PIX routing help?

PIX routing help?
NewsGroups | Search | Tools
User Password
Register Now! Lost Password?
 comp.dcom.sys.cisco  Post an article  get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content  add this group's latest topics to your Google content  YahooMyWeb Yahoo!  Google Google  Windows Live Favorites Windows Live  del.icio.us del.icio.us  digg digg  Add to Netscape Netscape
Subject Author Date
PIX routing help? kenfry@gmail.com 12-18-2004
`--> Re: PIX routing help? kenfry@gmail.co ..12-18-2004
Posted by kenfry@gmail.com on December 18, 2004, 8:10 am
If you were  Registered and logged in, you could reply and use other advanced thread options
my network setup

--> Corp Pix (outside 192.168.1.254/24 inside 192.168.2.254/24 aka
Office Lan)
Default Route here is internet router
Static Route 192.168.50.0/24 (Remote Office) to 192.168.2.253
(Local Router)


--> Office Router (Office LAN 192.168.2.253/24 Serial
192.168.250.1/255.255.255.252)
Default Route 192.168.2.254 (Above Pix)
Static Route 192.168.50.0/24 to Serial

--> Remote Office Router (Remote Office 192.168.50.1/24 Serial
192.168.250.2/255.255.255.252)
Default Route to Serial

>From any machine in the Office Lan (192.168.2.0/24) i can connect to
anywhere EXPECT Remote Lan (192.168.50.0/24)unless I put a static route
on every machine like route 192.168.50.0/24 gateway 192.168.2.253, the
default route is the Pix

So how come I cannot route traffic from Office Lan to PIX (default
route)and let the PIX send the packets to Office Router
(192.168.2.253), which know what do (route serial) ???
Thanks
Ken
kenfry@gmail.com



Posted by PES on December 18, 2004, 11:28 am
If you were  Registered and logged in, you could reply and use other advanced thread options
kenfry@gmail.com wrote:
> my network setup
>
> --> Corp Pix (outside 192.168.1.254/24 inside 192.168.2.254/24 aka
> Office Lan)
> Default Route here is internet router
> Static Route 192.168.50.0/24 (Remote Office) to 192.168.2.253
> (Local Router)
>
>
> --> Office Router (Office LAN 192.168.2.253/24 Serial
> 192.168.250.1/255.255.255.252)
> Default Route 192.168.2.254 (Above Pix)
> Static Route 192.168.50.0/24 to Serial
>
> --> Remote Office Router (Remote Office 192.168.50.1/24 Serial
> 192.168.250.2/255.255.255.252)
> Default Route to Serial
>
>>From any machine in the Office Lan (192.168.2.0/24) i can connect to
> anywhere EXPECT Remote Lan (192.168.50.0/24)unless I put a static route
> on every machine like route 192.168.50.0/24 gateway 192.168.2.253, the
> default route is the Pix
>
> So how come I cannot route traffic from Office Lan to PIX (default
> route)and let the PIX send the packets to Office Router
> (192.168.2.253), which know what do (route serial) ???
> Thanks
> Ken
> kenfry@gmail.com
>

You'll have to set the default gateway on all of the host on 'office
lan' the 192.168.2.253. The pix security architecture basically says if
it arrives on an interface, it must go out another interface or be dropped.

--
-------------------------
Paul Stewart
Lexnet Inc.
Email address is in ROT13


Posted by kenfry@gmail.com on December 18, 2004, 9:29 am
If you were  Registered and logged in, you could reply and use other advanced thread options
ahhh... makes perfect sense!

but know how can that change the default route, when that SAME PIX is
the DHCP server?

Thanks!
Ken


PES wrote:
> kenfry@gmail.com wrote:
> > my network setup
> >
> > --> Corp Pix (outside 192.168.1.254/24 inside 192.168.2.254/24 aka
> > Office Lan)
> > Default Route here is internet router
> > Static Route 192.168.50.0/24 (Remote Office) to 192.168.2.253
> > (Local Router)
> >
> >
> > --> Office Router (Office LAN 192.168.2.253/24 Serial
> > 192.168.250.1/255.255.255.252)
> > Default Route 192.168.2.254 (Above Pix)
> > Static Route 192.168.50.0/24 to Serial
> >
> > --> Remote Office Router (Remote Office 192.168.50.1/24 Serial
> > 192.168.250.2/255.255.255.252)
> > Default Route to Serial
> >
> >>From any machine in the Office Lan (192.168.2.0/24) i can connect
to
> > anywhere EXPECT Remote Lan (192.168.50.0/24)unless I put a static
route
> > on every machine like route 192.168.50.0/24 gateway 192.168.2.253,
the
> > default route is the Pix
> >
> > So how come I cannot route traffic from Office Lan to PIX (default
> > route)and let the PIX send the packets to Office Router
> > (192.168.2.253), which know what do (route serial) ???
> > Thanks
> > Ken
> > kenfry@gmail.com
> >
>
> You'll have to set the default gateway on all of the host on 'office
> lan' the 192.168.2.253. The pix security architecture basically says
if
> it arrives on an interface, it must go out another interface or be
dropped.
>
> --
> -------------------------
> Paul Stewart
> Lexnet Inc.
> Email address is in ROT13



