Reply
alexthia2k7
Posts: 9
Registered: ‎05-27-2007

Cannot ping LAN IP Address but can ping WAN IP Address. Please help

I have LinkSys Wireless Access Point Router, after I upgrade the firmware from another router I can ping the WAN IP ADdress but I cannot ping the LAN IP address, please help.
 
thanks
toomanydonuts
Posts: 6,365
Registered: ‎09-16-2006

Re: Cannot ping LAN IP Address but can ping WAN IP Address. Please help

What router do you have?
 
Are you saying that you cannot ping the router's LAN IP address from the LAN side of the router, or from the WAN side of the router?
 
Normally, you can only ping the router's LAN IP address from the LAN side of the router.
 
If you cannot ping your router from the LAN side, then check your router's address:

Go to "Start" > All Programs > Accessories > Command Prompt.
A black DOS box will appear. Type in "ipconfig" (with no quotes), then hit the Enter key. Look at the "Default Gateway". Is it 192.168.1.1 ?   Try to ping the address listed as the "Default Gateway".
 
If you still have problems, report your "Default Gateway" address, and the answers to the above questions.
alexthia2k7
Posts: 9
Registered: ‎05-27-2007

Re: Cannot ping LAN IP Address but can ping WAN IP Address. Please help

I have two Networks here.
 
1st Network (6th Floor)
-- I have Cisco VPN Concentrator, Cisco Router and 3Com Switches
-- My PDC Server also located
-- IP Range 10.11.10.x
-- Gateway 10.11.10.6
 
2nd Network (10th FLoor)
-- I have Linksys Wireless (WIreless G Broadband Rotuer w/4 Port Switch Model: WRT54G)
-- I have 3Com Switch
-- The Internet Port of the Linksys is connected directly to 6th floor 3com switch
-- The Lan Port of the Linksys is connected to the 10th FLoor 3com switch then the server and workstations all connected to the 10th Floor 3 Com Switch
-- IP Range 192.168.85.x
-- Gateway 192.168.85.1
-- Internet IP Address of the Wireless
  IP: 10.11.10.11
 SM: 255.255.255.0
  GW: 10.11.10.6
-- Local IP Address of the Wireless
  IP: 192.168.85.1
 SM: 255.255.255.0
 
Firmware: 4.21.1
 
This what happen
1) Users, SErvers, computers located at 10Th Floor dont have a problem connecting to the servers and computers at 6th Floor (10.11.10.x)
2) Users, Servers and computers located at 6th Floor CANNOT CONNECT to the Servers, computers located at 10th FLoor
3) After firmware upgrade, servers and computer can ping Linksys Internet IP of 10.11.10.11
 
What we require.
 
WE NEED TO CONNECT COMPUTERS, SERVERS FROM 6TH FLOOR TO 10TH FLOOR AS WELL. MEANING WE WANT BOTH NETWORK PING OR SEE EACH OTHER
 
YOUR HELP IS GREATLY APPRECIATED
 
THANKS A LOT
 
CYNTHIA
 
Expert
Expert
Posts: 12,649
Registered: ‎07-16-2006

Re: Cannot ping LAN IP Address but can ping WAN IP Address. Please help

[ Edited ]
You run through the Linksys router by hooking up the internet port thus you have separated subnets.

Option 1: setup the necessary routing on the Linksys, i.e., put the Linksys into router mode and set up static routes between the 10.11.10.0/24 network and the 192.168.85.0/24 network. A proper setup would require all clients in the 10.11.10.0/24 network to have static routes for the 192.168.85.0/24 network, too. The alternative would be to run through the 10.11.10.0/24 gateway and forward the traffic to the Linksys. However, with this kind you will still have separate broadcast domains. It should not so much matter if you have a PDC spanning the whole network but nevertheless it may be a limitation.

Option 2: Unless there is an important reason why both floors must run in separate networks I would suggest you put everything into a single LAN. You may have to extend the 10.11.10.0/24 to an 10.11.10.0/23 or 22 if you don't have enough IP addresses. See this post for instructions how to set this up. If you don't need the wireless you could actually completely remove the WRT. It is not really business equipment anyway. Otherwise use the WRT as access point only. You should still connect both 3com switches directly and only hook up the WRT as wireless AP to the network.

I think option 2 will be your preferable kind of setup. Otherwise it would help to know the specific reason why you require two subnets instead of one.

Message Edited by gv on 05-28-200704:42 PM

alexthia2k7
Posts: 9
Registered: ‎05-27-2007

Re: Cannot ping LAN IP Address but can ping WAN IP Address. Please help

Can I send you the configuration screenshots of the Linksys?
 
Reason is, 6th Floor is my PDC and 10th Floor is a DC in existing forest and also they are shifting to another location so I'm just doing  a setup prior to their shifting
 
thanks
 
cynthia
toomanydonuts
Posts: 6,365
Registered: ‎09-16-2006

Re: Cannot ping LAN IP Address but can ping WAN IP Address. Please help

[ Edited ]
bump

Message Edited by toomanydonuts on 05-28-200703:16 AM

alexthia2k7
Posts: 9
Registered: ‎05-27-2007

Re: Cannot ping LAN IP Address but can ping WAN IP Address. Please help

What do you mean by BUMP?????!!!!
alexthia2k7
Posts: 9
Registered: ‎05-27-2007

Re: Cannot ping LAN IP Address but can ping WAN IP Address. Please help

Hi,
 
I need to use different IP range coz they are running on different server, which is both a DC.
 
