RE: Pix & non-Rfc networks. [7:56347]
Yes, You will never even make it to the pix if your destined for the 192.5.2.0/24 network. -Original Message- From: [EMAIL PROTECTED] [mailto:nobody@;groupstudy.com]On Behalf Of [EMAIL PROTECTED] Sent: Saturday, October 26, 2002 5:05 AM To: [EMAIL PROTECTED] Subject: Pix & non-Rfc networks. [7:56347] Hello, I was just reading this document,from the following link http://www.cisco.com/warp/customer/110/8.html I have attached the Pdf file of the same for your convinence :-). now coming to my doubt. If i have a network say like 192.5.2.0/24 inside the pix (connecting to internet) Does it mean that all the sites with 192.5.2.0/24 would not be accessible to the inside network ?? thanks and regards, Murali [GroupStudy.com removed an attachment of type application/octet-stream which had a name of non-rtc-net.pdf] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56357&t=56347 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Pix & non-Rfc networks. [7:56347]
In article , [EMAIL PROTECTED] says... > Hello, > > I was just reading this document,from the following link > http://www.cisco.com/warp/customer/110/8.html I have attached the Pdf file > of the same for your convinence :-). > > > now coming to my doubt. > > If i have a network say like 192.5.2.0/24 inside the pix (connecting to > internet) Does it mean that all the sites with 192.5.2.0/24 would not be > accessible to the inside network ?? > > thanks and regards, > Murali > Yes, but it's not limited to the Pix. If your internal network is using one subnet, your devices will never be able to get to devices on the Internet using addresses from the same subnet. When your machine looks at the destination address, it thinks it is on its local network (layer 2) and will not even bother going to the default gateway for it. I've done the same thing by 'fat fingering' the mask to encapsulate more than the intended addresses (255.255.0.0 instead of 255.255.255.0 for instance). If the destination address would normally fall outside your subnet, but you stuffed up the mask and now it is included, your machine doesn't bother going to the default gateway to find it. Can I chip in with a question for everyone now? If you apply more specific routes to all devices for an address which should appear on your local subnet, will it then try the routed path to the device. eg Machine addressed 100.100.100.100 255.255.255.0 route add 100.100.100.10 mask 255.255.255.255 [default gateway] Not that you'd want to do it, but just wondering. Cheers, Gaz Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56363&t=56347 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Pix & non-Rfc networks. [7:56347]
No need to doubt. If you have the network 192.5.2.0/24 inside the pix, why would a client want to connect to the same network outside the pix? As far as the client is concerned it is ON the 192.5.2.0/24 network!! - Original Message - From: "Brett spunt" To: Sent: Saturday, October 26, 2002 7:36 PM Subject: RE: Pix & non-Rfc networks. [7:56347] > Yes, > > You will never even make it to the pix if your destined for the 192.5.2.0/24 > network. > > -Original Message- > From: [EMAIL PROTECTED] [mailto:nobody@;groupstudy.com]On Behalf Of > [EMAIL PROTECTED] > Sent: Saturday, October 26, 2002 5:05 AM > To: [EMAIL PROTECTED] > Subject: Pix & non-Rfc networks. [7:56347] > > > Hello, > > I was just reading this document,from the following link > http://www.cisco.com/warp/customer/110/8.html I have attached the Pdf file > of the same for your convinence :-). > > > now coming to my doubt. > > If i have a network say like 192.5.2.0/24 inside the pix (connecting to > internet) Does it mean that all the sites with 192.5.2.0/24 would not be > accessible to the inside network ?? > > thanks and regards, > Murali > > [GroupStudy.com removed an attachment of type application/octet-stream which > had a name of non-rtc-net.pdf] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56366&t=56347 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Pix & non-Rfc networks. [7:56347]
True, but that network is not a private ip, so if inside host is trying to hit a "live" web server at 192.5.2.x, there are SCREWED, ya know. -Original Message- From: gogarty [mailto:ciaron@;gogarty.net] Sent: Saturday, October 26, 2002 4:47 PM To: Brett spunt; [EMAIL PROTECTED] Subject: Re: Pix & non-Rfc networks. [7:56347] No need to doubt. If you have the network 192.5.2.0/24 inside the pix, why would a client want to connect to the same network outside the pix? As far as the client is concerned it is ON the 192.5.2.0/24 network!! - Original Message - From: "Brett spunt" To: Sent: Saturday, October 26, 2002 7:36 PM Subject: RE: Pix & non-Rfc networks. [7:56347] > Yes, > > You will never even make it to the pix if your destined for the 192.5.2.0/24 > network. > > -Original Message- > From: [EMAIL PROTECTED] [mailto:nobody@;groupstudy.com]On Behalf Of > [EMAIL PROTECTED] > Sent: Saturday, October 26, 2002 5:05 AM > To: [EMAIL PROTECTED] > Subject: Pix & non-Rfc networks. [7:56347] > > > Hello, > > I was just reading this document,from the following link > http://www.cisco.com/warp/customer/110/8.html I have attached the Pdf file > of the same for your convinence :-). > > > now coming to my doubt. > > If i have a network say like 192.5.2.0/24 inside the pix (connecting to > internet) Does it mean that all the sites with 192.5.2.0/24 would not be > accessible to the inside network ?? > > thanks and regards, > Murali > > [GroupStudy.com removed an attachment of type application/octet-stream which > had a name of non-rtc-net.pdf] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56367&t=56347 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Pix & non-Rfc networks. [7:56347]
To answer the question asked by Gaz, the router will always send the packet to the route with the most specific mask specified. So, in your example, it will go to the default gateway because the route you added has the most specific mask possible (/32). ""Gaz"" wrote in message news:200210262249.WAA18680@;groupstudy.com... > In article , > [EMAIL PROTECTED] says... > > Hello, > > > > I was just reading this document,from the following link > > http://www.cisco.com/warp/customer/110/8.html I have attached the Pdf file > > of the same for your convinence :-). > > > > > > now coming to my doubt. > > > > If i have a network say like 192.5.2.0/24 inside the pix (connecting to > > internet) Does it mean that all the sites with 192.5.2.0/24 would not be > > accessible to the inside network ?? > > > > thanks and regards, > > Murali > > > > Yes, but it's not limited to the Pix. > > If your internal network is using one subnet, your devices will never be > able to get to devices on the Internet using addresses from the same > subnet. > > When your machine looks at the destination address, it thinks it is on > its local network (layer 2) and will not even bother going to the > default gateway for it. > > I've done the same thing by 'fat fingering' the mask to encapsulate more > than the intended addresses (255.255.0.0 instead of 255.255.255.0 for > instance). If the destination address would normally fall outside your > subnet, but you stuffed up the mask and now it is included, your machine > doesn't bother going to the default gateway to find it. > > Can I chip in with a question for everyone now? > > If you apply more specific routes to all devices for an address which > should appear on your local subnet, will it then try the routed path to > the device. > > eg Machine addressed 100.100.100.100 255.255.255.0 > route add 100.100.100.10 mask 255.255.255.255 [default gateway] > > Not that you'd want to do it, but just wondering. > > > Cheers, > > Gaz Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56388&t=56347 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Pix & non-Rfc networks. [7:56347]
I don't think he is talking specifically about routers but about PC's on the LAN behind the PIX. I'm fairly positive a PC will do a logical AND of the destination IP, come up with a network address, compare that against it's own network address, deduce that the IP must be local and send a layer two broadcast for the MAC associated with the IP -- therefore said host will not need to consult a routing table... source NAT on incoming addresses, use an ALIAS type function (I believe version 6.2 code supports destination NAT) to assign the web servers ect on the outside network (with same IP range as inside) another address range as they come in... C - Original Message - From: "Robert" To: Sent: Sunday, October 27, 2002 9:33 PM Subject: Re: Pix & non-Rfc networks. [7:56347] > To answer the question asked by Gaz, the router will always send the packet > to the route with the most specific mask specified. So, in your example, it > will go to the default gateway because the route you added has the most > specific mask possible (/32). > > ""Gaz"" wrote in message > news:200210262249.WAA18680@;groupstudy.com... > > In article , > > [EMAIL PROTECTED] says... > > > Hello, > > > > > > I was just reading this document,from the following link > > > http://www.cisco.com/warp/customer/110/8.html I have attached the Pdf > file > > > of the same for your convinence :-). > > > > > > > > > now coming to my doubt. > > > > > > If i have a network say like 192.5.2.0/24 inside the pix (connecting to > > > internet) Does it mean that all the sites with 192.5.2.0/24 would not be > > > accessible to the inside network ?? > > > > > > thanks and regards, > > > Murali > > > > > > > Yes, but it's not limited to the Pix. > > > > If your internal network is using one subnet, your devices will never be > > able to get to devices on the Internet using addresses from the same > > subnet. > > > > When your machine looks at the destination address, it thinks it is on > > its local network (layer 2) and will not even bother going to the > > default gateway for it. > > > > I've done the same thing by 'fat fingering' the mask to encapsulate more > > than the intended addresses (255.255.0.0 instead of 255.255.255.0 for > > instance). If the destination address would normally fall outside your > > subnet, but you stuffed up the mask and now it is included, your machine > > doesn't bother going to the default gateway to find it. > > > > Can I chip in with a question for everyone now? > > > > If you apply more specific routes to all devices for an address which > > should appear on your local subnet, will it then try the routed path to > > the device. > > > > eg Machine addressed 100.100.100.100 255.255.255.0 > > route add 100.100.100.10 mask 255.255.255.255 [default gateway] > > > > Not that you'd want to do it, but just wondering. > > > > > > Cheers, > > > > Gaz Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56390&t=56347 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Pix & non-Rfc networks. [7:56347]
To all, In 6.2 of the FOS you CAN do this :-). You just have a situation of overlapping networks. here is the info on how to accomplish this: http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration _guide_chapter09186a00800eb71e.html#xtocid26 (watch the wrap). Cheers! Richard ""Brett spunt"" wrote in message news:200210270014.AAA27223@;groupstudy.com... > True, but that network is not a private ip, so if inside host is trying to > hit a "live" web server at 192.5.2.x, there are SCREWED, ya > know. > > -Original Message- > From: gogarty [mailto:ciaron@;gogarty.net] > Sent: Saturday, October 26, 2002 4:47 PM > To: Brett spunt; [EMAIL PROTECTED] > Subject: Re: Pix & non-Rfc networks. [7:56347] > > > No need to doubt. If you have the network 192.5.2.0/24 inside the pix, why > would a client want to connect to the same network outside the pix? As far > as the client is concerned it is ON the 192.5.2.0/24 network!! > > - Original Message - > From: "Brett spunt" > To: > Sent: Saturday, October 26, 2002 7:36 PM > Subject: RE: Pix & non-Rfc networks. [7:56347] > > > > Yes, > > > > You will never even make it to the pix if your destined for the > 192.5.2.0/24 > > network. > > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:nobody@;groupstudy.com]On Behalf Of > > [EMAIL PROTECTED] > > Sent: Saturday, October 26, 2002 5:05 AM > > To: [EMAIL PROTECTED] > > Subject: Pix & non-Rfc networks. [7:56347] > > > > > > Hello, > > > > I was just reading this document,from the following link > > http://www.cisco.com/warp/customer/110/8.html I have attached the Pdf file > > of the same for your convinence :-). > > > > > > now coming to my doubt. > > > > If i have a network say like 192.5.2.0/24 inside the pix (connecting to > > internet) Does it mean that all the sites with 192.5.2.0/24 would not be > > accessible to the inside network ?? > > > > thanks and regards, > > Murali > > > > [GroupStudy.com removed an attachment of type application/octet-stream > which > > had a name of non-rtc-net.pdf] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56411&t=56347 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Pix & non-Rfc networks. [7:56347]
Gaz wrote: > > In article , > [EMAIL PROTECTED] says... > > Hello, > > > > I was just reading this document,from the following link > > http://www.cisco.com/warp/customer/110/8.html I have attached > the Pdf file > > of the same for your convinence :-). > > > > > > now coming to my doubt. > > > > If i have a network say like 192.5.2.0/24 inside the pix > (connecting to > > internet) Does it mean that all the sites with 192.5.2.0/24 > would not be > > accessible to the inside network ?? Yes. You can't use someone else's network address in your inside network and still get to that someone else's network! :-) When your devices try to reach 192.5.2.x, they will do a logical AND with the subnet mask and see that the result is the same as when they do a logical AND with the subnet mask and their own address. Hence the destination is local. So they send an ARP broadcast. They get a response from a local device or no response if the address doesn't exist locally. Actually, there are probably workarounds to this. It's not such a silly requirement. In the past people did tend to make up network numbers that actually belonged to someone else, so there is a need to get this to work. I wouldn't be surprised to learn that there's some kludegey way of getting this to work. It would probably only work for specific outside addresses and only if you haven't assigned those addresses locally. More below > > > > thanks and regards, > > Murali > > > snip > > Can I chip in with a question for everyone now? > > If you apply more specific routes to all devices for an address > which > should appear on your local subnet, will it then try the routed > path to > the device. > > eg Machine addressed 100.100.100.100 255.255.255.0 > route add 100.100.100.10 mask 255.255.255.255 [default gateway] This is a host-specific route. Operating systems should