Posted by PES on December 18, 2004, 12:59 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
kenfry@gmail.com wrote:
> ahhh... makes perfect sense!
>
> but know how can that change the default route, when that SAME PIX is
> the DHCP server?
>
> Thanks!
> Ken
>
>
> PES wrote:
>
>>kenfry@gmail.com wrote:
>>
>>>my network setup
>>>
>>>--> Corp Pix (outside 192.168.1.254/24 inside 192.168.2.254/24 aka
>>>Office Lan)
>>>Default Route here is internet router
>>>Static Route 192.168.50.0/24 (Remote Office) to 192.168.2.253
>>>(Local Router)
>>>
>>>
>>>--> Office Router (Office LAN 192.168.2.253/24 Serial
>>>192.168.250.1/255.255.255.252)
>>>Default Route 192.168.2.254 (Above Pix)
>>>Static Route 192.168.50.0/24 to Serial
>>>
>>>--> Remote Office Router (Remote Office 192.168.50.1/24 Serial
>>>192.168.250.2/255.255.255.252)
>>>Default Route to Serial
>>>
>>>>From any machine in the Office Lan (192.168.2.0/24) i can connect
>
> to
>
>>>anywhere EXPECT Remote Lan (192.168.50.0/24)unless I put a static
>
> route
>
>>>on every machine like route 192.168.50.0/24 gateway 192.168.2.253,
>
> the
>
>>>default route is the Pix
>>>
>>>So how come I cannot route traffic from Office Lan to PIX (default
>>>route)and let the PIX send the packets to Office Router
>>>(192.168.2.253), which know what do (route serial) ???
>>>Thanks
>>>Ken
>>>kenfry@gmail.com
>>>
>>
>>You'll have to set the default gateway on all of the host on 'office
>>lan' the 192.168.2.253. The pix security architecture basically says
>
> if
>
>>it arrives on an interface, it must go out another interface or be
>
> dropped.
>
>>--
>> -------------------------
>> Paul Stewart
>> Lexnet Inc.
>> Email address is in ROT13
>
>

I don't think you can do this. You will either have to:

1). Use some other type of more configurable dhcp server.

2). Hard code a static route to the remote subnet on each host like this.
route -p add 192.168.50.0 mask 255.255.255.0 192.168.2.253

3). Hard code a default gateway on each host.

--
-------------------------
Paul Stewart
Lexnet Inc.
Email address is in ROT13


Posted by kenfry@gmail.com on December 18, 2004, 9:35 am
If you were  Registered and logged in, you could reply and use other advanced thread options
ahhh... makes perfect sense!


but know how can I change the default route, when that SAME PIX is
the DHCP server?


Thanks!
Ken




PES wrote:
> kenfry@gmail.com wrote:
> > my network setup
> >
> > --> Corp Pix (outside 192.168.1.254/24 inside 192.168.2.254/24 aka
> > Office Lan)
> > Default Route here is internet router
> > Static Route 192.168.50.0/24 (Remote Office) to 192.168.2.253
> > (Local Router)
> >
> >
> > --> Office Router (Office LAN 192.168.2.253/24 Serial
> > 192.168.250.1/255.255.255.252)
> > Default Route 192.168.2.254 (Above Pix)
> > Static Route 192.168.50.0/24 to Serial
> >
> > --> Remote Office Router (Remote Office 192.168.50.1/24 Serial
> > 192.168.250.2/255.255.255.252)
> > Default Route to Serial
> >
> >>From any machine in the Office Lan (192.168.2.0/24) i can connect
to
> > anywhere EXPECT Remote Lan (192.168.50.0/24)unless I put a static
route
> > on every machine like route 192.168.50.0/24 gateway 192.168.2.253,
the
> > default route is the Pix
> >
> > So how come I cannot route traffic from Office Lan to PIX (default
> > route)and let the PIX send the packets to Office Router
> > (192.168.2.253), which know what do (route serial) ???
> > Thanks
> > Ken
> > kenfry@gmail.com
> >
>
> You'll have to set the default gateway on all of the host on 'office
> lan' the 192.168.2.253. The pix security architecture basically says
if
> it arrives on an interface, it must go out another interface or be
dropped.
>
> --
> -------------------------
> Paul Stewart
> Lexnet Inc.
> Email address is in ROT13



Similar ThreadsPosted
integrating new 3550 with routing into existing routing structure? March 1, 2005, 8:06 am
intervlan routing and policy routing C3750 or C 4948 October 20, 2005, 12:38 am
Routing on 837 December 27, 2004, 1:57 pm
IPX routing February 28, 2005, 9:20 am
Routing PIX 515 6.3 June 26, 2005, 11:38 am
IP Routing Help June 27, 2005, 2:31 pm
VPN routing... July 3, 2005, 8:17 pm
Pix VPN and routing August 26, 2005, 2:26 pm
Again: Pix VPN & Routing August 29, 2005, 4:27 pm
PIX "Routing.." September 14, 2005, 7:38 am

other useful resources:
The Federal Communications Commission (FCC)
Telecommunications Industry Association
Electronic and Software Security Products and Services
International Telecommunication Union

Custom CGI Perl and PHP programming by 1-Script.com

Contact Us | Privacy Policy
The site map in XML format XML site map