Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Cisco PIX internal interface and internal router interface

Posted on 2009-04-10
4
Medium Priority
?
392 Views
Last Modified: 2012-05-06
I have the following setup:
Internet -------------------- Cisco PIX ------- DMZ - 10.172.192.0 network
                                       /         |          
 Internal IP - 192.168.1.5     |            
                                                 | -------------Cisco Switch--Internal LAN 192.168.1.0      
                                                 |
 DR ----   Cisco Router ---------Internal  IP: 192.168.1.254

Default gateway is set to 192.168.1.254 for all clients.
The issue is to reach the DMZ, we have to set the gateway as 192.168.1.5.
What needs to be done on the firewall or the router to reach the DMZ with all the computers set for gateway of 192.168.0.254 and they can reach all the networks.
0
Comment
Question by:TopTechie
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 1500 total points
ID: 24116593
Add a route to the router:

conf t
ip route 10.172.192.0 255.255.255.0 192.168.1.5
0
 

Author Comment

by:TopTechie
ID: 24116867
Actually the route is added. I forgot to mention, the VPN users cannot access any machines unless the machines are set to 192.168.1.5 (the PIX interface). If I set it to 192.168.1.254 they don't even ping.

0
 
LVL 43

Assisted Solution

by:JFrederick29
JFrederick29 earned 1500 total points
ID: 24116887
So you still can't access the DMZ hosts?

You also need a route to the VPN pool of addresses on the router.

ip route x.x.x.0 255.255.255.0 192.168.1.5

Where x.x.x.0 is the VPN subnet.
0
 
LVL 5

Expert Comment

by:Markus Braun
ID: 24138725
if your LAN is 192.168.0.x then your default gateway needs to be on the same Network not 192.168.1.254 but rather 192.168.0.x

like Fred says, on the router you need

ip route 10.172.192.0 255.255.255.0 192.168.1.5
ip route x.x.x.0 255.255.255.0 192.168.1.5

and on the ASA you need a route back for the 192.168.0.x Network

route inside 192.168.0.0 255.255.255.0 192.168.1.254 (guessing)

0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far grea…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question