understand this and behave correctly. Host-specific routes have been around for a long time, like probably since the birth of IP. They solve various problems. So I tred it on a Windows 98 PC. I added the route and then pinged the device specified in the addition. The PC ARPed for the default gateway and then sent the ping to the default gateway, even though the device is really local. The default gateway sent the packet back out the same Ethernet and the local machine replied directly to my PC. I would have expected a redirct from the router too, but I didn't see one. Now, is this behavior specific to the host-specific route? I wonder if I do something like: route add 100.100.100.2 255.255.255.0 default gateway Hmm Oh, Windows 98 won't let me do that! ;-) It will only let me add a host-specific route. Makes sense I guess. And then it does behave correctly when I add a host-speciif route (e.g., it does what the route tells it to do.) ___ Priscilla Oppenheimer www.troubleshootingnetworks.com www.priscilla.com > > Not that you'd want to do it, but just wondering. > > > Cheers, > > Gaz > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56415&t=56347 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Pix & non-Rfc networks. [7:56347]
H The new DNS idea to negate the need for alias is neat. Not as neat as not buggering up the IP addressing in the first place :-) I hadn't considered using overlapping NAT because of the DNS problems, but I suppose alias would have done it and now it's even easier, but I will still avoid it at all costs. With the internet (DNS), I think it's too much of a bodge not to cause problems in the long run. Gaz In article , [EMAIL PROTECTED] says... > To all, > > In 6.2 of the FOS you CAN do this :-). > > You just have a situation of overlapping networks. here is the info on how > to accomplish this: > http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration > _guide_chapter09186a00800eb71e.html#xtocid26 > (watch the wrap). > > Cheers! > > Richard > > > ""Brett spunt"" wrote in message > news:200210270014.AAA27223@;groupstudy.com... > > True, but that network is not a private ip, so if inside host is trying to > > hit a "live" web server at 192.5.2.x, there are SCREWED, ya > > know. > > > > -Original Message- > > From: gogarty [mailto:ciaron@;gogarty.net] > > Sent: Saturday, October 26, 2002 4:47 PM > > To: Brett spunt; [EMAIL PROTECTED] > > Subject: Re: Pix & non-Rfc networks. [7:56347] > > > > > > No need to doubt. If you have the network 192.5.2.0/24 inside the pix, > why > > would a client want to connect to the same network outside the pix? As > far > > as the client is concerned it is ON the 192.5.2.0/24 network!! > > > > - Original Message - > > From: "Brett spunt" > > To: > > Sent: Saturday, October 26, 2002 7:36 PM > > Subject: RE: Pix & non-Rfc networks. [7:56347] > > > > > > > Yes, > > > > > > You will never even make it to the pix if your destined for the > > 192.5.2.0/24 > > > network. > > > > > > -Original Message- > > > From: [EMAIL PROTECTED] [mailto:nobody@;groupstudy.com]On Behalf Of > > > [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56416&t=56347 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Pix & non-Rfc networks. [7:56347]
In article , [EMAIL PROTECTED] says... > > > > Can I chip in with a question for everyone now? > > > > If you apply more specific routes to all devices for an address > > which > > should appear on your local subnet, will it then try the routed > > path to > > the device. > > > > eg Machine addressed 100.100.100.100 255.255.255.0 > > route add 100.100.100.10 mask 255.255.255.255 [default gateway] > > This is a host-specific route. Operating systems should understand this and > behave correctly. Host-specific routes have been around for a long time, > like probably since the birth of IP. They solve various problems. > > So I tred it on a Windows 98 PC. I added the route and then pinged the > device specified in the addition. > > The PC ARPed for the default gateway and then sent the ping to the default > gateway, even though the device is really local. The default gateway sent > the packet back out the same Ethernet and the local machine replied directly > to my PC. I would have expected a redirct from the router too, but I didn't > see one. > > Now, is this behavior specific to the host-specific route? I wonder if I do > something like: > > route add 100.100.100.2 255.255.255.0 default gateway > > Hmm > > Oh, Windows 98 won't let me do that! ;-) It will only let me add a > host-specific route. Makes sense I guess. And then it does behave correctly > when I add a host-speciif route (e.g., it does what the route tells it to do.) > > ___ > > Priscilla Oppenheimer > www.troubleshootingnetworks.com > www.priscilla.com > > > > > Not that you'd want to do it, but just wondering. > > > > > > Cheers, > > > > Gaz > > I would have thought Windows 98 would accept something like: route add 100.100.100.240 mask 255.255.255.240 [default gateway] I don't think there's any restriction to host routes. I wonder though if you don't bother with the individual route on the PC's (which you obviously wouldn't want to do on a larger scale), would the router proxy arp for addresses which should be on it's ethernet, if you applied a route via the serial for example. I'll try it later, but I'm having my dinner :-)) Gaz Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56417&t=56347 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Pix & non-Rfc networks. [7:56347]
