PIX and a 2811

Unanswered Question
Feb 24th, 2007

I have PIX 515 that I am trying to get to point out to the internet through a 2811.

I can get to the internet through the 2811 if I connect directly to the router, however through the PIX I'm running into some problems.

Router Details:

Internal IP:

192.168.254.2 255.255.255.0

X.X.3.252 255.255.255.240 secondary

External IP:

X.X.1.30 255.255.255.252

Firewall:

Internal IP:

192.168.254.3 255.255.255.0

External IP:

X.X.3.238 255.255.255.240

Now, I can ping the internal interface of the router from the external interface of the PIX, but I cannot get to the external interface of the router from anywhere in the PIX.

I'm pretty sure it has to be a routing issue on the PIX... but I could be very, very wrong. Any help would be greatly appreciated!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Sat, 02/24/2007 - 14:27

Hi

Could be a number of things. When you say "from anywhere in the pix" do you mean from DMZ's / internal networks ?.

If so things to check

1) Routing as you mentioned. Generally speaking you would want a default route on the pix pointing to the 2811.

2) Nat on the pix. Are you doing it or not.

3) access-lists on the pix. If you are pinging from inside the pix to the router you will need an access-list on the outside interface of your pix allowing the ping back in as icmp is not stateful.

Could you explain where you are trying to ping from and send a sanitised copy of the pix config.

HTH

Jon

Actions

This Discussion