Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

PIX routing to specific network

Status
Not open for further replies.
SR7758

SR7758

Technical User
Mar 11, 2002
66
0
0
US
I have two ISPs with two class c ip's connected to my 2800 router, and behind the router we have a PIX 515 v7.
I'm trying to route all traffic out ISP1, except for traffic destined for (ex)72.14.207.0/24 and 72.14.208.0/24, which should go out ISP2.
I have a static routes setup for 72.14.207.0/24 and 72.14.208.0/24 to route through (ex)222.174.185.1 (ISP2 router)
I have the PAT setup for the ISP1 connections, and I have a statement for ISP2, but it doesn't seem to be working properly, at least that's what it seems like to me.
Of course, we're moving to a new building this weekend and this must be up prior to the move, or else I'll probably be unemployed.
I'm posting my running config for anyone that could possibly help me.
Thank you
=================================================
asdm image flash:/asdm-501.bin
asdm location 10.0.1.23 255.255.255.255 inside
asdm location 10.0.1.25 255.255.255.255 inside
asdm location 10.0.1.31 255.255.255.255 inside
asdm location (ex)72.14.207.0 255.255.255.0 ISP2
asdm history enable
: Saved
:
PIX Version 7.0(1)
names
!
interface Ethernet0
nameif ISP1
security-level 0
ip address (ex)111.245.201.2 255.255.255.0
!
interface Ethernet1
nameif inside
security-level 100
ip address 10.0.0.250 255.255.0.0
!
interface Ethernet2
nameif ISP2
security-level 0
ip address (ex)222.174.185.2 255.255.255.0
!
interface Ethernet3
shutdown
no nameif
security-level 6
no ip address
!
interface Ethernet4
shutdown
no nameif
security-level 8
no ip address
!
interface Ethernet5
nameif DMZ
security-level 10
ip address 10.10.0.250 255.255.0.0
!
enable password ************* encrypted
passwd ************* encrypted
hostname ***********
domain-name ***********
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
dns retries 2
dns timeout 2
dns domain-lookup ISP1
dns domain-lookup ISP2
dns name-server 1.1.1.1
dns name-server 2.2.2.2
dns name-server 3.3.3.3
dns name-server 4.4.4.4
dns name-server 5.5.5.5
same-security-traffic permit inter-interface
access-list ISP2_access_in extended permit icmp any any
access-list ISP2_access_in extended permit tcp any eq (ex)222.174.185.77 eq www
access-list ISP2_access_in extended permit tcp any eq (ex)222.174.185.66 eq www
access-list ISP2_access_in extended permit tcp any eq (ex)222.174.185.67 eq www
access-list ISP2_access_in extended permit tcp any eq (ex)222.174.185.75 eq www
access-list ISP2_access_in extended permit tcp any eq (ex)222.174.185.76 eq www
access-list ISP2_access_in extended permit tcp any eq (ex)222.174.185.79 eq www
access-list ISP2_access_in extended permit tcp any eq (ex)222.174.185.80 eq www
access-list ISP2_access_in extended permit tcp any eq (ex)222.174.185.96 eq www
access-list ISP2_access_in extended permit tcp any eq (ex)222.174.185.95 eq www
access-list ISP2_access_in extended permit tcp any eq (ex)222.174.185.49 eq www
access-list ISP2_access_in extended permit tcp any eq (ex)222.174.185.56 eq www
access-list ISP2_access_in extended permit tcp any eq https host (ex)222.174.185.56 eq https
access-list ISP2_access_in extended permit tcp any eq (ex)222.174.185.57 eq www
access-list ISP2_access_in extended permit tcp any eq (ex)222.174.185.59 eq www
