×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Internet--PIX--(location1)--800-800-(location2)

Unanswered Question
May 4th, 2007
User Badges:

Have the following problem after inserting a PIX: location1 cant reach location2, and location2 cant reach the internet. RIP is default and passive. The config worked when a Win2003 did the route. A trace to location2 shows in the PIX log as missing route, however the route table exists.


Any clues?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
workorderps Mon, 05/07/2007 - 13:50
User Badges:

hmmm, no replies...

The Pix501 has a routing table to the networks, via RIP - but when doing a traceroute from a client the log says "no route to host". It's if there is no one home.


Have I locked the inside interface down too hard, or does this work just as the vpn-tunnels - where you explicitly have to allow traffic to loopback to the next hop?

Jon Marshall Mon, 05/07/2007 - 23:21
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Hi


Is the pix the default route for your client PC's then ?. So if a pc in location 1 wants to get to location 2 then the traffic first goes to the pix ?


What version of pixos are your running and what is the hardware version of your pix.


Jon

workorderps Tue, 05/08/2007 - 07:17
User Badges:

Yes it's the default route. And, yes the cliens should receive local RIP from the PIX so traffic is going the right direction.


Version of PIX is following:

CISCO SYSTEMS PIX-501

Embedded BIOS Version 4.3.200 07/31/01 15:58:22.08

Compiled by morlee

16 MB RAM

PCI Device Table.

Bus Dev Func VendID DevID Class Irq

00 00 00 1022 3000 Host Bridge

00 11 00 8086 1209 Ethernet 9

00 12 00 8086 1209 Ethernet 10

Cisco Secure PIX Firewall BIOS (4.2) #6: Mon Aug 27 15:09:54 PDT 2001

Platform PIX-501

Flash=E28F640J3 @ 0x3000000


Jon Marshall Tue, 05/08/2007 - 10:22
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Hi


Just one more question to clarify. You say that the clients should receive local RIP from pix. What do you mean by this. Do the clients have routes to location 2 or when they want to talk to location 2 does traffic go via pix (which is what your first post seems to suggest).


If traffic has to go via the pix then it loosk like it won't work from your topology as the traffic would have to go in and come out out on the same interface. You can't do this with pix v6.x. You can do this with v7.0 but unfortunately pix 501 will not run v7.0.


Can you clarify about the questions.


Jon

workorderps Tue, 05/08/2007 - 10:45
User Badges:

Does the traffic actually do a loopback ?? As I said we replaced a Windows 2003 server that had routing enabled. I don't know if the clients got the routes added or if the traffic went in and out at the same interface then.


I do however have an ASA 5505 in stock - are you saying this one would work better?

Jon Marshall Tue, 05/08/2007 - 12:49
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Hi


It depends on what routes are on your clients. Assuming your clients are running windows bring up a cmd prompt and type


"netstat -nr"


This shows you the routing table. Do your clients have a route to location 2 or do they just have a default route pointing to the pix ?


An ASA would allow traffic in and out of the same interface - it's called "hairpinning".


HTH


Jon

Actions

This Discussion