Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

basic routing questions 1

Status
Not open for further replies.
Speaker

Speaker

MIS
Sep 5, 2001
72
US
Here is my network:

Internet(1604) -- PIX515 -- LAN
|
Frame Router(3620) -- frame sites

The Internet router has public IPs on both interfaces. I can telnet into the 1604 from inside or outside my network, but I cannot ping or telnet from the 1604 to the inside of my network. No ping is fine, but I would like to be able to telnet into my 1604, and from there telnet into my PIX or frame routers, which all have internal addresses.

1604 config:
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname web
!
ip subnet-zero
!
interface FastEthernet0
description Connected to LAN
ip address 70.161.27.63 255.255.255.240
speed auto
full-duplex
!
interface Serial0
description Connected to Internet
ip address 70.158.108.32 255.255.255.252
service-module t1 remote-alarm-enable
!
router rip
version 2
redistribute connected
network 70.0.0.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0
no ip http server


I tried adding a route for my 192.168.0.0 network, but no go. I can't figure out why my workstations can access the Internet throught the 1604, but it doesnt see the LAN.

TIA

 
Sort by date Sort by votes
By default you cannot telnet to the outside interface of a PIX. What you can do is the following:

The best way is to create an IPSec tunnel that terminates on the PIX. Once the tunnel is up you will be able to telnet to the inside router using the inside IP. Much more secure and recommended.

An alternate is the following:

1. create a static NAT from one of your real IP's to the inside IP of the inside frame router.

2. Create an access-list that allows telnet from the 1604 router IP to the static NAT IP you created in step 1. This will help secure your inside router by not letting anyone on the outside telnet to the frame router. I would also use AAA for authentication and authorization also.

3. On the PIX allow telnet access from the inside frame router.

You should now be able to telnet to the 1604 router then telnet to the inside router and from the inside router telnet to the PIX.

Hope this helps.

 
Upvote 0 Downvote
Mtashiro, thanks. I had forgotten that I could not telnet to the outside interface of the pix.

Right now I'm able to VPN into the network and telnet to any routers there, but I'd like the option of doing it from any outside computer (given proper authentication).

Thanks again
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Pankaj88
  • Locked
  • Question
BGP Routing Clarification
Replies
0
Views
351
Pankaj88
Pankaj88
mikey789
  • Locked
  • Question
Can 4000-M Routing VLANs ?
Replies
0
Views
206
mikey789
mikey789
paramjotsingh
  • Locked
  • Question
InterVALN Routing in Switch 3850
Replies
4
Views
337
paramjotsingh
paramjotsingh
jmkelly
  • Locked
  • Question
Dynamic routing protocols for catalyst 3850 switches
Replies
4
Views
541
ADB100
ADB100
mutantx
  • Locked
  • Question
CiscoVG202 and Vertical PBX - routing calls
Replies
0
Views
188
mutantx
mutantx

Part and Inventory Search

Sponsor

Back
Top