access-list ISP2_access_in extended permit tcp any eq (ex)222.174.185.94 eq www
access-list ISP2_access_in extended permit tcp any eq (ex)222.174.185.58 eq www
access-list ISP2_access_in extended permit tcp any eq (ex)222.174.185.93 eq www
access-list ISP2_access_in extended permit tcp any eq (ex)222.174.185.92 eq www
access-list ISP2_access_in extended permit tcp any eq (ex)222.174.185.73 eq www
access-list ISP2_access_in extended permit tcp any eq (ex)222.174.185.74 eq www
access-list ISP2_access_in extended permit tcp any eq (ex)222.174.185.91 eq www
access-list ISP2_access_in extended permit tcp any eq (ex)222.174.185.90 eq www
access-list ISP2_access_in extended permit tcp any eq (ex)222.174.185.89 eq www
access-list ISP2_access_in extended permit tcp any eq (ex)222.174.185.88 eq www
access-list ISP2_access_in extended permit tcp any eq (ex)222.174.185.52 eq www
access-list ISP2_access_in extended permit tcp any eq (ex)222.174.185.65 eq www
access-list ISP2_access_in extended permit tcp any eq (ex)222.174.185.50 eq www
access-list ISP2_access_in extended permit tcp any eq (ex)222.174.185.71 eq www
access-list ISP2_access_in extended permit tcp any eq (ex)222.174.185.60 eq www
access-list ISP2_access_in extended permit tcp any eq (ex)222.174.185.70 eq www
access-list ISP2_access_in extended permit tcp any eq (ex)222.174.185.69 eq www
access-list ISP2_access_in extended permit tcp any eq (ex)222.174.185.68 eq www
access-list ISP2_access_in extended permit tcp any eq (ex)222.174.185.87 eq www
access-list ISP2_access_in extended permit tcp any eq (ex)222.174.185.86 eq www
access-list ISP2_access_in extended permit tcp any eq (ex)222.174.185.85 eq www
access-list ISP2_access_in extended permit tcp any eq (ex)222.174.185.81 eq www
access-list ISP2_access_in extended permit tcp any eq (ex)222.174.185.84 eq www
access-list ISP2_access_in extended permit tcp any eq (ex)222.174.185.83 eq www
access-list ISP2_access_in extended permit tcp any eq (ex)222.174.185.82 eq www
access-list ISP2_access_in extended permit tcp any eq https host (ex)222.174.185.57 eq https
access-list ISP2_access_in extended permit tcp host (ex)72.14.207.2 eq ftp host (ex)222.174.185.51 eq ftp
access-list ISP2_access_in extended permit tcp host (ex)72.14.207.1 eq ftp host (ex)222.174.185.51 eq ftp
access-list ISP2_access_in extended permit tcp host (ex)72.14.207.26 eq ftp host (ex)222.174.185.51 eq ftp
access-list ISP2_access_in extended permit tcp any eq https host (ex)222.174.185.69 eq https
access-list ISP2_access_in extended permit tcp any eq https host (ex)222.174.185.70 eq https
access-list ISP1_access_in extended deny ip host 86.135.149.130 any
access-list ISP1_access_in extended deny ip host 140.198.35.85 any
access-list ISP1_access_in extended deny ip host 24.116.12.59 any
access-list ISP1_access_in extended deny ip host 140.198.165.185 any
access-list ISP1_access_in extended deny ip host 129.93.51.80 any
access-list ISP1_access_in extended deny ip host 70.136.88.76 any
access-list ISP1_access_in extended permit icmp any any
access-list ISP1_access_in extended permit tcp any eq pptp host (ex)111.245.201.8 eq pptp
access-list ISP1_access_in extended permit gre any host (ex)111.245.201.8
access-list ISP1_access_in extended permit tcp any eq ftp host (ex)111.245.201.8 eq ftp
access-list ISP1_access_in extended permit tcp any eq ftp-data host (ex)111.245.201.8 eq ftp-data
