Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

routing issue with pix 501

Status
Not open for further replies.
zinkann

zinkann

ISP
Joined
Jan 8, 2008
Messages
167
Location
US
I have problem with the inside interface of a pix 501. This is kind of a weird set up. Basically, i have my regular LAN, with a 4506 as my core and an ASA 5520 to my ISP. I have been provided a t1 from the state for one of my buildings across town. i have dark fiber running to that location. The thing is, about 40 computers at that building are used for the public and need to go out the t1 for content filtering, but at the same time be a part of my LAN for mgt purposes. What i have done is connected a pix 501 to the t1 router and using NAT to the outside. The inside is connected to my LAN on it's own vlan and all of those computers are on that vlan. I have an SVI on my core 4506 on the same network as the inside pix int. On the PIX i have a default route pointing to the t1 of course, and i also have a route pointing that network towards the core 4506 svi. The computers can go to the internet through that state t1 now, but they can't get to my internal network. From my network i can only get to the PIX, nothing else. I'd like to say that it is a firewall issue but being that the internal interface is routing there has to be another explanation. Any suggestions?

CCNA, Network+
 
Sort by date Sort by votes
If those users only have a default route of the Pix 501 and you are hoping to use that as a gateway and then route off that to your other network then it won't work. The Pix is NOT a router. Any traffic entering the inside interface must exit via another interface. It will not route traffic back out of the inside.

Chris.


**********************
Chris A.C, CCNA, CCSA
**********************
 
Upvote 0 Downvote
That was my conclusion as to why this isn't going to work. I'm looking into Policy based routing now, which is very new to me. I'm going to treat this new t1 as a secondary ISP even though thats not really the case, its just an ISP for one of my subnets. So i need to try to build a route map on my core pointing only that one subnet to my PIX, and the rest of my network to my ASA as normal. any suggestions? PBR is very new to me...pabst blue ribbon isn't

CCNA, Network+
 
Upvote 0 Downvote
Does anyone think this will work?

The access list 1 subnet is summarized because i have numerous subnets for exaple 10.0.10.0, 10.0.20.0 etc.
192.168.168.0 is the subnet for the PC's that are accessed by the public.10.0.0.75 is an ASA and 192.168.250.2 is PIX




access-list 1 permit ip 10.0.0.0 0.0.255.255
access-list 2 permit ip 192.168.100.0 0.0.0.255
!
!
!
interface FastEthernet5/45
ip policy route-map MAP1
!
interface vlan 40
ip policy route-map MAP2
!
!
!
route-map MAP1 permit 10
match ip address 1
set ip next-hop 10.0.0.75
!
!
route-map MAP2 permit 20
match ip address 2
set ip next-hop 192.168.250.2

CCNA, Network+
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

jobsp90
  • Locked
  • Question Question
I have a issue in my office hospital network regarding using IPPBX software.
Replies
2
Views
557
DavetheChef
DavetheChef
CPM86
  • Locked
  • Question Question
Cisco isr 4331 with IOS and sip busy fail over to 2nd sip number on pbx?
Replies
0
Views
581
CPM86
CPM86
Pankaj88
  • Locked
  • Question Question
BGP Routing Clarification
Replies
0
Views
536
Pankaj88
Pankaj88
WinstonCH
  • Locked
  • Helpful tip Helpful tip
What is wrong with the diagram, there are people who will help to fix it? How do i do the configurat
Replies
1
Views
940
BIS
BIS
phonedudeSr
  • Locked
  • Question Question
Cisco Unity Connection Subscriber issue
Replies
2
Views
508
phonedudeSr
phonedudeSr

Part and Inventory Search

Sponsor

Back
Top