Hello Guys, I will try and give scenario as clearly as i can.
I have 3 networks A ,B And C the main office network is in network B and i have the Pix firewall in Network B. Also in network B, i have 2 cisco routers within network B with Lan interface ip on the same network with network B and these 2 cisco routers is used to route traffic to Network C.
Ip address of A is : 213.226.X.X
Ip address of the Cisco Pix in Network B
the firewall is 87.252.X.X with Lan interface of 192.168.0.1)and the lan interface of the 2 cisco routers are 192.168.0.6 and 192.168.0.7.
Ip address of Network C is :160.40.X.X.
On the cisco PIX(87.252.X.77), I want to create a static route to C (160.40.X.X.) through 192.168.0.6 and 192.168.0.7(the 2 cisco routers).
I also want to provide access from A (213.226.X.X) through the firewall through 192.168.0.6 and 192.168.0.7 to C (160.40.X.X.) using port 23515 and 23526.
I think my command should be as below.
access-list smtp permit tcp any host 87.252.X.X eq 23526 and access-list smtp permit tcp any host 87.252.X.X eq 23515
i am also thinking of doing a static command like below.
static (inside,outside) 87.252.X.X 192.168.0.6 netmask 255.255.255.255 0 0 and also
static (inside,outside) 87.252.X.X 192.168.0.7 netmask 255.255.255.255 0 0
How do i allow static route from A (213.226.X.X) to pass through the firewall and through either to the 2 cisco routers to the C (160.40.X.X)
Find below the config of the firewall if it will help.
access-list smtp permit icmp any any echo-reply
access-list smtp permit icmp any any time-exceeded
access-list smtp permit icmp any any unreachable
access-list smtp permit tcp any host 87.252.X.76 eq smtp
access-list 102 permit ip 192.168.0.0 255.255.255.0 10.0.0.0 255.255.255.0
access-list outside_cryptomap_dyn_10 permit ip any 10.0.0.0 255.255.255.224
pager lines 24
logging monitor debugging
icmp permit any inside
mtu outside 1500
mtu inside 1500
ip address outside 87.252.X.77 255.255.255.248
ip address inside 192.168.0.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
ip local pool ippool 10.0.0.10-10.0.0.25
pdm history enable
arp timeout 14400
global (outside) 1 interface
global (outside) 1 87.252.X.78
nat (inside) 0 access-list 102
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) 87.252.X.76 192.168.0.5 netmask 255.255.255.255 0 0
access-group smtp in interface outside
route outside 0.0.0.0 0.0.0.0 87.252.X.78 1
Your suggestion will realy help. I also do have a set of free IP address thet i can use in the routing.
Regards.
I Can do a grahical rep if my explanations are not clear.
I have 3 networks A ,B And C the main office network is in network B and i have the Pix firewall in Network B. Also in network B, i have 2 cisco routers within network B with Lan interface ip on the same network with network B and these 2 cisco routers is used to route traffic to Network C.
Ip address of A is : 213.226.X.X
Ip address of the Cisco Pix in Network B
the firewall is 87.252.X.X with Lan interface of 192.168.0.1)and the lan interface of the 2 cisco routers are 192.168.0.6 and 192.168.0.7.Ip address of Network C is :160.40.X.X.
On the cisco PIX(87.252.X.77), I want to create a static route to C (160.40.X.X.) through 192.168.0.6 and 192.168.0.7(the 2 cisco routers).
I also want to provide access from A (213.226.X.X) through the firewall through 192.168.0.6 and 192.168.0.7 to C (160.40.X.X.) using port 23515 and 23526.
I think my command should be as below.
access-list smtp permit tcp any host 87.252.X.X eq 23526 and access-list smtp permit tcp any host 87.252.X.X eq 23515
i am also thinking of doing a static command like below.
static (inside,outside) 87.252.X.X 192.168.0.6 netmask 255.255.255.255 0 0 and also
static (inside,outside) 87.252.X.X 192.168.0.7 netmask 255.255.255.255 0 0
How do i allow static route from A (213.226.X.X) to pass through the firewall and through either to the 2 cisco routers to the C (160.40.X.X)
Find below the config of the firewall if it will help.
access-list smtp permit icmp any any echo-reply
access-list smtp permit icmp any any time-exceeded
access-list smtp permit icmp any any unreachable
access-list smtp permit tcp any host 87.252.X.76 eq smtp
access-list 102 permit ip 192.168.0.0 255.255.255.0 10.0.0.0 255.255.255.0
access-list outside_cryptomap_dyn_10 permit ip any 10.0.0.0 255.255.255.224
pager lines 24
logging monitor debugging
icmp permit any inside
mtu outside 1500
mtu inside 1500
ip address outside 87.252.X.77 255.255.255.248
ip address inside 192.168.0.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
ip local pool ippool 10.0.0.10-10.0.0.25
pdm history enable
arp timeout 14400
global (outside) 1 interface
global (outside) 1 87.252.X.78
nat (inside) 0 access-list 102
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) 87.252.X.76 192.168.0.5 netmask 255.255.255.255 0 0
access-group smtp in interface outside
route outside 0.0.0.0 0.0.0.0 87.252.X.78 1
Your suggestion will realy help. I also do have a set of free IP address thet i can use in the routing.
Regards.
I Can do a grahical rep if my explanations are not clear.