04-13-2007 07:57 PM - edited 03-03-2019 04:32 PM
I'm using version 2, no auto summary and cant get network 10.50.0.0 255.255.0.0 and network 10.70.0.0 255.255.0.0 to route with network 10.1.0.0 255.255.0.0. The routing tables are full and seem correct but windows cant file share between them but they can surf the net. When I use look@Lan some computers keep dropping off the LAN and then come back on a minute later. Any ideas what is wrong. I'm not using NAT.
04-14-2007 12:59 AM
Hi
Please send me config file and routing table.
04-16-2007 06:18 AM
04-14-2007 05:55 AM
Check the software firewalls on the hosts. Make sure they allow connections from the other subnets.
Good Luck
Scott
04-14-2007 10:03 AM
"some computers keep dropping off the LAN and then come back on a minute later" Looks like physical layer problem. Check if the Switchport/NIC is faulty by try to swap them.
04-19-2007 07:11 AM
I solved the dropping off the LAN problem by using NAT but I still cant get to one computer that uses our PIX firewall as its gateway. Everyone uses a different gateway but they all can see the computer that uses the pix as its gateway. I'm not trying to go through the PIX.
Any Ideas?? I plan on rearranging our switch configuration to solve any physical layer problems there might be but I still would like to know why I can see the inside interface of the pix but cant get to a computer inside the LAN using it as its gateway
04-19-2007 03:24 PM
PIXes by design do not allow a packet to ingress and egress on the same interface.
If a host attempts to use the PIX to redirect its traffic to another network that is routed out the same interface it the packet on the PIX will discard it.
04-19-2007 04:34 PM
In order to re-direct traffic on the same interface on the PIX/ASA you need to be running 7.2 code or later and use the following command to allow that communication.
same-security-traffic intra-interface
The best solution is to try and get things straightened out as much as possible. You can only band aid for so long before you are forced to do the right thing anyways :)
Daniel
04-19-2007 07:40 PM
Thanks for the help
I actually fixed the problem by entering routes into the actual server connected to the pix's inside interface. Now I can get to that computer with out any problem. I will try the
same-security-traffic intra-interface
command but want to know how to turn that command off if it causes havoc on the network. would it be
no same-security-traffic intra-interface?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: