Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Cisco 515 Add a static route and it won't connect out

Status
Not open for further replies.
timmylodge

timmylodge

IS-IT--Management
Jul 15, 2005
4
GB
hi

i am trying to correct a static public to private route that used to work - fell over - and now won't connect.

It should be fairly simple i have the addresses named
xxx.xxx.209.185 Lyris_ext
xxx.xxx.1.44 Lyris_int

and a few Outbound permit tcp eq smtp
which all works fine - i can browse etc

but when i add the static route
static (inside,outside) Lyris_ext Lyris_int netmask 255.255.255.255 0 0

which was what the route was - all traffic ceases to flow...

i just can't see what we are doing wrong...
any ideas ?
 
Sort by date Sort by votes
This is actually a static translation, not route. You said "fell over" does that mean you had a firewall failover (hardware failure)?

Is xxx.xxx.209.185 Lyris_ext the same IP ad the firewall external interface?


 
Upvote 0 Downvote
thanks for your response

in the end we shifted this server off the PIX and moved it to a DMZ on some kit called NetworkBox and that worked fine.

the problem was the internal IP 10.40.1.44 - could access port 80, 25, 53 all fine - and so you could browse web - send SMTP traffic etc - until you added in the requisite static (inside,outside) which connected the external IP to that internal.

the really weird thing is that it was working a month ago - then we didn't use the server - then this week we did - it worked for a bit - fell over - I restarted it - worked for 5 more hours - then totally packed up. And no amount of reload, take all records out, put them back in, clear xlate, clear arp - etc etc would relieve the problem that as soon as you put the static(inside, outside) it shut down outgoing traffic.
I was going through copies of the config from when it worked - no difference.

There must have been something...
My current theory is the OS could do with being lifted to 6.3.5 but as we have moved off now to another bit of kit...

 
Upvote 0 Downvote
Ah, sounds like a ARP problem maybe. Do you have more than one device besides the PIX connected to the internet link? Do you control the ISP router?

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
294
Sameer258
Sameer258
intel233
  • Locked
  • Question
Cisco ASA 5510 -Static NAT Help
Replies
8
Views
333
intel233
intel233
MottoK
  • Locked
  • Question
Cisco ISE blank GUI
Replies
0
Views
253
MottoK
MottoK
intel233
  • Locked
  • Question
Cisco ASA - VPN Question
Replies
6
Views
303
intel233
intel233
Russtoleum
  • Locked
  • Question
SW GVC won't route traffic through sonicwall to offsite tunnel unless it leases an ip on the same su
Replies
1
Views
92
Russtoleum
Russtoleum

Part and Inventory Search

Sponsor

Back
Top