If I were to take a wild guess, I would say that your 2524 does not have a quad zero default pointing to the PIX inside address.
your routing is screwy to begin with. a lot of folks don't like to do it this way, but I would point the default route of all inside devices to the 2524, and have the quad zero default on the 2524 pointing to the inside of the PIX. your router ethernet interface receives all packets, then forwards them accordingly. idle curiosity - why not use your 2610 as your inside router, and the 2524 as the internet router? you can full duplex the 2610 Ethernet and improve performance, especially under this scenario of using the router interface as the default gateway. in general, a good design might be: internet----internet_edge_router----firewall---switch---inside_router----WAN ---other_nets the way you have things now, you are expecting the PIX to route, and it is not a router. your inside PCs try to get to your WAN, and their default gateway is the PIX, which cannot route. hope this makes sense. Chuck -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Paul Holloway Sent: Monday, October 01, 2001 2:10 PM To: [EMAIL PROTECTED] Subject: connectivity issue [7:21600] Guys (and gals), I was wondering if anyone had ran into this problem. I have a private, pt-pt network terminating on my side with a 2524 running 11.1. This is connected into a 2900 switch. My ISP comes in on a 2610 through a PIX running 6.1.(Whose inside IP is the gateway for all PCs) It is also hitting the 2900. My machines behind the firewall can get to the internet and also ping the 2524 Ethernet interface on my side, but that is as far as they will go. I have put a static route into the PIX pointing any traffic for the 10.4.0.0 network (the far side of the pt-pt) directed to the inside IP of the 2524. from the PIX, I can ping the 2524, and any address on the far network. But the PCs cannot go past the Ethernet of the 2524. They can ping the inside interface of the 2524, but not even the WAN interface of this router. I have also added a static for the Network of the WAN link, a /30. I don't understand how the PIX can ping through the 2524 to the remote network and the PCs cannot, when all the routes are in the PIX to direct these packets to the correct destination(2524). Could it have to do with the fact the times I'm getting on those pings( around 600ms) are above the TTL on the PCs or could I be missing something else? This is probably going to turn out to be a stupid question, and I will regret sending it. Be gentle Paul Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=21627&t=21600 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