Any suggestion to resolve? As I really need to connect both 6th and 10th Floor users.
 
many thanks
 
cynthia
Expert
Expert
Posts: 12,649
Registered: ‎07-16-2006

Re: Cannot ping LAN IP Address but can ping WAN IP Address. Please help

O.K. You are planning to separate both floors into to different locations which are then probably connected through a VPN.

In that case you need two separate subnets unless the VPN equipment handles full layer 2 bridging. But this is usually not done unless you are sure that the tunnel never goes down.

This means you have to go for option 1 and implement the static routing. Sooner or later you will have to replace the WRT though for a proper router that is able to work as VPN endpoint. I would not recommend to use the WRT and run a VPN server behind the WRT. Rather get a proper VPN device which plays nicely with your Concentrator.

If it is only a transitional setup you will probably be able to live with the indirection of all 10th floor traffic through the 6th floor router. In the end when both subnets are separated and connected through the VPN your won't have that problem anymore.

Regarding the setup of your routers. You have two routers:

1. Cisco LAN 10.11.10.6/24, WAN internet
2. WRT54G LAN 192.168.85.1/24, WAN 10.11.10.11/24, gateway 10.11.10.6

You have to route traffic between both subnets. The traffic inside 192.168.85.0/24 is automatically forwarded correctly to the WRT and from there it goes either into the 10.11.10.0/24 LAN or gets forwarded to the WAN gateway 10.11.10.6 which takes it into the internet.

What is missing are the routes into the WRT LAN 192.168.85.1/24. The Cisco does not know about that network, yet, and does not know where to send the traffic and thus forwards it to its own gateway which is the internet where the traffic is dumped.

You have to do three things:

1. On the Cisco add a route for all the traffic to 192.168.85.0/255.255.255.0 to the gateway address 10.11.10.11. Something like
ip route 192.168.85.0 255.255.255.0 10.11.10.11
should do the trick.

2. You have to set the Linksys into router mode. The default for the router is gateway mode which means it does NAT. With NAT the LAN side of the WRT is inaccessible from the WAN side. You configure the router mode on the Advanced Routing tab of the Linksys. The current setting should be Gateway. Change it to Router. In router mode the router does not NAT.

3. If the 192.168.85.0/24 subnet needs access to the internet you have to add 192.168.85.0 subnet to the addresses which are NATted on the Cisco. The Cisco usually does not NAT all incoming traffic for the internet but only that traffic which you list in the "ip nat source" (or similar depending on your setup). Therefore you have to add the Linksys subnet to there otherwise the traffic is send to the internet without translation and your ISP will quickly drop traffic with private source addresses 192.168.*.*. (As long as the Linksys was running in gateway mode all traffic from the 192.168.85.0/24 was translated to the IP address 10.11.10.11 by the Linksys and thus went without problems through the Cisco).

This should do it. I hope I have not forgotten something. Traffic from 192.168.85.0 is now send without translation into the 10.11.10.0 subnet. With the correct NAT setup the Cisco will forward the traffic to the internet with NAT if necessary.

At the same time all devices inside the 10.11.10.0 subnet will forward the traffic for 192.168.85.0/24 as usual to the gateway 10.11.10.6 because the device do not have any routes for the 192.168.85.0. However, now the gateway has a route for 192.168.85.0/24 to forward the traffic to the Linksys router at 10.11.10.11.

As I have mentioned before this LAN redirection on your gateway is not the optimal solution. At occasion some devices inside 10.11.10.0 might even complain about it when they learn that the traffic gets redirected. The proper solution would be to assign a static route like the one added on the Cisco in (1.) above to all devices connected to 10.11.10.0. Then they directly send all 192.168.85.0 traffic to the Linksys. I think, however, you should not see any of those problems unless you are running some very restrictive software firewalls on the computers. Keep it in mind just in case.

When you separate both subnets (i.e. the 10th floor uses its own internet connection and is not linked with the LAN of the 6th anymore) you basically have to undo the changes above if you want to run the Linksys as internet gateway in the beginning: the Linksys must be back in gateway mode, the route on the Cisco has to be adjusted to the VPN tunnel if it is active, the additional NAT for the 192.168.85.0 subnet should be removed again.
toomanydonuts
Posts: 6,365
Registered: ‎09-16-2006

Re: Cannot ping LAN IP Address but can ping WAN IP Address. Please help

[ Edited ]
"Bump" just means I was going to add something to this thread, then I changed my mind.  This "bumps" you to the top of the list, where more people are likely to see your post.
 
By the time I had written my post, gv had already answered your question better than I could.

Message Edited by toomanydonuts on 05-28-200704:58 AM