access-list ISP1_access_in extended permit tcp any eq smtp host (ex)111.245.201.7 eq smtp
access-list ISP1_access_in extended permit tcp any eq (ex)111.245.201.7 eq www
access-list ISP1_access_in extended permit tcp any eq https host (ex)111.245.201.7 eq https
access-list ISP1_access_in extended permit tcp host (ex)72.14.207.6 eq pop3 host (ex)111.245.201.7 eq pop3
access-list ISP1_access_in extended permit tcp host (ex)72.14.207.7 eq pop3 host (ex)111.245.201.7 eq pop3
access-list ISP1_access_in extended permit tcp host (ex)72.14.207.8 eq pop3 host (ex)111.245.201.7 eq pop3
access-list ISP1_access_in extended permit tcp host (ex)72.14.207.9 eq pop3 host (ex)111.245.201.7 eq pop3
access-list ISP1_access_in extended permit tcp host (ex)72.14.207.10 eq pop3 host (ex)111.245.201.7 eq pop3
access-list ISP1_access_in extended permit tcp host (ex)72.14.207.11 eq pop3 host (ex)111.245.201.7 eq pop3
access-list ISP1_access_in extended permit tcp host (ex)72.14.207.12 eq pop3 host (ex)111.245.201.7 eq pop3
access-list ISP1_access_in extended permit tcp host (ex)72.14.207.13 eq pop3 host (ex)111.245.201.7 eq pop3
access-list ISP1_access_in extended permit tcp host (ex)72.14.207.14 eq pop3 host (ex)111.245.201.7 eq pop3
access-list ISP1_access_in extended permit tcp host (ex)72.14.207.15 eq pop3 host (ex)111.245.201.7 eq pop3
access-list ISP1_access_in extended permit tcp host (ex)72.14.207.4 eq smtp host (ex)111.245.201.7 eq pop3
access-list ISP1_access_in extended permit tcp host (ex)72.14.207.4 eq pop3 host (ex)111.245.201.7 eq pop3
access-list ISP1_access_in extended permit tcp host (ex)72.14.208..250 eq pop3 host (ex)111.245.201.7 eq pop3
access-list ISP1_access_in extended permit tcp host (ex)72.14.207.1 eq ftp host (ex)111.245.201.6 eq ftp
access-list ISP1_access_in extended permit tcp host (ex)72.14.207.2 eq ftp host (ex)111.245.201.6 eq ftp
access-list ISP1_access_in extended permit tcp host (ex)72.14.207.5 eq ftp host (ex)111.245.201.6 eq ftp
access-list ISP1_access_in extended permit tcp any eq 3389 host (ex)111.245.201.6 eq 3389
access-list ISP1_access_in extended permit tcp any eq (ex)111.245.201.41 eq www
access-list ISP1_access_in extended permit tcp any eq (ex)111.245.201.81 eq www
access-list ISP1_access_in extended permit tcp any eq (ex)111.245.201.82 eq www
access-list ISP1_access_in extended permit tcp any eq (ex)111.245.201.30 eq www
access-list ISP1_access_in extended permit tcp any eq (ex)111.245.201.33 eq www
access-list ISP1_access_in extended permit tcp any eq (ex)111.245.201.46 eq www
access-list ISP1_access_in extended permit tcp any eq (ex)111.245.201.83 eq www
access-list ISP1_access_in extended permit tcp any eq (ex)111.245.201.84 eq www
access-list ISP1_access_in extended permit tcp any eq (ex)111.245.201.42 eq www
access-list ISP1_access_in extended permit tcp any eq (ex)111.245.201.43 eq www
access-list ISP1_access_in extended permit tcp any eq (ex)111.245.201.44 eq www
access-list ISP1_access_in extended permit tcp any eq (ex)111.245.201.45 eq www
access-list ISP1_access_in extended permit tcp any eq (ex)111.245.201.85 eq www
access-list ISP1_access_in extended permit tcp any eq (ex)111.245.201.86 eq www
access-list ISP1_access_in extended permit tcp any eq (ex)111.245.201.87 eq www
access-list ISP1_access_in extended permit tcp any eq https host (ex)111.245.201.87 eq https
