Cisco PIX Routing issue
HI
I have a CISCO PIX as a Primary firewall with an address of 192.168.1.254 and second firewall (netscreen) is on the same subnet of 192.168.1.250 connected to router which is connected to another country via LEASE line - where the servers are residing, with the following address - 195.168.1.100.
I can ping the 195.168.1.100 address from CISCO PIX which has a routing command -
Route Inside 195.168.1.100 255.255.255.255 192.168.1.250
However I cannot ping the 195 address from the PCs (with the gateway of the primary PX 192.168.1.254) unless I add a persistent route to the firewall 250.
I have also added the following line in the access-list of the inside interface
access-list acl_in permit tcp any host 195.168.1.100 but still cannot ping.
The tracert to 195.168.1.100 gives astrix
Can anyone suggest why the PIX is not routing the pings from PCs?
Regards
I have a CISCO PIX as a Primary firewall with an address of 192.168.1.254 and second firewall (netscreen) is on the same subnet of 192.168.1.250 connected to router which is connected to another country via LEASE line - where the servers are residing, with the following address - 195.168.1.100.
I can ping the 195.168.1.100 address from CISCO PIX which has a routing command -
Route Inside 195.168.1.100 255.255.255.255 192.168.1.250
However I cannot ping the 195 address from the PCs (with the gateway of the primary PX 192.168.1.254) unless I add a persistent route to the firewall 250.
I have also added the following line in the access-list of the inside interface
access-list acl_in permit tcp any host 195.168.1.100 but still cannot ping.
The tracert to 195.168.1.100 gives astrix
Can anyone suggest why the PIX is not routing the pings from PCs?
Regards
ASKER
HI
Well the PIX was doing that earlier with a another Netscreen Firewall and this is what the router command is supposed to do.
At the moment relying on adding persistent route to each PC is a bit risky as it can lose that information. Hence, if the PIX was also routing, it give good redundency.
Regards
Well the PIX was doing that earlier with a another Netscreen Firewall and this is what the router command is supposed to do.
At the moment relying on adding persistent route to each PC is a bit risky as it can lose that information. Hence, if the PIX was also routing, it give good redundency.
Regards
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi
Thanks for the response MAG03 -
I tried adding the command but failed. My CISCO does not accept it because it was introduced in CISCO IOS version 7.0, whereas I have 6.3.
So I am not sure what else I can do now.
regards
Thanks for the response MAG03 -
I tried adding the command but failed. My CISCO does not accept it because it was introduced in CISCO IOS version 7.0, whereas I have 6.3.
So I am not sure what else I can do now.
regards
ASKER
Hi
I had an idea. At the moment I am adding to the static routes to the local routing table, using the command -
router - p add destination .. gateway
The persistent route is kept on the machine's registry.
Is there a way to add static routes to a host file? That would give me additional assurance in case the persistent routes in the registry got corrupted or deleted.
Regards
I had an idea. At the moment I am adding to the static routes to the local routing table, using the command -
router - p add destination .. gateway
The persistent route is kept on the machine's registry.
Is there a way to add static routes to a host file? That would give me additional assurance in case the persistent routes in the registry got corrupted or deleted.
Regards
Hi,
This is not related to PIX but is related to default gateway you are assigning you can assign default gateway on PC as 195.168.1.100 instead of 192.168.1.254 as the gateway assigned not gateway but firewall IP address.Once assign 195.168.1.100 as gateway to PC and check from your end and Tracert command should give you Exclamation Marks (!!!!!!!!!!!!!!!!!!!!!!!!!
This is not related to PIX but is related to default gateway you are assigning you can assign default gateway on PC as 195.168.1.100 instead of 192.168.1.254 as the gateway assigned not gateway but firewall IP address.Once assign 195.168.1.100 as gateway to PC and check from your end and Tracert command should give you Exclamation Marks (!!!!!!!!!!!!!!!!!!!!!!!!!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Is there any reason why you want the traffic to go via the PIX and not directly to the netscreen (by using a manually or DHCP added route)?
B.t.w. I added some topics to you query to draw some more attention.