Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

PIX Routing Problem

Status
Not open for further replies.
netwalker1

netwalker1

Programmer
Feb 5, 2000
1,241
0
0
EG
I have a PIX , and 2 router :

I am and one of the routers in the PIX Inside interface.

the other router is connected to the 1st router through a WAN connection

The inside segment is : 192.168.1.X
and the far away segment is ; 192.168.11.X


by default , all the inside PCs have a default Gateway : 192.168.1.1

Th problem is that when I want to access any server in the far away segment , the pix doesn't let me go .
however , there is a static route on the PIX pointing to the far away segment through the near router !

I made a solution :
I added a windows command :
[red]route -p add 192.168.11.0 mask 255.255.255.0 192.168.1.d [/red]
as 192.168.1.d is the IP address of the near router IP


How can I solve this problem without adding this command.
because some application couldn't work using this command ..
[green]I am also trying to avoid changing the default gateway for the users ![/green]


Mohamed Farid
[green]Know Me No Pain , No Me Know Pain !!![/green]
CCNP,CCA,MCSE,MCSA
 
Sort by date Sort by votes
So you have ..

net1 .. <pix> ..router .... WAN .... router ... net2.

Is this correct?

If so, your clients just need a default route to the Pix and the Pix should have a route to net2 via it's next hop router. The router on net2 should also have a route to net1 via the router at the other end of the WAN link. The servers on net2 would obviously need a gateway address of the router.

Chris.


**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************
 
Upvote 0 Downvote
no the senario is :

<pix>.. net1 ..router .... WAN .... router ... net2



Mohamed Farid
[green]Know Me No Pain , No Me Know Pain !!![/green]
CCNP,CCA,MCSE,MCSA
 
Upvote 0 Downvote
Ah, I see what you're trying to do. Your default gateway for all your clients is the pix, for routing out to the internet, right? Rather than reconfigure routing on the client machines you're hoping that you can send traffic to net2 via the default gateway (the Pix firewall) which should then route that traffic via the first router to net2.

Unfortunately, you can't do this. The Pix won't route traffic back out of the same interface that it received the traffic from in the first place. You'll have to put persistent routes on the clients to get to this network.


Chris.

**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************
 
Upvote 0 Downvote
This isn't a PIX problem, I suspect. It looks like a default gateway/deafult route problem. Default gateway on the hosts in net2 should be the far router's ethernet interface address, and in that router, have a route to the WAN interface of the near router's WAN interface address for the network 192.168.1.0. Since you can get to the far host by a route command in windows, your near router is configured properly.
 
Upvote 0 Downvote
Change the inside ip address of the PIX. Make your router's LAN IP 192.168.1.1. On your router, add a defult route and point it to the PIX inside address and a route for the 192.168.11.0 and point it to the far router's serial address. On your PIX, add a route inside for the other subnet and point the next hop to the LAN IP of your router. On the far router, make sure there's a default route that points to your router's serial address.
 
Upvote 0 Downvote
dxa1'a method is valid and should work okay. Whereas the Pix won't route traffic back out of the same interface (it must be forwarded to another interface) a router will do this and so you can send all traffic from net1 to the WAN router and then have it's default gateway set as the Pix. The Pix can then route normally. If the traffic is destined for net2 then the router on net1 will route over the WAN as normal. So, for internet access from net1 the traffic will go out as ..

net1client > router1 > Pix > Internet
(ie. the router can route back out of the same interface on net1 towards the pix)

Or, for net2 ..

net1client > router1 > router2 > net2

Chris.


**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************
 
Upvote 0 Downvote
Thanks guys ,, But I will force the clients to change their gateway rather than change anything on the PIX ..


Mohamed Farid
[green]Know Me No Pain , No Me Know Pain !!![/green]
CCNP,CCA,MCSE,MCSA
 
Upvote 0 Downvote
Depending on how many clients you have, I would much rather change 2 IP address, the PIX and the router and be over with.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

xwray
  • Locked
  • Question
PIX 501 DHCP Server function
Replies
0
Views
35
xwray
xwray
Modem80
  • Locked
  • Question
Novice SonicOS user, need routing help
Replies
2
Views
47
Modem80
Modem80
ITSUPPORTIT
  • Locked
  • Question
VPN from ASA 5510 and RV215W problem
Replies
0
Views
41
ITSUPPORTIT
ITSUPPORTIT
brownmab53
  • Locked
  • Question
PIX 525 ASA not allowing DHCP addresses to pass through to router
Replies
0
Views
42
brownmab53
brownmab53
quazimotto
  • Locked
  • Question
Correct Upgrade Path for PIX
Replies
7
Views
92
quazimotto
quazimotto

Part and Inventory Search

Sponsor

Back
Top