access-list ISP1_access_in extended permit tcp any eq (ex)111.245.201.70 eq www
access-list ISP1_access_in extended permit tcp any eq https host (ex)111.245.201.70 eq https
access-list ISP1_access_in extended permit tcp host (ex)72.14.207.2 eq ftp host (ex)111.245.201.70 eq ftp
access-list ISP1_access_in extended permit tcp any eq https host (ex)111.245.201.30 eq https
access-list ISP1_access_in extended permit tcp any eq https host (ex)111.245.201.33 eq https
access-list inside_pnat_outbound extended permit ip 10.0.0.0 255.255.0.0 (ex)72.14.207.0 255.255.255.0
access-list DMZ_pnat_outbound extended permit ip 10.10.0.0 255.255.0.0 (ex)72.14.207.0 255.255.255.0
pager lines 24
logging enable
logging asdm informational
mtu ISP1 1500
mtu inside 1500
mtu ISP2 1500
mtu DMZ 1500
ip verify reverse-path interface ISP1
ip verify reverse-path interface ISP2
no failover
monitor-interface ISP1
monitor-interface inside
monitor-interface ISP2
monitor-interface DMZ
icmp permit any echo ISP1
icmp permit any echo-reply ISP1
icmp permit any inside
icmp permit any echo ISP2
icmp permit any echo-reply ISP2
icmp permit any DMZ
asdm image flash:/asdm-501.bin
asdm history enable
arp timeout 14400
nat-control
global (ISP1) 10 (ex)111.245.201.3
global (ISP1) 12 (ex)111.245.201.4
global (ISP2) 11 (ex)222.174.185.3
global (ISP2) 13 (ex)222.174.185.4
nat (inside) 11 access-list inside_pnat_outbound
nat (inside) 10 0.0.0.0 0.0.0.0
nat (DMZ) 13 access-list DMZ_pnat_outbound
nat (DMZ) 12 0.0.0.0 0.0.0.0
static (inside,ISP1) (ex)111.245.201.8 10.0.1.23 netmask 255.255.255.255
static (inside,ISP1) (ex)111.245.201.7 10.0.1.31 netmask 255.255.255.255
static (inside,ISP1) (ex)111.245.201.6 10.0.1.25 netmask 255.255.255.255
static (DMZ,ISP2) (ex)222.174.185.77 10.10.30.6 netmask 255.255.255.255
static (DMZ,ISP2) (ex)222.174.185.66 10.10.30.7 netmask 255.255.255.255
static (DMZ,ISP2) (ex)222.174.185.67 10.10.30.9 netmask 255.255.255.255
static (DMZ,ISP2) (ex)222.174.185.75 10.10.30.10 netmask 255.255.255.255
static (DMZ,ISP2) (ex)222.174.185.76 10.10.30.11 netmask 255.255.255.255
static (DMZ,ISP2) (ex)222.174.185.79 10.10.30.12 netmask 255.255.255.255
static (DMZ,ISP2) (ex)222.174.185.80 10.10.30.13 netmask 255.255.255.255
static (DMZ,ISP2) (ex)222.174.185.96 10.10.30.14 netmask 255.255.255.255
static (DMZ,ISP2) (ex)222.174.185.95 10.10.30.15 netmask 255.255.255.255
static (DMZ,ISP2) (ex)222.174.185.49 10.10.30.16 netmask 255.255.255.255
static (DMZ,ISP2) (ex)222.174.185.56 10.10.30.17 netmask 255.255.255.255
static (DMZ,ISP1) (ex)111.245.201.41 10.10.10.18 netmask 255.255.255.255
static (DMZ,ISP2) (ex)222.174.185.57 10.10.30.19 netmask 255.255.255.255
static (DMZ,ISP2) (ex)222.174.185.59 10.10.30.20 netmask 255.255.255.255
static (DMZ,ISP2) (ex)222.174.185.94 10.10.30.21 netmask 255.255.255.255
static (DMZ,ISP2) (ex)222.174.185.58 10.10.30.22 netmask 255.255.255.255
static (DMZ,ISP2) (ex)222.174.185.93 10.10.30.23 netmask 255.255.255.255
static (DMZ,ISP2) (ex)222.174.185.92 10.10.30.24 netmask 255.255.255.255
static (DMZ,ISP2) (ex)222.174.185.73 10.10.30.25 netmask 255.255.255.255
static (DMZ,ISP2) (ex)222.174.185.74 10.10.30.26 netmask 255.255.255.255
static (DMZ,ISP2) (ex)222.174.185.91 10.10.30.27 netmask 255.255.255.255
static (DMZ,ISP2) (ex)222.174.185.90 10.10.30.28 netmask 255.255.255.255
static (DMZ,ISP2) (ex)222.174.185.89 10.10.30.29 netmask 255.255.255.255
