Simple ip route problem

[strifer]

I have a full T1 coming in to a Pacbell 1760 that is preconfigured(I dont manage it). I connected the PacBell 1760 to a NetScreen 5GT that NATs the WAN ip. The NetScreen 5GT is then connected to another Cisco 1760 that has two WIC-1ENET(and a fastethernet). The NetScreen's NAT inside ip is 192.168.1.1, and the connection to my 1760 is 192.168.1.2. I want create one network for each WIC-1ENET (192.168.2.x and 192.168.3.x). I have assigned the IPs and subnets to the two WICS, but I can get pacets to cross the router and get to 192.168.1.1. I know its a simple ip route command, but nothing seems to work. Any suggestions or examples would be greatly helpful!

Thanks

 

[dx1]

>I have assigned the IPs and subnets to the two WICS, but I can get pacets to cross the router and get to 192.168.1.1.

You can or you can't? I'm assuming you can't. On the inside 1760, does he have a default route to the Netscreen's 192.168.1.1? On the Netscreen, does he know how to get back to the 192.168.2.x and 192.168.3.x subnet?

 

[strifer]

sorry, that was a typo, I can't get packets accross the router. Here is the layout of the router. The 192.168.1.1 is the Netscreen router. I haven't changed anything on the Netscreen router as far as routes.


Building configuration...

Current configuration : 732 bytes
!
version 12.2
service config
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname *****
!
logging queue-limit 100
enable secret ***********
enable password ********
!
ip subnet-zero
!
!
!
!
!
!
!
interface Ethernet0/0
ip address 192.168.2.1 255.255.255.0
half-duplex
!
interface FastEthernet0/0
ip address 192.168.1.2 255.255.255.0
speed auto
full-duplex
!
interface Ethernet1/0
ip address 192.168.3.1 255.255.255.0
shutdown
half-duplex
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.1
no ip http server
!
!
dialer-list 1 protocol ip permit
!
line con 0
line aux 0
line vty 0 4
password *****
login
!
no scheduler allocate
end

 

[BuckWeet]

you need to set the route in the netscreen

 

[strifer]

thanks for the help, I created a route on the netscreen and it worked. One other quick question. How to I deny all communications from the 192.168.3.X network from the 192.168.2.X Network?

 

[routerman]

>One other quick question. How to I deny all communications from the 192.168.3.X network from the 192.168.2.X Network?

Another typo??

Assuming you want to block traffic between the 2 networks,

access-group 100 deny ip 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255
access-group 100 permit ip any any
access-group 101 deny ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255
access-group 101 permit ip any any

int e0/0
ip access-group 100 in
int e1/0
ip access-group 101 in

 

[strifer]

That should work, I wanted to deny the .3 network access to the .2 network, but allow .2 to any. But stopping both will work just as good. Thanks