Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Routing issue through PIX

Status
Not open for further replies.
Fritou

Fritou

MIS
Joined
Jun 17, 2005
Messages
5
Location
CA
Hi,

I want to configure my PIX so that one of my internal network, 192.168.32.0 can communicate with another network attached to another interface 160.60.180.0. By the way, that netwrok 160, cannot access the web nor is it accessible from the web.

My 192 network is fully operational and everything is fine. I've confiugred an interface on the pix with address 160.60.180.100. I've added a route in my switch in the 192 so any traffic goes to the firewall 192 interface. Not sure if this is correct or not.

From the PIX itself, I can ping 160.60.180.7 and 192.168.34.192 so it proves me that the interfaces are correctly configured. And from 160.60.180.7, I can ping 160.60.180.100.

Now, Can anybody tell me where my problem is? I'm running out of ideas.

Thank you

 
Sort by date Sort by votes
If you're using "ping" to test, to you have an access-list to permit ICMP traffic from the lower security interface to the higher? ICMP is stateless, so it's not automatically allowed like TCP is.
 
Upvote 0 Downvote
Hi again,

I know ping is not the ultimate test but it helped me made sure my PIX 515 (7.1.2(20) was configured correctly. Now, I want to at least ping from 192.168.34.192 to 160.60.180.7 but it doesn't work.

What would you do to make it work?

Thanks
 
Upvote 0 Downvote
Posting a config would help.

I am assuming that these are directly connected networks, just to different interfaces.
1. Check the security levels. Higher can pass to lower but not in reverse without explicit ACL's.
2. With 6x code or 7.x code with "nat-control" turned on you also need some form of NAT either Nat/Global pairs or statics to allow traffic to be translated.
3. Have "fixup icmp error" also in there so it will translate the ICMP responses and allow them back through the firewall.

Again, without seeign the config, there are a lot of possibilities.


Brent
Systems Engineer / Consultant
CCNP, CCSP
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Tommy_T
  • Locked
  • Question Question
Sonic wall - Have an issue remotely connectioning VNC and SMB (and AFP) to one of the 2 ISP circuits
Replies
1
Views
947
nnaarrnn
nnaarrnn
ChrisFairley
  • Locked
  • Question Question
Downloads failing through ASA 5520
Replies
1
Views
327
iggsterman
iggsterman
brownmab53
  • Locked
  • Question Question
PIX 525 ASA not allowing DHCP addresses to pass through to router
Replies
0
Views
307
brownmab53
brownmab53
Russtoleum
  • Locked
  • Question Question
SW GVC won't route traffic through sonicwall to offsite tunnel unless it leases an ip on the same su
Replies
1
Views
371
Russtoleum
Russtoleum
Jimbo2015
  • Locked
  • Question Question
Avaya - Watch guard issue with keep alives
Replies
1
Views
399
hairlessupportmonkey
hairlessupportmonkey

Part and Inventory Search

Sponsor

Back
Top