Gaz wrote: > > I would have thought Windows 98 would accept something like: > > route add 100.100.100.240 mask 255.255.255.240 [default gateway] It depends on the host's own address. And I've forgotten what we said that was by now. ;-) > > I don't think there's any restriction to host routes. A host route is one that specifies a specific address, i.e. the mask is 255.255.255.255. I doubt there are restrictions to that either, although, obviously, you have to point to a local default gateway and not just any old address. But there are restrictions to other routes, depending on the bit pattern. I'm using different addresses than in our example and don't really feel like twidling bits, but I was able to do something like this: My address is 100.100.100.17 255.255.255.224 I can: route add 100.100.100.16 mask 255.255.255.240 gateway That causes the packets for 100.100.100.16/28 to go through the gateway router. I can't do the following though. Windows 98 gives an error message and won't add the route: route add 100.100.100.2 mask 255.255.255.240 gateway I can do this though: route add 100.100.100.2 mask 255.255.255.254 gateway > > I wonder though if you don't bother with the individual route > on the > PC's (which you obviously wouldn't want to do on a larger > scale), would > the router proxy arp for addresses which should be on it's > ethernet, if > you applied a route via the serial for example. I think that would work, if I understand what you're saying. For example, if you had a host-specific route on the router that pointed to the serial interface, I think the router would proxy ARP for requests to find that host. If you also had a host loally with that same address, the requester would get 2 replies, though, and that would be ugly. Feel free to try it though (but after dinner!) ;-) ___ Priscilla Oppenheimer www.troubleshootingnetworks.com www.priscilla.com > > I'll try it later, but I'm having my dinner :-)) > > Gaz > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56418&t=56347 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Pix & non-Rfc networks. [7:56347]
In article , [EMAIL PROTECTED] says... > Gaz wrote: > > > > I would have thought Windows 98 would accept something like: > > > > route add 100.100.100.240 mask 255.255.255.240 [default gateway] > > It depends on the host's own address. And I've forgotten what we said that > was by now. ;-) > > > > > I don't think there's any restriction to host routes. > > A host route is one that specifies a specific address, i.e. the mask is > 255.255.255.255. I doubt there are restrictions to that either, although, > obviously, you have to point to a local default gateway and not just any old > address. > Thanks :-) > But there are restrictions to other routes, depending on the bit pattern. > I'm using different addresses than in our example and don't really feel like > twidling bits, but I was able to do something like this: > > My address is 100.100.100.17 255.255.255.224 > > I can: > > route add 100.100.100.16 mask 255.255.255.240 gateway > > That causes the packets for 100.100.100.16/28 to go through the gateway > router. > > I can't do the following though. Windows 98 gives an error message and won't > add the route: > > route add 100.100.100.2 mask 255.255.255.240 gateway > > I can do this though: > > route add 100.100.100.2 mask 255.255.255.254 gateway Not sure what you were trying with the first one. Have I misunderstood? I don't know any device that would accept a route without using the network address. (100.100.100.2 is the network address for a 255.255.255.254 mask, but not for 255.255.255.224). But now you've got me worried, because I know your pedigree :-). Humo(u)r me. What d'ya mean. All this has given me an idea though. I would like to have used the same IP address on my laptop when I'm at home and at work. I had to change my local subnet at home, because when I VPN in to work, I have 192.168.80.0/24 at both ends. I should, if what we're thinking is right, be able to put a more specific route on for the odd addresses I need to get to at work, primarily remote desktop to my work PC, our local router and a couple of terminal servers. That way I can leave my IP address the same for both locations (probably). Gaz Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56420&t=56347 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Pix & non-Rfc networks. [7:56347]
