Solved

Cisco PIX internal interface and internal router interface

Posted on 2009-04-10
4
372 Views
Last Modified: 2012-05-06
I have the following setup:
Internet -------------------- Cisco PIX ------- DMZ - 10.172.192.0 network
                                       /         |          
 Internal IP - 192.168.1.5     |            
                                                 | -------------Cisco Switch--Internal LAN 192.168.1.0      
                                                 |
 DR ----   Cisco Router ---------Internal  IP: 192.168.1.254

Default gateway is set to 192.168.1.254 for all clients.
The issue is to reach the DMZ, we have to set the gateway as 192.168.1.5.
What needs to be done on the firewall or the router to reach the DMZ with all the computers set for gateway of 192.168.0.254 and they can reach all the networks.
0
Comment
Question by:TopTechie
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 500 total points
ID: 24116593
Add a route to the router:

conf t
ip route 10.172.192.0 255.255.255.0 192.168.1.5
0
 

Author Comment

by:TopTechie
ID: 24116867
Actually the route is added. I forgot to mention, the VPN users cannot access any machines unless the machines are set to 192.168.1.5 (the PIX interface). If I set it to 192.168.1.254 they don't even ping.

0
 
LVL 43

Assisted Solution

by:JFrederick29
JFrederick29 earned 500 total points
ID: 24116887
So you still can't access the DMZ hosts?

You also need a route to the VPN pool of addresses on the router.

ip route x.x.x.0 255.255.255.0 192.168.1.5

Where x.x.x.0 is the VPN subnet.
0
 
LVL 5

Expert Comment

by:shirkan
ID: 24138725
if your LAN is 192.168.0.x then your default gateway needs to be on the same Network not 192.168.1.254 but rather 192.168.0.x

like Fred says, on the router you need

ip route 10.172.192.0 255.255.255.0 192.168.1.5
ip route x.x.x.0 255.255.255.0 192.168.1.5

and on the ASA you need a route back for the 192.168.0.x Network

route inside 192.168.0.0 255.255.255.0 192.168.1.254 (guessing)

0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
unable to set full duplex 100 on WAN interface 11 81
Server 2012 R2 Radius server and Cisco AP 7 48
Extended ping 6 31
Multicast IGMP Join Group 8 19
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question