Bob,
PIX won't do ICMP redirects. Either put the router between the user subnet
and the firewall or change DHCP to use the router as the DG and put a
default static on the router pointing at the PIX. The router will ICMP
redirect the hosts to the firewall. The other option is putting routes on
Hello Bob,
Saturday, August 25, 2001, 8:29:31 PM, you wrote:
BN> We have a Pix firewall that is serving as a default gateway to the
Internet
BN> as well as providing ipsec tunnel connectivity to several remote offices
for
BN> serveral hosts on a subnet. On the same subnet we have a 2600 providin
only one route is allowed..
Best Regards
Have A Good Day!!
***
Farhan Ahmed*
MCSE+I, MCP Win2k, CCDA, CCNA, CSE
Network Engineer
Mideast Data Systems Abudhabi Uae.
***
Privileged/Confidential Information m
two networks connect to inside interface the inside interface add is
10.1.1.4
route inside 10.1.2.0 255.0.0.0 10.1.1.4 1
route inside 10.1.3.0 255.0.0.0 10.1.1.4 1
Best Regards
Have A Good Day!!
***
Farhan Ahmed*
MCSE+I, MCP Win2k, CCDA, CCNA, C
PIX can't route back on the same interface.
Hence this does not work. So workaround will be to let
router be gateway to your subnet & PIX be gateway to
router. Router can route to remote subnet accross
point to point link as well as to PIX.
Hope this helps.
--- Bob Nawrocki wrote:
> We have a P
If it's doing NAT and IPSec you need a ruleset to not use NAT for a
destination on the IPSec tunnel. It looks like that is what's happening.
Allen
- Original Message -
From: "pat"
To:
Sent: Monday, August 27, 2001 1:18 AM
Subject: Re: Pix Route issue [7:17242]
eed a
gateway to the other internal network to do the routing for you. In other
words..the other guys reply was correct.
Allen
- Original Message -
From: "Farhan Ahmed"
To:
Sent: Sunday, August 26, 2001 12:34 AM
Subject: RE: Pix Route issue [7:17242]
> two networks conne
Only one route is allowed? I hope you are not reffering to the pix or a
2600 as those are the only pieces of hardware in the scenario...Becausde
both allow for multiple routes.
-Patrick
>>> "Farhan Ahmed" 08/26/01 01:26AM >>>
only one route is allowed..
Best Regards
Have A Good Day!!
**
I would hazard a guess that your NAT rule does not include that subnet.
-Original Message-
From: Patrick Ramsey [mailto:[EMAIL PROTECTED]]
Sent: 27 August 2001 17:20
To: [EMAIL PROTECTED]
Subject: RE: Pix Route issue [7:17242]
Only one route is allowed? I hope you are not reffering to
PROTECTED]
Subject: Re: Pix Route issue [7:17242]
If it's doing NAT and IPSec you need a ruleset to not use NAT for a
destination on the IPSec tunnel. It looks like that is what's happening.
Allen
- Original Message -
From: "pat"
To:
Sent: Monday, August 27, 2001 1:18
In fact, only one DEFAULT route is allowed on a PIX firewall (according
to Cisco).
Eugene
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Patrick Ramsey
Sent: Monday, August 27, 2001 12:20 PM
To: [EMAIL PROTECTED]
Subject: RE: Pix Route issue [7
11 matches
Mail list logo