static (DMZ,ISP2) (ex)222.174.185.88 10.10.30.30 netmask 255.255.255.255
static (DMZ,ISP2) (ex)222.174.185.52 10.10.10.31 netmask 255.255.255.255
static (DMZ,ISP2) (ex)222.174.185.65 10.10.30.32 netmask 255.255.255.255
static (DMZ,ISP1) (ex)111.245.201.81 10.10.31.33 netmask 255.255.255.255
static (DMZ,ISP2) (ex)222.174.185.50 10.10.30.34 netmask 255.255.255.255
static (DMZ,ISP2) (ex)222.174.185.71 10.10.30.35 netmask 255.255.255.255
static (DMZ,ISP2) (ex)222.174.185.60 10.10.30.36 netmask 255.255.255.255
static (DMZ,ISP2) (ex)222.174.185.70 10.10.30.37 netmask 255.255.255.255
static (DMZ,ISP2) (ex)222.174.185.69 10.10.30.38 netmask 255.255.255.255
static (DMZ,ISP2) (ex)222.174.185.68 10.10.30.40 netmask 255.255.255.255
static (DMZ,ISP2) (ex)222.174.185.87 10.10.30.41 netmask 255.255.255.255
static (DMZ,ISP2) (ex)222.174.185.86 10.10.30.42 netmask 255.255.255.255
static (DMZ,ISP2) (ex)222.174.185.85 10.10.30.43 netmask 255.255.255.255
static (DMZ,ISP2) (ex)222.174.185.81 10.10.30.44 netmask 255.255.255.255
static (DMZ,ISP2) (ex)222.174.185.84 10.10.30.45 netmask 255.255.255.255
static (DMZ,ISP2) (ex)222.174.185.83 10.10.30.46 netmask 255.255.255.255
static (DMZ,ISP1) (ex)111.245.201.82 10.10.31.47 netmask 255.255.255.255
static (DMZ,ISP2) (ex)222.174.185.82 10.10.30.48 netmask 255.255.255.255
static (DMZ,ISP1) (ex)111.245.201.30 10.10.11.50 netmask 255.255.255.255
static (DMZ,ISP1) (ex)111.245.201.33 10.10.11.51 netmask 255.255.255.255
static (DMZ,ISP1) (ex)111.245.201.46 10.10.11.52 netmask 255.255.255.255
static (DMZ,ISP1) (ex)111.245.201.83 10.10.11.53 netmask 255.255.255.255
static (DMZ,ISP1) (ex)111.245.201.84 10.10.11.54 netmask 255.255.255.255
static (DMZ,ISP1) (ex)111.245.201.42 10.10.11.55 netmask 255.255.255.255
static (DMZ,ISP1) (ex)111.245.201.43 10.10.11.56 netmask 255.255.255.255
static (DMZ,ISP1) (ex)111.245.201.44 10.10.11.57 netmask 255.255.255.255
static (DMZ,ISP1) (ex)111.245.201.45 10.10.11.58 netmask 255.255.255.255
static (DMZ,ISP1) (ex)111.245.201.85 10.10.31.59 netmask 255.255.255.255
static (DMZ,ISP1) (ex)111.245.201.86 10.10.31.60 netmask 255.255.255.255
static (DMZ,ISP1) (ex)111.245.201.87 10.10.31.61 netmask 255.255.255.255
static (DMZ,ISP1) (ex)111.245.201.70 10.10.31.62 netmask 255.255.255.255
static (DMZ,ISP2) (ex)222.174.185.51 10.10.30.196 netmask 255.255.255.255
access-group ISP1_access_in in interface ISP1
access-group ISP2_access_in in interface ISP2
route ISP1 0.0.0.0 0.0.0.0 (ex)111.245.201.1 1
route inside (ex)72.14.208..0 255.255.255.0 (ex)222.174.185.1 1
route inside (ex)72.14.207.0 255.255.255.0 (ex)222.174.185.1 1
route ISP2 0.0.0.0 0.0.0.0 (ex)222.174.185.1 2
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
username ******** password ************ encrypted privilege 15
http server enable
http 10.0.20.1 255.255.255.255 inside
snmp-server host inside 10.0.20.2 community public
snmp-server location
snmp-server contact
snmp-server community
snmp-server enable traps snmp
telnet 10.0.20.1 255.255.255.255 inside
telnet timeout 5
ssh 10.0.20.1 255.255.255.255 inside
ssh timeout 5
console timeout 0
dhcpd address 10.0.0.251-10.0.1.250 inside
dhcpd lease 3600
dhcpd ping_timeout 50
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map global_policy
class inspection_default
inspect dns maximum-length 512
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
Cryptochecksum:4ecd694423c5d3a014f501acff1431c9
: end

