I have a Cisco 678 acting as the Gateway to two small internal networks. 678 provides NAT services for all outgoing packets, as well as port filtering for all inbound transmissions. It negotiates a routable WAN IP from the IPCP server it trains to. I had a static IP on it's internal interface of 10.0.0.10, and hosts DHCP services (10.0.0.11-61) for the 10.0.0.x network.
The WAN interface of the LinkSys gets its IP from the Cisco 678, usually 10.0.0.11. its LAN port has a static IP of 10.1.1.1 and hosts DHCP services (10.1.1.100-150) for the 10.1.1.x network. Linksys comes with no intrinsic ping capability, so testing has had to be from the PC into the network, and from the Cisco 678 into the other end of the network.
With the LinkSys in Gateway Mode, with Block WAN Request Disabled, all pings from the PC are replied to from all IPs (10.1.1.1, 10.0.0.11, 10.0.0.10, xx.xx.xx.xx (routable IP)), however pings from the Cisco 678 get replies from its own LAN IP, and from the LinkSys WAN IP, however, pings to the LAN IP of the LinkSys Time Out. The entire 10.1.1.x network is unreachable from the Cisco 678.
With the LinkSys in Router Mode, with Block WAN Request Disabled, Pings from the PC to the LAN and WAN IP of the LinkSys get replies, however, pings from the PC to the LAN and WAN IPs of the Cisco 678 Time Out. The entire Internet is unreachable to the 10.1.1.x network. Pings from the Cisco 678 can reach its own LAN and WAN IPs, and the WAN IP of the LinkSys, but the LAN IP is unreachable from the Cisco 678.
It seems no matter which way i set up the LinkSys, the 10.1.1.x network remains unreachable by the Cisco 678. It also appears that while in Gateway Mode, all PCs can reach the net correctly, and the LinkSys filters out almost all traffic coming back inbound, providing twin NAT layers, and filtering out any unexpected incoming traffic. However once in Router mode, letting the Cisco 678 provide Gateway and NAT services, it still filters out all unexpected traffic. Is there some otehr configuration step that I'm missing?
Technical information provided below:
Cisco 678 ADSL Modem/Router w/
Cisco Broadband Operating System CBOS (tm) 678 Software (C678-I-M),
Version v2.4.3 - Release Software (Compiled Aug 21 2001 19:07:25)
[WAN IP] = xx.xx.xx.xx (Negotiated Routable Address)
[LAN IP] = 10.0.0.10 (Static)
[DHCP Server] Hosting 10.0.0.11-61
Routing Table for Cisco 678 is as follows:
[TARGET] [MASK] [GATEWAY] [M][P] [TYPE] [IF] [AGE]
0.0.0.0 0.0.0.0 0.0.0.0 1 SA WAN0-0 0
10.0.0.0 255.255.255.0 0.0.0.0 1 LAR ETH0 0
10.1.1.0 255.255.255.0 10.0.0.11 2 SAR ETH0 0
63.0.0.0 255.0.0.0 0.0.0.0 1 AR WAN0-0 0
WAN Interfaces...
xx.xx.xx.xx 255.255.255.255 0.0.0.0 1 HA WAN0-0 0
Linksys BEFSR41
Firmware v1.45.6, Jun 24 2003
[WAN IP] = 10.0.0.x (Typically 10.0.0.11; DHCP Client to Cisco 678)
[LAN IP] = 10.1.1.1 (Static)
[DHCP Server] Hosting 10.1.1.100-150
Routing Table for Linksys is as follows:
[Dest IP] [Mask] [Gateway] [Metrics] [Interface]
0.0.0.0 0.0.0.0 10.0.0.10 1 WAN
10.0.0.0 255.255.255.0 0.0.0.0 1 WAN
10.1.1.0 255.255.255.0 0.0.0.0 1 LAN
Route Traces from the Cisco 678 with the LinkSys in Router Mode
cbos#traceroute 10.1.1.1
traceroute to 10.1.1.1, 30 hops max, 40 byte packets
1 10.0.0.11 (LinkSys WAN IP)
cbos#traceroute 10.1.1.101
traceroute to 10.1.1.101, 30 hops max, 40 byte packets
1 10.0.0.11 (LinkSys WAN IP)
2 NO RESPONSE
3 NO RESPONSE
Route Traces from the PC with the LinkSys in Router Mode
C:\>tracert 10.0.0.10
Tracing route to 10.0.0.10 over a maximum of 30 hops
1 tracert xx.xx.xx.xx (Routable IP)
Tracing route to xx.net [xx.xx.xx.xx]
over a maximum of 30 hops:
1 tracert 10.0.0.10
Tracing route to 10.0.0.10 over a maximum of 30 hops
1 10 ms 10 ms 10 ms 10.0.0.10 (Cisco 678 LAN IP)
Trace complete.
