Jelonet
asked on
Cant see static route
I have a 2600 router and a 515E Pix. I set the pix to route outside with the IP of the router. I set the ip route on the router to the inside interface of the pix. When I do a show run on the router I see the ip route statement with the Pix inside ip address but when I do a show ip route on the router it doesn't show a static route to the pix. I can ping the outside interface of the pix from the router but cant ping any further. Is there something else I need to do to set the static route on the router to be able to get through the Pix?
Can you post result of "sho ip route" from the 2600?
Do you even have routing enabled?
Do you see something like this near the top of your running config?
no ip routing
Do you even have routing enabled?
Do you see something like this near the top of your running config?
no ip routing
ASKER
Set up is this [ISP router]----[my 2691]--[outside switch]--[pix]--[inside switch]--LAN
from the 2600 back is mine. I set the pix to route outside using the 2600 e0 IP address.
I wanted to set a static route on the router to the inside interface IP of the Pix. I thought I would need to have the router no routes that aren't directly connected. I'm not using NAT and I do have an ACL to ping for testing. I can ping from the inside switch to the outside switch but cant ping the router and vice versa.
My router: Pix:
s0 141.32.x.2 In 199.54.2.2
e0 192.168.2.1 Out 192.168.2.2
I tried using: ip route 0 0 199.54.2.2 on the router because it isnt directly connected to my router. I have route outside 0 0 192.168.2.1 on the Pix.
from the 2600 back is mine. I set the pix to route outside using the 2600 e0 IP address.
I wanted to set a static route on the router to the inside interface IP of the Pix. I thought I would need to have the router no routes that aren't directly connected. I'm not using NAT and I do have an ACL to ping for testing. I can ping from the inside switch to the outside switch but cant ping the router and vice versa.
My router: Pix:
s0 141.32.x.2 In 199.54.2.2
e0 192.168.2.1 Out 192.168.2.2
I tried using: ip route 0 0 199.54.2.2 on the router because it isnt directly connected to my router. I have route outside 0 0 192.168.2.1 on the Pix.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you very much. When I read the Cisco page I misunderstood what it was saying. I think I still want to believe the Pix is a router.
That just doesn't make any sense at all.
The default gatway needs to point to the next hop IP on the same connected interface.
Do you have any other connection outside of the router? An ISP connection or something?
Are you natting on the PIX? If yes, then you don't need any static route on the router because all traffic will appear to be local.
Do you have static and access-list rules on the PIX that would even allow you to ping the inside LAN from the PIX?
Unless I've misunderstood the setup
Is it:
A -
ISP --- Router----PIX outside
PIX inside ------> 2600 router----> LAN
Where you're trying to ping "through" the PIX to something outside?
Or B, a simple lab setup:
2600-----> PIX outside
PIX inside---> lan
Where you're trying to ping something on the LAN from the 2600...
If your setup is like "A" -
Do you have a route on the PIX to any interface IP's on the 2600 pointing back to it?
Do you have access-lists on the PIX to allow the icmp echo-replies coming back in?
Example:
ISP -- pingable host <198.6.1.2>
12.34.5.5
\
PIX Outside 12.34.5.6
|
PIX Inside 192.168.223.1
route outside 0.0.0.0 0.0.0.0 12.34.5.5
route inside 10.10.10.0 255.255.255.0 192.168.223.254 <== you might be missing this
\
2600 Fe0/0 192.168.223.254
2600 Fe0/1 10.10.10.1
ip route 0.0.0.0 0.0.0.0 192.168.223.1
|
PC 10.10.10.10 - pinging 198.6.1.2