Cannot route between internal interfaces

[geelkabouter]

I have setup a new interface with network 192.168.x.x behind it,it needs to access a network 172.16.10.x which sits behind a router 172.16.6.1 i have an interface on the 172.16.6.x range but i am unable to access it from my 192.168.x.x range but I can access it from the 172.16.6.x interface,doesnt seem to route between the two

Any ideas?R65 cluster

[mcnallym]

Firstly do you have a route on the cluster that tells it that the 172.16.10.x sits behind the 172.16.6.1 Router.

Secondly does the 172.16.10.x network route traffic upto the R65 cluster by default or does the 172.16.6.1 router need to be told that the new network is behind the R65 cluster.

Lastly does the security policy allow this traffic to take place.

[geelkabouter]

Policy shows traffic is going through,there is a route on the firewall saying that the 172.16.10.x sits behind the router,from the 172.16.10.x the can ping and trace to the 192.168.213.x range but I cannot do it the otherway around,if I trace from the 192.168.213.x range is the get firewall interface on that range then it times out,but the smartview tracker shows traffic is allowed

[vijayant]

Hi

Use fw montor to check if the intended traffic is appearing on the participating interfaces.

fw monitor -m iO -e "accept src=a.b.c.d or dst=a.b.c.d;"

a.b.c.d ---> destination IP
Ctrl + C to come out.

[MarioL]

My guess is NAT, maybe you are Natting 192.168.x.x and then the reply fails to come back, make sure you check the Xlated Src and Xlated Dst on the logs.

Another possibility is routing. I would double check that 172.16.10.x will route traffic back to 192.168.x.x via the said router, 172.16.6.1.