==================================================

ROUTER

==================================================
!This is the running config of the router: 111.245.201.1
!----------------------------------------------------------------------------
!version 12.4
service timestamps debug datetime msec
service timestamps log uptime
no service password-encryption
!
hostname **********
!
boot-start-marker
boot-end-marker
!
logging buffered 4096 debugging
enable secret 5 ****************************
!
no aaa new-model
!
resource policy
!
clock timezone NewYork -5
clock summer-time NewYork date Apr 6 2003 2:00 Oct 26 2003 2:00
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
no ip source-route
ip cef
!
!
no ip dhcp use vrf connected
!
!
no ip bootp server
ip name-server 204.117.214.10
!
username
!
!
!
interface FastEthernet0/0
ip address 111.245.201.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
duplex auto
speed auto
no cdp enable
!
interface FastEthernet0/1
ip address 222.174.185.1 255.255.255.0
duplex auto
speed auto
!
interface Serial0/1/0
description ISP1
bandwidth 1536
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
encapsulation frame-relay IETF
no ip mroute-cache
no fair-queue
service-module t1 timeslots 1-24
!
interface Serial0/1/0.1 point-to-point
no ip redirects
no ip unreachables
no ip proxy-arp
no cdp enable
frame-relay interface-dlci 16 ppp Virtual-Template1
!
interface Serial0/2/0
description ISP2
bandwidth 1536
ip address 111.2.3.3 255.255.255.252
encapsulation ppp
no ip mroute-cache
no fair-queue
!
interface Virtual-Template1
bandwidth 1536
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ppp chap hostname 4387606@bz8
ppp chap password 0 9b229827
ppp ipcp address accept
!
ip classless
ip route 0.0.0.0 0.0.0.0 111.16.0.1
ip route 0.0.0.0 0.0.0.0 111.17.0.1
ip route 0.0.0.0 0.0.0.0 111.31.255.253
ip route 0.0.0.0 0.0.0.0 111.31.255.249
ip route 0.0.0.0 0.0.0.0 111.31.255.245
ip route 0.0.0.0 0.0.0.0 111.31.255.241
ip route 72.14.207.0 255.255.255.0 111.2.3.4 permanent
ip route 72.14.208.0 255.255.255.0 111.2.3.4 permanent
!
no ip http server
!
snmp-server community vepub RO
no cdp run
!
control-plane
!
!
line con 0
password
logging synchronous
login
line aux 0
line vty 0 4
password
login
!
ntp update-calendar
ntp server 128.118.25.3 source Serial0/2/0 prefer
end


============================================

THANK YOU!!!!!


S.R.
 
Sort by date Sort by votes
When you do a trace route to a device on the 72.14.208.0 are you going to the correct AR?

Try this on the Pix:

route ISP2 72.14.208.0 255.255.255.0 222.174.185.1
route ISP2 72.14.207.0 255.255.255.0 222.174.185.1

Looks like your Pix isnt routing the traffic out the correct interface for the static translations to take place. Im not sure if I would have done the same setup as this but the routing statements will at least force the traffic destined for the 72 net out the ISP2 so the translations will work. As far as I can tell I think this is your problem.
 
Upvote 0 Downvote
Thanks for the info. I put those routes into the PIX and still can't get there. Unfortunately, I am unable to tracert for some reason, even after I add an explict 10.0.89.1 --> any IP rule. ~GOING INSANE!!!~
It looks to me now that I am not NATting on the ISP2 interface.


S.R.
 
Upvote 0 Downvote
Is your traffic going from DMZ to ISP2 interfaces destined for the 72.14.207.0 network?
 
Upvote 0 Downvote
The DMZ machines with static NATs shouldn't have to go there, but any other DMZ traffic yes.


S.R.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
217
Sameer258
Sameer258
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
233
Johnkite
Johnkite
ciscokid1984
  • Locked
  • Question
Watchguard RDP from external network
Replies
1
Views
136
hairlessupportmonkey
hairlessupportmonkey
acabezas2014
  • Locked
  • Question
Configuring ASA for Network Segmentation
Replies
1
Views
111
acabezas2014
acabezas2014
brownmab53
  • Locked
  • Question
PIX 525 ASA not allowing DHCP addresses to pass through to router
Replies
0
Views
62
brownmab53
brownmab53

Part and Inventory Search

Sponsor

Back
Top