowing access through the firewall?
    How can you have the Untrust interface ip as and the MODEM ip as Thr are differnt subnets... so its just not going to work if thats the case
    CCIE# 38186
Sign In or Register to comment.