Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

IP Classless Support?

Status
Not open for further replies.
xenolith

xenolith

ISP
Mar 4, 2002
51
Hello. I have a question that I have been unable to resolve after hours of digging Cisco's site and newsgroups. I have a customer using a PIX at 2 locations for VPN connectivity to each other. I am the ISP providing internet access to the sites. Site 1 is serviced with a Vina Technologies T1 Integrator for a router. Site 2 has DSL I provide on a Zyxel router. At each location I provide small subnets (255.255.255.252) for the IPs on the ethernet segments connecting the routers to the PIXs. The routers can ping each other, so classless must be working ok there. The PIXs can see the internet fine, and work fine connecting in a lab, but do not since installation at customer prems. I can ping each PIX from anywhere else on my network.

(IPs used are actually internet routable addresses, but I changed them to protect the innocent)

Site 1
Vina WAN 192.168.1.70/30
Vina LAN 192.168.1.93/30
PIX WAN 192.168.1.94/30

Site 2
Zyxel WAN 192.168.2.247/32
Zyxel LAN 192.168.1.209/30
PIX LAN 192.168.1.210/30

The WANs connect to different routers on my network, but routes are in place between them. Traceroutes look good to/from each side.

Does this look like a classless issue on the PIXs? Anyone have any suggestions on how to resolve this (other than changing the IPs to being inside different subnets)? It seems the PIX does not support ip classless the same way a IOS based router does, nor can I find any documentation stating if it is enabled or disabled by default.

Any help is appreciated!

Thanks,
Josh
 
Sort by date Sort by votes
If you can ping them from a a segment beyond the local segment, then the PIX should have no issues with its address/mask/default route. A pix has no probelm with variable length subnet/classlessness. Since you can ping them from afar, then they should be able to ping each other, correct?

I'd suggest turning on debug for the VPN (debug cry ip, debug cry is) and see what is going on. Is it possible the peer addreses/pre shared key got botched up when changing them from the lab to the actual addresses?
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
789
Sameer258
Sameer258
XLNTech1
  • Locked
  • Question
iptables port forwarding
Replies
0
Views
588
XLNTech1
XLNTech1
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
653
Johnkite
Johnkite
Russtoleum
  • Locked
  • Question
SW GVC won't route traffic through sonicwall to offsite tunnel unless it leases an ip on the same su
Replies
1
Views
188
Russtoleum
Russtoleum
sudhakar346
  • Locked
  • Question
Cisco ASA inside to DMZ issue over public IP
Replies
2
Views
183
kythri
kythri

Part and Inventory Search

Sponsor

Back
Top