Can't access internet on different subnet pix 501

[midnight251]

We have just purchased a pix 501 firewall. Everyone in our office (198.168.128.*) can get to the internet etc. Our warehouse across the street which is connected by two Adtran routers can't access web pages. When they ping the internet they get a reply from the IP address with Destination net unreachable. The route in the routing table of the pix looks correct:

route internal 198.168.134.0 255.255.255.0 198.168.128.3 1

Where 198.168.134.1 is the router address in the other building and 198.168.128.3 is the router address in the office. I have asked other people who configure these things all the time, and they are stumped as well. Any help would be appriciated. I hope I have provided enough info.

Thanks

 

[themut]

Do a "show ver" and see what´s the user license for your PIX, then do a "show local-host" and if you have reach the limit of your license that is the reason why others cannot connect. To test it do a "clear xlate" and try to access the Internet immediately from the remote end.

 

[midnight251]

Thanks for the reply. I have installed the 50 user license upgrade, and I don't have that many workstations using the internet, maybe 30 or so if that, but I will give a try tomorrow and see what happens. Just a thought, we use Lotus Notes for email. When a user fires up the notes client, would that possibly be taking up a license on the pix.

Thanks for the response.

 

[midnight251]

I did a "show local-host" and have 11 active sessions with a 50 user license. This is a strange one.

 

[themut]

What are the IP addresses from the remote networks? What are your nat and global statements?

 

[midnight251]

The following are some settings from the pix 501.

global (outside) 1 interface

nat (inside) 1 198.168.128.0 255.255.240.0 0 0

route outside 0.0.0.0 0.0.0.0 209.146.219.241 1
route inside 198.168.129.0 255.255.255.0 198.168.128.1 1
route inside 198.168.130.0 255.255.255.0 198.168.128.1 1
route inside 198.168.134.0 255.255.255.0 198.168.128.3 1
route inside 198.168.135.0 255.255.255.0 198.168.128.1 1
route inside 198.168.136.0 255.255.255.0 198.168.128.1 1
route inside 198.168.137.0 255.255.255.0 198.168.128.1 1
route inside 198.168.138.0 255.255.255.0 198.168.128.1 1

198.168.128.1 is our main router which our branch offices connect through. The one where I have no internet is
route inside 198.168.134.0 255.255.255.0 198.168.128.3 1


Thanks for the help.

 

[midnight251]

It looks as though I have more that enough licenses for the people to access the internet through the PIX. I just can't seem to figure why they can't access the internet. Could there be a setting that I have missed?


Thanks for the help.

 

[flaz]

Why does this have:
route inside 198.168.134.0 255.255.255.0 198.168.128.3 1
Shouldn't it be
route inside 198.168.134.0 255.255.255.0 198.168.128.1 1
Like all the rest?

 

[chicocouk]

That's funny, i glanced down the list, and thought, looks okay, but it looks like you're spot on about that being the problem.

Is it Christmas yet?