Cisco router in between Pix and Switch - routing needed?
I Have a Cisco 2621 router that I am going to place in between my Switch and my PIX-501 to collect and export netflow. I really just want it to collect the Netflow and pass on the traffic to the pix. What commands would I need to use to do this (if any)
here is the format of the connection Legend (inside ip-[hardware]-outside ip)
Current
LAN->(C3560-10.10.10.2)->(
Desired Setup
LAN->(C3560-10.10.10.2)->(
I already have the config of the 2621 setup this way and I'm going to test it tonight after hours but I wanted to find out before if I need any other routes to make the passthrough happen.
Also does there need to be any other changes to the PIX other than changing the inside IP? It is the gateway for the LAN. So with the desired setup the Gateway would be changed to the 2621 and traffic would be passed to the pix I guess.
here is the format of the connection Legend (inside ip-[hardware]-outside ip)
Current
LAN->(C3560-10.10.10.2)->(
Desired Setup
LAN->(C3560-10.10.10.2)->(
I already have the config of the 2621 setup this way and I'm going to test it tonight after hours but I wanted to find out before if I need any other routes to make the passthrough happen.
Also does there need to be any other changes to the PIX other than changing the inside IP? It is the gateway for the LAN. So with the desired setup the Gateway would be changed to the 2621 and traffic would be passed to the pix I guess.
JFrederick29
The 3560 needs a default route via 10.10.10.254 (the 2621) and the 2621 needs a default route via 10.10.9.254 (PIX). The PIX needs a route to 10.10.10.0/24 via 10.10.9.230 (2621) and the 3560 a route to 10.10.9.0/24 via 10.10.10.254 (2621). That should do it these are your only subnets.
ASKER
Sorry I don't have a ton of knowledge on the routes. if it's not too much trouble could you tell me the commands that I woul d need to add per device? I am into the devices and know how to add them but I'n not sure on the connamds that need to be added.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
on the pix when I try the command I get
pixfirewall(config)# ip route route inside 10.10.10.0 255.255.255.0 10.10.9.230
Not enough arguments.
Usage: [no] ip address <if_name> <ip_address> [<mask>]
[no] ip address <if_name> <ip_address> <mask> pppoe [setroute]
[no] ip address <if_name> dhcp [setroute] [retry <retry_cnt>]
[no] ip address <if_name> pppoe [setroute]
ip local pool <poolname> <ip1>[-<ip2>] [mask <mask>]
ip verify reverse-path interface <if_name>
ip audit {info|attack} action [alarm] [drop] [reset]
ip audit name <audit_name> {info|attack} [action [alarm] [drop] [reset]]
ip audit interface <if_name> <audit_name>
ip audit signature <sig_number> disable
show|clear ip audit count [global] [interface <interface>]
show ip [address [<if_name> [pppoe|dhcp [lease|server]]]]
Does the "ip route" work on the pix-501?
pixfirewall(config)# ip route route inside 10.10.10.0 255.255.255.0 10.10.9.230
Not enough arguments.
Usage: [no] ip address <if_name> <ip_address> [<mask>]
[no] ip address <if_name> <ip_address> <mask> pppoe [setroute]
[no] ip address <if_name> dhcp [setroute] [retry <retry_cnt>]
[no] ip address <if_name> pppoe [setroute]
ip local pool <poolname> <ip1>[-<ip2>] [mask <mask>]
ip verify reverse-path interface <if_name>
ip audit {info|attack} action [alarm] [drop] [reset]
ip audit name <audit_name> {info|attack} [action [alarm] [drop] [reset]]
ip audit interface <if_name> <audit_name>
ip audit signature <sig_number> disable
show|clear ip audit count [global] [interface <interface>]
show ip [address [<if_name> [pppoe|dhcp [lease|server]]]]
Does the "ip route" work on the pix-501?
Drop the "ip route" portion. It's just:
route inside 10.10.10.0 255.255.255.0 10.10.9.230
route inside 10.10.10.0 255.255.255.0 10.10.9.230
ASKER
Thanks a ton!