PIX Firewall and 2509 Access Router
I have a 2509 access router with 8 modems attached. This past weekend I installed a PIX 515. Now when users dial-in they receive very slow connections. I tried to ping various Internet hosts and found that 60-80% packet loss occurred. I turned on Debug ip icmp Ran a trace to my server at home and received this message dst (10.100.7.0) port unreachable rcv from X.X.X.190 (home server). 10.100.7.0 is the IP of my E0 interface on the 2509 and it further says sent to 10.100.1.0 --> which is the IP of my inside server. Enlightenment would be greatly appreciated. I have some very angry users who are on the road, including my big boss, an Admiral in the US Navy. Thanx all Daryn P. Bartlett ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX Firewall and 2509 Access Router
If you are using 10.100.7.0 as an IP you will have problems. Try changing it to .1 instead of .0. Kenny - Original Message - From: "Bartlett, DS1" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, June 07, 2000 5:16 PM Subject: PIX Firewall and 2509 Access Router > I have a 2509 access router with 8 modems attached. This past weekend I > installed a PIX 515. Now when users dial-in they receive very slow > connections. I tried to ping various Internet hosts and found that 60-80% > packet loss occurred. I turned on > > Debug ip icmp > > Ran a trace to my server at home and received this message > > dst (10.100.7.0) port unreachable rcv from X.X.X.190 (home server). > > 10.100.7.0 is the IP of my E0 interface on the 2509 and it further says > > sent to 10.100.1.0 --> which is the IP of my inside server. > > Enlightenment would be greatly appreciated. I have some very angry users > who are on the road, including my big boss, an Admiral in the US Navy. > > Thanx all > Daryn P. Bartlett > > ___ > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: http://www.groupstudy.com > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX Firewall and 2509 Access Router
Daryn, Try using different IP addresses other than ones that end in x.x.x.0 That might help. :) -Brad p.s. I hope you dont have any missle codes...lol ""Bartlett, DS1"" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I have a 2509 access router with 8 modems attached. This past weekend I > installed a PIX 515. Now when users dial-in they receive very slow > connections. I tried to ping various Internet hosts and found that 60-80% > packet loss occurred. I turned on > > Debug ip icmp > > Ran a trace to my server at home and received this message > > dst (10.100.7.0) port unreachable rcv from X.X.X.190 (home server). > > 10.100.7.0 is the IP of my E0 interface on the 2509 and it further says > > sent to 10.100.1.0 --> which is the IP of my inside server. > > Enlightenment would be greatly appreciated. I have some very angry users > who are on the road, including my big boss, an Admiral in the US Navy. > > Thanx all > Daryn P. Bartlett > > ___ > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: http://www.groupstudy.com > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > --- ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX Firewall and 2509 Access Router
I have fixed my problem What I found was my default gateway on my 2509 was the E0 port. When I installed the firewall, Cisco says to point default gateway's internal to the PIX to the inside port address, which I did. However I did not remove the line ip route 0.0.0.0 0.0.0.0 ethernet 0 when I removed this configuration, all worked well, and now proper connections are restored. Thank you to all who offered help. Daryn P. Bartlett -Original Message- From: Bartlett, DS1 [SMTP:[EMAIL PROTECTED]] Sent: Wednesday, June 07, 2000 5:17 PM To: '[EMAIL PROTECTED]' Subject: PIX Firewall and 2509 Access Router I have a 2509 access router with 8 modems attached. This past weekend I installed a PIX 515. Now when users dial-in they receive very slow connections. I tried to ping various Internet hosts and found that 60-80% packet loss occurred. I turned on Debug ip icmp Ran a trace to my server at home and received this message dst (10.100.7.0) port unreachable rcv from X.X.X.190 (home server). 10.100.7.0 is the IP of my E0 interface on the 2509 and it further says sent to 10.100.1.0 --> which is the IP of my inside server. Enlightenment would be greatly appreciated. I have some very angry users who are on the road, including my big boss, an Admiral in the US Navy. Thanx all Daryn P. Bartlett ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX Firewall and 2509 Access Router
I am using a /16 mask. This is a non routed environment as I only have 90 devices. I set it up that way because I wanted some structure. (i.e. servers are 1.0, comms are 7.0, switches are 10.0 and printers are 5.0) My thoughts last night were to set up static mappings for my PIX such that static x.x.x.5 10.100.7.0 netmask 255.255.255.255 (outside port static mapping) conduit permit tcp x.x.x.5 host any (allow all tcp access through outside port) Any thoughts on that. Thanx, Daryn P. Bartlett "Calamari" -Original Message- From: Brad Ellis [SMTP:[EMAIL PROTECTED]] Sent: Wednesday, June 07, 2000 9:13 PM To: [EMAIL PROTECTED] Subject: Re: PIX Firewall and 2509 Access Router Daryn, Try using different IP addresses other than ones that end in x.x.x.0 That might help. :) -Brad p.s. I hope you dont have any missle codes...lol ""Bartlett, DS1"" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I have a 2509 access router with 8 modems attached. This past weekend I > installed a PIX 515. Now when users dial-in they receive very slow > connections. I tried to ping various Internet hosts and found that 60-80% > packet loss occurred. I turned on > > Debug ip icmp > > Ran a trace to my server at home and received this message > > dst (10.100.7.0) port unreachable rcv from X.X.X.190 (home server). > > 10.100.7.0 is the IP of my E0 interface on the 2509 and it further says > > sent to 10.100.1.0 --> which is the IP of my inside server. > > Enlightenment would be greatly appreciated. I have some very angry users > who are on the road, including my big boss, an Admiral in the US Navy. > > Thanx all > Daryn P. Bartlett > > ___ > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: http://www.groupstudy.com > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > --- ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
