RE: Pix Route issue [7:17242]

Mon, 27 Aug 2001 14:13:53 -0700 

or maybe...

Is your route inside 10.0.0.0 255.0.0.0?  I think the message is indicating
that you have too general a route to the remote subnet.  try adding a more
specific route.

-----Original Message-----
From: Allen May [mailto:[EMAIL PROTECTED]]
Sent: 27 August 2001 15:50
To: [EMAIL PROTECTED]
Subject: Re: Pix Route issue [7:17242]


If it's doing NAT and IPSec you need a ruleset to not use NAT for a
destination on the IPSec tunnel.  It looks like that is what's happening.

Allen


----- Original Message -----
From: "pat" 
To: 
Sent: Monday, August 27, 2001 1:18 AM
Subject: Re: Pix Route issue [7:17242]


> PIX can't route back on the same interface.
>
> Hence this does not work. So workaround will be to let
> router be gateway to your subnet & PIX be gateway to
> router. Router can route to remote subnet accross
> point to point link as well as to PIX.
>
> Hope this helps.
> --- Bob Nawrocki  wrote:
> > We have a Pix firewall that is serving as a default
> > gateway to the Internet
> > as well as providing ipsec tunnel connectivity to
> > several remote offices for
> > serveral hosts on a subnet. On the same subnet we
> > have a 2600 providing a
> > point to point wan link.  I added a route to the Pix
> > on the inside interface
> > to point to the 2600 for the wan route.  I am still
> > not able to connect to
> > that subnet unless i add a specific route on the
> > hosts.  When running debug
> > logging on the Pix I get the following output:
> >
> > 106011: Deny inbound (No xlate) icmp src
> > inside:10.111.1.55 dst
> > inside:10.112.3.3 (type 8, code 0)
> >
> > Any thoughts?
> >
> > Bob Nawrocki
> > CCNP CCDP
> [EMAIL PROTECTED]
>
>
> __________________________________________________
> Do You Yahoo!?
> Make international calls for as low as $.04/minute with Yahoo! Messenger
> http://phonecard.yahoo.com/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=17453&t=17242
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Reply via email to