Gaz wrote: > > > > I can't do the following though. Windows 98 gives an error > message and won't > > add the route: > > > > route add 100.100.100.2 mask 255.255.255.240 gateway > > > > I can do this though: > > > > route add 100.100.100.2 mask 255.255.255.254 gateway > > Not sure what you were trying with the first one. Have I > misunderstood? > I don't know any device that would accept a route without using > the > network address. (100.100.100.2 is the network address for a > 255.255.255.254 mask, but not for 255.255.255.224). > > But now you've got me worried, because I know your pedigree > :-). > Humo(u)r me. What d'ya mean. I just wasn't thinking! I was rushing. Of course, Windows gave me an error for that. Too bad it wasn't an error that meant anything. I think it said error 87 or something. ;-) > > > All this has given me an idea though. > I would like to have used the same IP address on my laptop when > I'm at > home and at work. > I had to change my local subnet at home, because when I VPN in > to work, > I have 192.168.80.0/24 at both ends. I should, if what we're > thinking is > right, be able to put a more specific route on for the odd > addresses I > need to get to at work, primarily remote desktop to my work PC, > our > local router and a couple of terminal servers. > That way I can leave my IP address the same for both locations > (probably). I think that would work. Let us know. Thanks. Priscilla > > Gaz > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56422&t=56347 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Pix & non-Rfc networks. [7:56347]
Thanks for the Mails, Well I understand y we would not be able to reach.. thanks for all that. This should be irrespective of the Firewall or dial-up proxies we use. Thanks, Murali -Original Message- From: Priscilla Oppenheimer [mailto:nobody@;groupstudy.com] Sent: Monday, October 28, 2002 11:15 PM To: [EMAIL PROTECTED] Subject:Re: Pix & non-Rfc networks. [7:56347] Gaz wrote: > > In article , > [EMAIL PROTECTED] says... > > Hello, > > > > I was just reading this document,from the following link > > http://www.cisco.com/warp/customer/110/8.html I have attached > the Pdf file > > of the same for your convinence :-). > > > > > > now coming to my doubt. > > > > If i have a network say like 192.5.2.0/24 inside the pix > (connecting to > > internet) Does it mean that all the sites with 192.5.2.0/24 > would not be > > accessible to the inside network ?? Yes. You can't use someone else's network address in your inside network and still get to that someone else's network! :-) When your devices try to reach 192.5.2.x, they will do a logical AND with the subnet mask and see that the result is the same as when they do a logical AND with the subnet mask and their own address. Hence the destination is local. So they send an ARP broadcast. They get a response from a local device or no response if the address doesn't exist locally. Actually, there are probably workarounds to this. It's not such a silly requirement. In the past people did tend to make up network numbers that actually belonged to someone else, so there is a need to get this to work. I wouldn't be surprised to learn that there's some kludegey way of getting this to work. It would probably only work for specific outside addresses and only if you haven't assigned those addresses locally. More below > > > > thanks and regards, > > Murali > > > snip > > Can I chip in with a question for everyone now? > > If you apply more specific routes to all devices for an address > which > should appear on your local subnet, will it then try the routed > path to > the device. > > eg Machine addressed 100.100.100.100 255.255.255.0 > route add 100.100.100.10 mask 255.255.255.255 [default gateway] This is a host-specific route. Operating systems should understand this and behave correctly. Host-specific routes have been around for a long time, like probably since the birth of IP. They solve various problems. So I tred it on a Windows 98 PC. I added the route and then pinged the device specified in the addition. The PC ARPed for the default gateway and then sent the ping to the default gateway, even though the device is really local. The default gateway sent the packet back out the same Ethernet and the local machine replied directly to my PC. I would have expected a redirct from the router too, but I didn't see one. Now, is this behavior specific to the host-specific route? I wonder if I do something like: route add 100.100.100.2 255.255.255.0 default gateway Hmm Oh, Windows 98 won't let me do that! ;-) It will only let me add a host-specific route. Makes sense I guess. And then it does behave correctly when I add a host-speciif route (e.g., it does what the route tells it to do.) ___ Priscilla Oppenheimer www.troubleshootingnetworks.com www.priscilla.com > > Not that you'd want to do it, but just wondering. > > > Cheers, > > Gaz Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56446&t=56347 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
