|
Posted by Walter Roberson on October 11, 2006, 11:50 pm
If you were Registered and logged in, you could reply and use other advanced thread options
>I have 2 gateways in my network: 1 Cisco PIX 506 (10.171.206.1) and Ipcop
>(10.171.206.2) with a DMZ (on the Ipcop) where the mail server resides
>(192.168.0.4).
>I just would like that a computer with the PIX defined as default Gateway
>could access the mail server on the IPCop's DMZ
>I Thougth about adding a static route on the PIX like:
>route 192.168.0.1 255.255.255.0 10.71.206.2 1
>It doesn't seem to be enough as the mail server doesn't answer the pings.
>What did I miss here???
PIX 4/5/6 never allows packets to return to the same [logical] interface
they reached the PIX by. PIX 7 sometimes does, but only when at
least one VPN is involved.
Upgrade your PIX to 6.3(3) or later and construct a logical interface
overlaying your inside interface and give the logical interface
an address directly in the 192.168.0 network, bypassing IPCOP. Or
if you want to keep IPCOP there, assign it a new address range
such as 192.168.1.2/24 and put the logical interface in that network
and add the route to 192.168.0.0 255.255.255.0 through 192.168.1.2
| 
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML site map