Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Network Changes causing problems

Status
Not open for further replies.
mot98

mot98

MIS
Jan 25, 2002
647
CA
Hi all,

We run a NT domain here, with a PIX 515 firewall. On our shop floor we did not want anyone getting access to the internet, so we made an access-list on the PIX to deny them access. The list was as follows:

access-list acl_out deny ip 192.168.50.200 255.255.255.248 any
access-list acl_out deny ip 192.168.50.208 255.255.255.248 any
access-list acl_out deny ip 192.168.50.216 255.255.255.252 any
access-list acl_out deny ip host 192.168.50.220 any
access-list acl_out permit ip any any


This worked fine.

However, last week we setup a VPN connection to another location using a DSL connection. To complete this process we installed a new Router that became our new Default Gateway for the network.

Once we did this, all of the shop floor computers started having problems. For some reason they could not resolve netbios names, but we could ping by IP addresses.

After determining that it was only these select computers that were having the problem, I removed the access-list on the PIX to see if it would solve the problem, which it did.

However, I need to find out why this happened, and to start blocking these systems again.

Any thoughts on why this happened?

Thanks...

mot98
[cheers]
"I'd rather be dead and cool..then alive and uncool."
---Harley Davidson & The Marlboro Man
 
Sort by date Sort by votes
On this new router that is the default gateway, does it have a default route to the PIX?
 
Upvote 0 Downvote
I checked out the config on the new router...

It does have a default route to the PIX.

mot98
[cheers]
"I'd rather be dead and cool..then alive and uncool."
---Harley Davidson & The Marlboro Man
 
Upvote 0 Downvote
We need to know what subnets you have, what routers are routing them, and where your dns servers and dns clients are located.
 
Upvote 0 Downvote
My subnet is 192.168.50.0

My routers and DNS are as follows

Cisco Router 192.168.50.3
Cisco PIX 192.168.50.1
DNS Server 192.168.50.90


It seems really weird that changing the default gateway would have this effect.

mot98
[cheers]
"I'd rather be dead and cool..then alive and uncool."
---Harley Davidson & The Marlboro Man
 
Upvote 0 Downvote
The pix won't do ip redirects, so you'll have to make the cisco router be the default gateway. Then have it's default route be the pix.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

ciscokid1984
  • Locked
  • Question
Watchguard RDP from external network
Replies
1
Views
252
hairlessupportmonkey
hairlessupportmonkey
acabezas2014
  • Locked
  • Question
Configuring ASA for Network Segmentation
Replies
1
Views
286
acabezas2014
acabezas2014
texwiz
  • Locked
  • Question
need some help to properly set up, segregate and secure a network with an ASA 5505
Replies
2
Views
191
texwiz
texwiz
alex1002
  • Locked
  • Question
Sonicwall SSLVPN very slow Throughput accessing network files
Replies
1
Views
260
alex1002
alex1002
burtsbees
  • Locked
  • Question
rogue network
Replies
4
Views
138
burtsbees
burtsbees

Part and Inventory Search

Sponsor

Back
Top