Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Understanding IP routing if PIX 515

Status
Not open for further replies.
robharper

robharper

MIS
Jan 29, 2003
6
CA
I think after reviewing many of the posts here my PIX may be setup fine but my lack of understanding how it routes may be the issue.

I have two IP ranges on the inside of the PIX:

192.168.10.0
142.142.xxx.xxx

The 142.142.xxx.xxx range is actually part of an external range setup to access a large pool of Lotus Notes servers (200 plus servers) of which I have little knowledge of the setup beyond my own scope.

While I can access this range by VPN it is unavilable from inside the PIX

I have the following route statement in place:

route inside 142.142.xxx.xxx 255.255.255.0 192.168.10.1 1

I also have a static setup as follows:

static (inside,outside) 142.142.xx.0 142.142.xx.0 netmask 255.255.255.0 0 0

Generally speaking the problem is of course that I cannot access my Notes server while using the PIX for Internet access. We have another internet connection already but it is a very slow T1 with heavy access. The change in the DG is my issue. I use the PIX as the DG for an ADSL connection which is great but lose access to the Notes Server.

Any suggestions would be great, not sure where to go from here.
 
Sort by date Sort by votes
The way you state the problem, it's a little unclear of what network is where, but I think I know what you're getting at.

Here is the problem: If you want to redirect (route) a packet out the SAME interface it arrived, you can't do it. I.E., if a packet hits the PIC on the internal interface, the PIX will not send it back out the internal interface.

It that is not your problem, please specify a bit more and post a config.

-gbiello
 
Upvote 0 Downvote
Yes... Is the 142.142.xxx.xxx on your inside or outside interface? If it's on the outside, then change your route statement to this:

route outside 142.142.xxx.xxx 255.255.255.0 192.168.10.1 1
 
Upvote 0 Downvote
gbiello,

Hey I have been reading about your comment and this may in fact be the issue here.

The 142 range (which is an external address) is on the inside.

So if it will not redirect on the same interface, any idea on how I can I get around this issue?
 
Upvote 0 Downvote
1) You can make 192.168.10.1 your default gateway and let that route back to the PIX.

2) You can put static routes to the 142.142.xxx.xxx network on all devices on 192.168.10.x.

3) You could get a Cisco 2621 (or better) and put that between the PIX and the internal network. This is the option I go for on most of our clients with private WANs.

hope this helps,
-gbiello
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
661
Sameer258
Sameer258
XLNTech1
  • Locked
  • Question
iptables port forwarding
Replies
0
Views
512
XLNTech1
XLNTech1
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
580
Johnkite
Johnkite
Russtoleum
  • Locked
  • Question
SW GVC won't route traffic through sonicwall to offsite tunnel unless it leases an ip on the same su
Replies
1
Views
165
Russtoleum
Russtoleum
xwray
  • Locked
  • Question
PIX 501 DHCP Server function
Replies
0
Views
108
xwray
xwray

Part and Inventory Search

Sponsor

Back
Top